1 /* 2 * Copyright 1999 Internet Business Solutions Ltd., Switzerland 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 * 28 */ 29 30 #include <stdint.h> 31 #include <sys/param.h> 32 33 #include <sys/socket.h> 34 #include <netinet/in_systm.h> 35 #include <netinet/in.h> 36 #include <netinet/ip.h> 37 #include <arpa/inet.h> 38 #include <sys/un.h> 39 #include <net/route.h> 40 41 #ifdef LOCALRAD 42 #include "radlib.h" 43 #include "radlib_vs.h" 44 #else 45 #include <radlib.h> 46 #include <radlib_vs.h> 47 #endif 48 49 #include <errno.h> 50 #ifndef NODES 51 #include <md5.h> 52 #endif 53 #include <stdarg.h> 54 #include <stdio.h> 55 #include <stdlib.h> 56 #include <string.h> 57 #include <sys/time.h> 58 #include <termios.h> 59 #include <unistd.h> 60 #include <netdb.h> 61 62 #include "layer.h" 63 #include "defs.h" 64 #include "log.h" 65 #include "descriptor.h" 66 #include "prompt.h" 67 #include "timer.h" 68 #include "fsm.h" 69 #include "iplist.h" 70 #include "slcompress.h" 71 #include "throughput.h" 72 #include "lqr.h" 73 #include "hdlc.h" 74 #include "mbuf.h" 75 #include "ncpaddr.h" 76 #include "ip.h" 77 #include "ipcp.h" 78 #include "ipv6cp.h" 79 #include "route.h" 80 #include "command.h" 81 #include "filter.h" 82 #include "lcp.h" 83 #include "ccp.h" 84 #include "link.h" 85 #include "mp.h" 86 #include "radius.h" 87 #include "auth.h" 88 #include "async.h" 89 #include "physical.h" 90 #include "chat.h" 91 #include "cbcp.h" 92 #include "chap.h" 93 #include "datalink.h" 94 #include "ncp.h" 95 #include "bundle.h" 96 #include "proto.h" 97 98 #ifndef NODES 99 struct mschap_response { 100 u_char ident; 101 u_char flags; 102 u_char lm_response[24]; 103 u_char nt_response[24]; 104 }; 105 106 struct mschap2_response { 107 u_char ident; 108 u_char flags; 109 u_char pchallenge[16]; 110 u_char reserved[8]; 111 u_char response[24]; 112 }; 113 114 #define AUTH_LEN 16 115 #define SALT_LEN 2 116 #endif 117 118 static const char * 119 radius_policyname(int policy) 120 { 121 switch(policy) { 122 case MPPE_POLICY_ALLOWED: 123 return "Allowed"; 124 case MPPE_POLICY_REQUIRED: 125 return "Required"; 126 } 127 return NumStr(policy, NULL, 0); 128 } 129 130 static const char * 131 radius_typesname(int types) 132 { 133 switch(types) { 134 case MPPE_TYPE_40BIT: 135 return "40 bit"; 136 case MPPE_TYPE_128BIT: 137 return "128 bit"; 138 case MPPE_TYPE_40BIT|MPPE_TYPE_128BIT: 139 return "40 or 128 bit"; 140 } 141 return NumStr(types, NULL, 0); 142 } 143 144 #ifndef NODES 145 static void 146 demangle(struct radius *r, const void *mangled, size_t mlen, 147 char **buf, size_t *len) 148 { 149 char R[AUTH_LEN]; /* variable names as per rfc2548 */ 150 const char *S; 151 u_char b[16]; 152 const u_char *A, *C; 153 MD5_CTX Context; 154 int Slen, i, Clen, Ppos; 155 u_char *P; 156 157 if (mlen % 16 != SALT_LEN) { 158 log_Printf(LogWARN, "Cannot interpret mangled data of length %ld\n", 159 (u_long)mlen); 160 *buf = NULL; 161 *len = 0; 162 return; 163 } 164 165 /* We need the RADIUS Request-Authenticator */ 166 if (rad_request_authenticator(r->cx.rad, R, sizeof R) != AUTH_LEN) { 167 log_Printf(LogWARN, "Cannot obtain the RADIUS request authenticator\n"); 168 *buf = NULL; 169 *len = 0; 170 return; 171 } 172 173 A = (const u_char *)mangled; /* Salt comes first */ 174 C = (const u_char *)mangled + SALT_LEN; /* Then the ciphertext */ 175 Clen = mlen - SALT_LEN; 176 S = rad_server_secret(r->cx.rad); /* We need the RADIUS secret */ 177 Slen = strlen(S); 178 P = alloca(Clen); /* We derive our plaintext */ 179 180 MD5Init(&Context); 181 MD5Update(&Context, S, Slen); 182 MD5Update(&Context, R, AUTH_LEN); 183 MD5Update(&Context, A, SALT_LEN); 184 MD5Final(b, &Context); 185 Ppos = 0; 186 187 while (Clen) { 188 Clen -= 16; 189 190 for (i = 0; i < 16; i++) 191 P[Ppos++] = C[i] ^ b[i]; 192 193 if (Clen) { 194 MD5Init(&Context); 195 MD5Update(&Context, S, Slen); 196 MD5Update(&Context, C, 16); 197 MD5Final(b, &Context); 198 } 199 200 C += 16; 201 } 202 203 /* 204 * The resulting plain text consists of a one-byte length, the text and 205 * maybe some padding. 206 */ 207 *len = *P; 208 if (*len > mlen - 1) { 209 log_Printf(LogWARN, "Mangled data seems to be garbage\n"); 210 *buf = NULL; 211 *len = 0; 212 return; 213 } 214 215 if ((*buf = malloc(*len)) == NULL) { 216 log_Printf(LogWARN, "demangle: Out of memory (%lu bytes)\n", (u_long)*len); 217 *len = 0; 218 } else 219 memcpy(*buf, P + 1, *len); 220 } 221 #endif 222 223 /* XXX: This should go into librarius. */ 224 #ifndef NOINET6 225 static uint8_t * 226 rad_cvt_ipv6prefix(const void *data, size_t len) 227 { 228 const size_t ipv6len = sizeof(struct in6_addr) + 2; 229 uint8_t *s; 230 231 if (len > ipv6len) 232 return NULL; 233 s = malloc(ipv6len); 234 if (s != NULL) { 235 memset(s, 0, ipv6len); 236 memcpy(s, data, len); 237 } 238 return s; 239 } 240 #endif 241 242 /* 243 * rad_continue_send_request() has given us `got' (non-zero). Deal with it. 244 */ 245 static void 246 radius_Process(struct radius *r, int got) 247 { 248 char *argv[MAXARGS], *nuke; 249 struct bundle *bundle; 250 int argc, addrs, res, width; 251 size_t len; 252 struct ncprange dest; 253 struct ncpaddr gw; 254 const void *data; 255 const char *stype; 256 u_int32_t ipaddr, vendor; 257 struct in_addr ip; 258 #ifndef NOINET6 259 uint8_t ipv6addr[INET6_ADDRSTRLEN]; 260 struct in6_addr ip6; 261 #endif 262 263 r->cx.fd = -1; /* Stop select()ing */ 264 stype = r->cx.auth ? "auth" : "acct"; 265 266 switch (got) { 267 case RAD_ACCESS_ACCEPT: 268 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 269 "Radius(%s): ACCEPT received\n", stype); 270 if (!r->cx.auth) { 271 rad_close(r->cx.rad); 272 return; 273 } 274 break; 275 276 case RAD_ACCESS_REJECT: 277 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 278 "Radius(%s): REJECT received\n", stype); 279 if (!r->cx.auth) { 280 rad_close(r->cx.rad); 281 return; 282 } 283 break; 284 285 case RAD_ACCESS_CHALLENGE: 286 /* we can't deal with this (for now) ! */ 287 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 288 "Radius: CHALLENGE received (can't handle yet)\n"); 289 if (r->cx.auth) 290 auth_Failure(r->cx.auth); 291 rad_close(r->cx.rad); 292 return; 293 294 case RAD_ACCOUNTING_RESPONSE: 295 /* 296 * It's probably not ideal to log this at PHASE level as we'll see 297 * too much stuff going to the log when ``set rad_alive'' is used. 298 * So we differ from older behaviour (ppp version 3.1 and before) 299 * and just log accounting responses to LogRADIUS. 300 */ 301 log_Printf(LogRADIUS, "Radius(%s): Accounting response received\n", 302 stype); 303 if (r->cx.auth) 304 auth_Failure(r->cx.auth); /* unexpected !!! */ 305 306 /* No further processing for accounting requests, please */ 307 rad_close(r->cx.rad); 308 return; 309 310 case -1: 311 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 312 "radius(%s): %s\n", stype, rad_strerror(r->cx.rad)); 313 if (r->cx.auth) 314 auth_Failure(r->cx.auth); 315 rad_close(r->cx.rad); 316 return; 317 318 default: 319 log_Printf(LogERROR, "rad_send_request(%s): Failed %d: %s\n", stype, 320 got, rad_strerror(r->cx.rad)); 321 if (r->cx.auth) 322 auth_Failure(r->cx.auth); 323 rad_close(r->cx.rad); 324 return; 325 } 326 327 /* Let's see what we've got in our reply */ 328 r->ip.s_addr = r->mask.s_addr = INADDR_NONE; 329 r->mtu = 0; 330 r->vj = 0; 331 while ((res = rad_get_attr(r->cx.rad, &data, &len)) > 0) { 332 switch (res) { 333 case RAD_FRAMED_IP_ADDRESS: 334 r->ip = rad_cvt_addr(data); 335 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 336 " IP %s\n", inet_ntoa(r->ip)); 337 break; 338 339 case RAD_FILTER_ID: 340 free(r->filterid); 341 if ((r->filterid = rad_cvt_string(data, len)) == NULL) { 342 log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad)); 343 auth_Failure(r->cx.auth); 344 rad_close(r->cx.rad); 345 return; 346 } 347 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 348 " Filter \"%s\"\n", r->filterid); 349 break; 350 351 case RAD_SESSION_TIMEOUT: 352 r->sessiontime = rad_cvt_int(data); 353 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 354 " Session-Timeout %lu\n", r->sessiontime); 355 break; 356 357 case RAD_FRAMED_IP_NETMASK: 358 r->mask = rad_cvt_addr(data); 359 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 360 " Netmask %s\n", inet_ntoa(r->mask)); 361 break; 362 363 case RAD_FRAMED_MTU: 364 r->mtu = rad_cvt_int(data); 365 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 366 " MTU %lu\n", r->mtu); 367 break; 368 369 case RAD_FRAMED_ROUTING: 370 /* Disabled for now - should we automatically set up some filters ? */ 371 /* rad_cvt_int(data); */ 372 /* bit 1 = Send routing packets */ 373 /* bit 2 = Receive routing packets */ 374 break; 375 376 case RAD_FRAMED_COMPRESSION: 377 r->vj = rad_cvt_int(data) == 1 ? 1 : 0; 378 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 379 " VJ %sabled\n", r->vj ? "en" : "dis"); 380 break; 381 382 case RAD_FRAMED_ROUTE: 383 /* 384 * We expect a string of the format ``dest[/bits] gw [metrics]'' 385 * Any specified metrics are ignored. MYADDR and HISADDR are 386 * understood for ``dest'' and ``gw'' and ``0.0.0.0'' is the same 387 * as ``HISADDR''. 388 */ 389 390 if ((nuke = rad_cvt_string(data, len)) == NULL) { 391 log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad)); 392 auth_Failure(r->cx.auth); 393 rad_close(r->cx.rad); 394 return; 395 } 396 397 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 398 " Route: %s\n", nuke); 399 bundle = r->cx.auth->physical->dl->bundle; 400 ip.s_addr = INADDR_ANY; 401 ncpaddr_setip4(&gw, ip); 402 ncprange_setip4host(&dest, ip); 403 argc = command_Interpret(nuke, strlen(nuke), argv); 404 if (argc < 0) 405 log_Printf(LogWARN, "radius: %s: Syntax error\n", 406 argc == 1 ? argv[0] : "\"\""); 407 else if (argc < 2) 408 log_Printf(LogWARN, "radius: %s: Invalid route\n", 409 argc == 1 ? argv[0] : "\"\""); 410 else if ((strcasecmp(argv[0], "default") != 0 && 411 !ncprange_aton(&dest, &bundle->ncp, argv[0])) || 412 !ncpaddr_aton(&gw, &bundle->ncp, argv[1])) 413 log_Printf(LogWARN, "radius: %s %s: Invalid route\n", 414 argv[0], argv[1]); 415 else { 416 ncprange_getwidth(&dest, &width); 417 if (width == 32 && strchr(argv[0], '/') == NULL) { 418 /* No mask specified - use the natural mask */ 419 ncprange_getip4addr(&dest, &ip); 420 ncprange_setip4mask(&dest, addr2mask(ip)); 421 } 422 addrs = 0; 423 424 if (!strncasecmp(argv[0], "HISADDR", 7)) 425 addrs = ROUTE_DSTHISADDR; 426 else if (!strncasecmp(argv[0], "MYADDR", 6)) 427 addrs = ROUTE_DSTMYADDR; 428 429 if (ncpaddr_getip4addr(&gw, &ipaddr) && ipaddr == INADDR_ANY) { 430 addrs |= ROUTE_GWHISADDR; 431 ncpaddr_setip4(&gw, bundle->ncp.ipcp.peer_ip); 432 } else if (strcasecmp(argv[1], "HISADDR") == 0) 433 addrs |= ROUTE_GWHISADDR; 434 435 route_Add(&r->routes, addrs, &dest, &gw); 436 } 437 free(nuke); 438 break; 439 440 case RAD_REPLY_MESSAGE: 441 free(r->repstr); 442 if ((r->repstr = rad_cvt_string(data, len)) == NULL) { 443 log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad)); 444 auth_Failure(r->cx.auth); 445 rad_close(r->cx.rad); 446 return; 447 } 448 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 449 " Reply-Message \"%s\"\n", r->repstr); 450 break; 451 452 #ifndef NOINET6 453 case RAD_FRAMED_IPV6_PREFIX: 454 free(r->ipv6prefix); 455 r->ipv6prefix = rad_cvt_ipv6prefix(data, len); 456 inet_ntop(AF_INET6, &r->ipv6prefix[2], ipv6addr, sizeof(ipv6addr)); 457 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 458 " IPv6 %s/%d\n", ipv6addr, r->ipv6prefix[1]); 459 break; 460 461 case RAD_FRAMED_IPV6_ROUTE: 462 /* 463 * We expect a string of the format ``dest[/bits] gw [metrics]'' 464 * Any specified metrics are ignored. MYADDR6 and HISADDR6 are 465 * understood for ``dest'' and ``gw'' and ``::'' is the same 466 * as ``HISADDR6''. 467 */ 468 469 if ((nuke = rad_cvt_string(data, len)) == NULL) { 470 log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad)); 471 auth_Failure(r->cx.auth); 472 rad_close(r->cx.rad); 473 return; 474 } 475 476 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 477 " IPv6 Route: %s\n", nuke); 478 bundle = r->cx.auth->physical->dl->bundle; 479 ncpaddr_setip6(&gw, &in6addr_any); 480 ncprange_set(&dest, &gw, 0); 481 argc = command_Interpret(nuke, strlen(nuke), argv); 482 if (argc < 0) 483 log_Printf(LogWARN, "radius: %s: Syntax error\n", 484 argc == 1 ? argv[0] : "\"\""); 485 else if (argc < 2) 486 log_Printf(LogWARN, "radius: %s: Invalid route\n", 487 argc == 1 ? argv[0] : "\"\""); 488 else if ((strcasecmp(argv[0], "default") != 0 && 489 !ncprange_aton(&dest, &bundle->ncp, argv[0])) || 490 !ncpaddr_aton(&gw, &bundle->ncp, argv[1])) 491 log_Printf(LogWARN, "radius: %s %s: Invalid route\n", 492 argv[0], argv[1]); 493 else { 494 addrs = 0; 495 496 if (!strncasecmp(argv[0], "HISADDR6", 8)) 497 addrs = ROUTE_DSTHISADDR6; 498 else if (!strncasecmp(argv[0], "MYADDR6", 7)) 499 addrs = ROUTE_DSTMYADDR6; 500 501 if (ncpaddr_getip6(&gw, &ip6) && IN6_IS_ADDR_UNSPECIFIED(&ip6)) { 502 addrs |= ROUTE_GWHISADDR6; 503 ncpaddr_copy(&gw, &bundle->ncp.ipv6cp.hisaddr); 504 } else if (strcasecmp(argv[1], "HISADDR6") == 0) 505 addrs |= ROUTE_GWHISADDR6; 506 507 route_Add(&r->ipv6routes, addrs, &dest, &gw); 508 } 509 free(nuke); 510 break; 511 #endif 512 513 case RAD_VENDOR_SPECIFIC: 514 if ((res = rad_get_vendor_attr(&vendor, &data, &len)) <= 0) { 515 log_Printf(LogERROR, "rad_get_vendor_attr: %s (failing!)\n", 516 rad_strerror(r->cx.rad)); 517 auth_Failure(r->cx.auth); 518 rad_close(r->cx.rad); 519 return; 520 } 521 522 switch (vendor) { 523 case RAD_VENDOR_MICROSOFT: 524 switch (res) { 525 #ifndef NODES 526 case RAD_MICROSOFT_MS_CHAP_ERROR: 527 free(r->errstr); 528 if (len == 0) 529 r->errstr = NULL; 530 else { 531 if (len < 3 || ((const char *)data)[1] != '=') { 532 /* 533 * Only point at the String field if we don't think the 534 * peer has misformatted the response. 535 */ 536 data = (const char *)data + 1; 537 len--; 538 } else 539 log_Printf(LogWARN, "Warning: The MS-CHAP-Error " 540 "attribute is mis-formatted. Compensating\n"); 541 if ((r->errstr = rad_cvt_string((const char *)data, 542 len)) == NULL) { 543 log_Printf(LogERROR, "rad_cvt_string: %s\n", 544 rad_strerror(r->cx.rad)); 545 auth_Failure(r->cx.auth); 546 rad_close(r->cx.rad); 547 return; 548 } 549 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 550 " MS-CHAP-Error \"%s\"\n", r->errstr); 551 } 552 break; 553 554 case RAD_MICROSOFT_MS_CHAP2_SUCCESS: 555 free(r->msrepstr); 556 if (len == 0) 557 r->msrepstr = NULL; 558 else { 559 if (len < 3 || ((const char *)data)[1] != '=') { 560 /* 561 * Only point at the String field if we don't think the 562 * peer has misformatted the response. 563 */ 564 data = (const char *)data + 1; 565 len--; 566 } else 567 log_Printf(LogWARN, "Warning: The MS-CHAP2-Success " 568 "attribute is mis-formatted. Compensating\n"); 569 if ((r->msrepstr = rad_cvt_string((const char *)data, 570 len)) == NULL) { 571 log_Printf(LogERROR, "rad_cvt_string: %s\n", 572 rad_strerror(r->cx.rad)); 573 auth_Failure(r->cx.auth); 574 rad_close(r->cx.rad); 575 return; 576 } 577 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 578 " MS-CHAP2-Success \"%s\"\n", r->msrepstr); 579 } 580 break; 581 582 case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY: 583 r->mppe.policy = rad_cvt_int(data); 584 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 585 " MS-MPPE-Encryption-Policy %s\n", 586 radius_policyname(r->mppe.policy)); 587 break; 588 589 case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: 590 r->mppe.types = rad_cvt_int(data); 591 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 592 " MS-MPPE-Encryption-Types %s\n", 593 radius_typesname(r->mppe.types)); 594 break; 595 596 case RAD_MICROSOFT_MS_MPPE_RECV_KEY: 597 free(r->mppe.recvkey); 598 demangle(r, data, len, &r->mppe.recvkey, &r->mppe.recvkeylen); 599 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 600 " MS-MPPE-Recv-Key ********\n"); 601 break; 602 603 case RAD_MICROSOFT_MS_MPPE_SEND_KEY: 604 demangle(r, data, len, &r->mppe.sendkey, &r->mppe.sendkeylen); 605 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 606 " MS-MPPE-Send-Key ********\n"); 607 break; 608 #endif 609 610 default: 611 log_Printf(LogDEBUG, "Dropping MICROSOFT vendor specific " 612 "RADIUS attribute %d\n", res); 613 break; 614 } 615 break; 616 617 default: 618 log_Printf(LogDEBUG, "Dropping vendor %lu RADIUS attribute %d\n", 619 (unsigned long)vendor, res); 620 break; 621 } 622 break; 623 624 default: 625 log_Printf(LogDEBUG, "Dropping RADIUS attribute %d\n", res); 626 break; 627 } 628 } 629 630 if (res == -1) { 631 log_Printf(LogERROR, "rad_get_attr: %s (failing!)\n", 632 rad_strerror(r->cx.rad)); 633 auth_Failure(r->cx.auth); 634 } else if (got == RAD_ACCESS_REJECT) 635 auth_Failure(r->cx.auth); 636 else { 637 r->valid = 1; 638 auth_Success(r->cx.auth); 639 } 640 rad_close(r->cx.rad); 641 } 642 643 /* 644 * We've either timed out or select()ed on the read descriptor 645 */ 646 static void 647 radius_Continue(struct radius *r, int sel) 648 { 649 struct timeval tv; 650 int got; 651 652 timer_Stop(&r->cx.timer); 653 if ((got = rad_continue_send_request(r->cx.rad, sel, &r->cx.fd, &tv)) == 0) { 654 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 655 "Radius: Request re-sent\n"); 656 r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS; 657 timer_Start(&r->cx.timer); 658 return; 659 } 660 661 radius_Process(r, got); 662 } 663 664 /* 665 * Time to call rad_continue_send_request() - timed out. 666 */ 667 static void 668 radius_Timeout(void *v) 669 { 670 radius_Continue((struct radius *)v, 0); 671 } 672 673 /* 674 * Time to call rad_continue_send_request() - something to read. 675 */ 676 static void 677 radius_Read(struct fdescriptor *d, struct bundle *bundle __unused, 678 const fd_set *fdset __unused) 679 { 680 radius_Continue(descriptor2radius(d), 1); 681 } 682 683 /* 684 * Behave as a struct fdescriptor (descriptor.h) 685 */ 686 static int 687 radius_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w __unused, 688 fd_set *e __unused, int *n) 689 { 690 struct radius *rad = descriptor2radius(d); 691 692 if (r && rad->cx.fd != -1) { 693 FD_SET(rad->cx.fd, r); 694 if (*n < rad->cx.fd + 1) 695 *n = rad->cx.fd + 1; 696 log_Printf(LogTIMER, "Radius: fdset(r) %d\n", rad->cx.fd); 697 return 1; 698 } 699 700 return 0; 701 } 702 703 /* 704 * Behave as a struct fdescriptor (descriptor.h) 705 */ 706 static int 707 radius_IsSet(struct fdescriptor *d, const fd_set *fdset) 708 { 709 struct radius *r = descriptor2radius(d); 710 711 return r && r->cx.fd != -1 && FD_ISSET(r->cx.fd, fdset); 712 } 713 714 /* 715 * Behave as a struct fdescriptor (descriptor.h) 716 */ 717 static int 718 radius_Write(struct fdescriptor *d __unused, struct bundle *bundle __unused, 719 const fd_set *fdset __unused) 720 { 721 /* We never want to write here ! */ 722 log_Printf(LogALERT, "radius_Write: Internal error: Bad call !\n"); 723 return 0; 724 } 725 726 /* 727 * Initialise ourselves 728 */ 729 void 730 radius_Init(struct radius *r) 731 { 732 r->desc.type = RADIUS_DESCRIPTOR; 733 r->desc.UpdateSet = radius_UpdateSet; 734 r->desc.IsSet = radius_IsSet; 735 r->desc.Read = radius_Read; 736 r->desc.Write = radius_Write; 737 r->cx.fd = -1; 738 r->cx.rad = NULL; 739 memset(&r->cx.timer, '\0', sizeof r->cx.timer); 740 r->cx.auth = NULL; 741 r->valid = 0; 742 r->vj = 0; 743 r->ip.s_addr = INADDR_ANY; 744 r->mask.s_addr = INADDR_NONE; 745 r->routes = NULL; 746 r->mtu = DEF_MTU; 747 r->msrepstr = NULL; 748 r->repstr = NULL; 749 #ifndef NOINET6 750 r->ipv6prefix = NULL; 751 r->ipv6routes = NULL; 752 #endif 753 r->errstr = NULL; 754 r->mppe.policy = 0; 755 r->mppe.types = 0; 756 r->mppe.recvkey = NULL; 757 r->mppe.recvkeylen = 0; 758 r->mppe.sendkey = NULL; 759 r->mppe.sendkeylen = 0; 760 *r->cfg.file = '\0';; 761 log_Printf(LogDEBUG, "Radius: radius_Init\n"); 762 } 763 764 /* 765 * Forget everything and go back to initialised state. 766 */ 767 void 768 radius_Destroy(struct radius *r) 769 { 770 r->valid = 0; 771 log_Printf(LogDEBUG, "Radius: radius_Destroy\n"); 772 timer_Stop(&r->cx.timer); 773 route_DeleteAll(&r->routes); 774 #ifndef NOINET6 775 route_DeleteAll(&r->ipv6routes); 776 #endif 777 free(r->filterid); 778 r->filterid = NULL; 779 free(r->msrepstr); 780 r->msrepstr = NULL; 781 free(r->repstr); 782 r->repstr = NULL; 783 #ifndef NOINET6 784 free(r->ipv6prefix); 785 r->ipv6prefix = NULL; 786 #endif 787 free(r->errstr); 788 r->errstr = NULL; 789 free(r->mppe.recvkey); 790 r->mppe.recvkey = NULL; 791 r->mppe.recvkeylen = 0; 792 free(r->mppe.sendkey); 793 r->mppe.sendkey = NULL; 794 r->mppe.sendkeylen = 0; 795 if (r->cx.fd != -1) { 796 r->cx.fd = -1; 797 rad_close(r->cx.rad); 798 } 799 } 800 801 static int 802 radius_put_physical_details(struct rad_handle *rad, struct physical *p) 803 { 804 int slot, type; 805 806 type = RAD_VIRTUAL; 807 if (p->handler) 808 switch (p->handler->type) { 809 case I4B_DEVICE: 810 type = RAD_ISDN_SYNC; 811 break; 812 813 case TTY_DEVICE: 814 type = RAD_ASYNC; 815 break; 816 817 case ETHER_DEVICE: 818 type = RAD_ETHERNET; 819 break; 820 821 case TCP_DEVICE: 822 case UDP_DEVICE: 823 case EXEC_DEVICE: 824 case ATM_DEVICE: 825 case NG_DEVICE: 826 type = RAD_VIRTUAL; 827 break; 828 } 829 830 if (rad_put_int(rad, RAD_NAS_PORT_TYPE, type) != 0) { 831 log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad)); 832 rad_close(rad); 833 return 0; 834 } 835 836 if ((slot = physical_Slot(p)) >= 0) 837 if (rad_put_int(rad, RAD_NAS_PORT, slot) != 0) { 838 log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad)); 839 rad_close(rad); 840 return 0; 841 } 842 843 return 1; 844 } 845 846 /* 847 * Start an authentication request to the RADIUS server. 848 */ 849 int 850 radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, 851 const char *key, int klen, const char *nchallenge, 852 int nclen) 853 { 854 char hostname[MAXHOSTNAMELEN]; 855 struct timeval tv; 856 const char *what = "questionable"; /* silence warnings! */ 857 char *mac_addr; 858 int got; 859 struct hostent *hp; 860 struct in_addr hostaddr; 861 #ifndef NODES 862 struct mschap_response msresp; 863 struct mschap2_response msresp2; 864 const struct MSCHAPv2_resp *keyv2; 865 #endif 866 867 if (!*r->cfg.file) 868 return 0; 869 870 if (r->cx.fd != -1) 871 /* 872 * We assume that our name/key/challenge is the same as last time, 873 * and just continue to wait for the RADIUS server(s). 874 */ 875 return 1; 876 877 radius_Destroy(r); 878 879 if ((r->cx.rad = rad_auth_open()) == NULL) { 880 log_Printf(LogERROR, "rad_auth_open: %s\n", strerror(errno)); 881 return 0; 882 } 883 884 if (rad_config(r->cx.rad, r->cfg.file) != 0) { 885 log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(r->cx.rad)); 886 rad_close(r->cx.rad); 887 return 0; 888 } 889 890 if (rad_create_request(r->cx.rad, RAD_ACCESS_REQUEST) != 0) { 891 log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(r->cx.rad)); 892 rad_close(r->cx.rad); 893 return 0; 894 } 895 896 if (rad_put_string(r->cx.rad, RAD_USER_NAME, name) != 0 || 897 rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 || 898 rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) { 899 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad)); 900 rad_close(r->cx.rad); 901 return 0; 902 } 903 904 switch (authp->physical->link.lcp.want_auth) { 905 case PROTO_PAP: 906 /* We're talking PAP */ 907 if (rad_put_attr(r->cx.rad, RAD_USER_PASSWORD, key, klen) != 0) { 908 log_Printf(LogERROR, "PAP: rad_put_string: %s\n", 909 rad_strerror(r->cx.rad)); 910 rad_close(r->cx.rad); 911 return 0; 912 } 913 what = "PAP"; 914 break; 915 916 case PROTO_CHAP: 917 switch (authp->physical->link.lcp.want_authtype) { 918 case 0x5: 919 if (rad_put_attr(r->cx.rad, RAD_CHAP_PASSWORD, key, klen) != 0 || 920 rad_put_attr(r->cx.rad, RAD_CHAP_CHALLENGE, nchallenge, nclen) != 0) { 921 log_Printf(LogERROR, "CHAP: rad_put_string: %s\n", 922 rad_strerror(r->cx.rad)); 923 rad_close(r->cx.rad); 924 return 0; 925 } 926 what = "CHAP"; 927 break; 928 929 #ifndef NODES 930 case 0x80: 931 if (klen != 50) { 932 log_Printf(LogERROR, "CHAP80: Unrecognised key length %d\n", klen); 933 rad_close(r->cx.rad); 934 return 0; 935 } 936 937 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT, 938 RAD_MICROSOFT_MS_CHAP_CHALLENGE, nchallenge, nclen); 939 msresp.ident = *key; 940 msresp.flags = 0x01; 941 memcpy(msresp.lm_response, key + 1, 24); 942 memcpy(msresp.nt_response, key + 25, 24); 943 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT, 944 RAD_MICROSOFT_MS_CHAP_RESPONSE, &msresp, 945 sizeof msresp); 946 what = "MSCHAP"; 947 break; 948 949 case 0x81: 950 if (klen != sizeof(*keyv2) + 1) { 951 log_Printf(LogERROR, "CHAP81: Unrecognised key length %d\n", klen); 952 rad_close(r->cx.rad); 953 return 0; 954 } 955 956 keyv2 = (const struct MSCHAPv2_resp *)(key + 1); 957 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT, 958 RAD_MICROSOFT_MS_CHAP_CHALLENGE, nchallenge, nclen); 959 msresp2.ident = *key; 960 msresp2.flags = keyv2->Flags; 961 memcpy(msresp2.response, keyv2->NTResponse, sizeof msresp2.response); 962 memset(msresp2.reserved, '\0', sizeof msresp2.reserved); 963 memcpy(msresp2.pchallenge, keyv2->PeerChallenge, 964 sizeof msresp2.pchallenge); 965 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT, 966 RAD_MICROSOFT_MS_CHAP2_RESPONSE, &msresp2, 967 sizeof msresp2); 968 what = "MSCHAPv2"; 969 break; 970 #endif 971 default: 972 log_Printf(LogERROR, "CHAP: Unrecognised type 0x%02x\n", 973 authp->physical->link.lcp.want_authtype); 974 rad_close(r->cx.rad); 975 return 0; 976 } 977 } 978 979 if (gethostname(hostname, sizeof hostname) != 0) 980 log_Printf(LogERROR, "rad_put: gethostname(): %s\n", strerror(errno)); 981 else { 982 if (Enabled(authp->physical->dl->bundle, OPT_NAS_IP_ADDRESS) && 983 (hp = gethostbyname(hostname)) != NULL) { 984 hostaddr.s_addr = *(u_long *)hp->h_addr; 985 if (rad_put_addr(r->cx.rad, RAD_NAS_IP_ADDRESS, hostaddr) != 0) { 986 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n", 987 rad_strerror(r->cx.rad)); 988 rad_close(r->cx.rad); 989 return 0; 990 } 991 } 992 if (Enabled(authp->physical->dl->bundle, OPT_NAS_IDENTIFIER) && 993 rad_put_string(r->cx.rad, RAD_NAS_IDENTIFIER, hostname) != 0) { 994 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n", 995 rad_strerror(r->cx.rad)); 996 rad_close(r->cx.rad); 997 return 0; 998 } 999 } 1000 1001 if ((mac_addr = getenv("HISMACADDR")) != NULL && 1002 rad_put_string(r->cx.rad, RAD_CALLING_STATION_ID, mac_addr) != 0) { 1003 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad)); 1004 rad_close(r->cx.rad); 1005 return 0; 1006 } 1007 1008 radius_put_physical_details(r->cx.rad, authp->physical); 1009 1010 log_Printf(LogRADIUS, "Radius(auth): %s data sent for %s\n", what, name); 1011 1012 r->cx.auth = authp; 1013 if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv))) 1014 radius_Process(r, got); 1015 else { 1016 log_Printf(log_IsKept(LogRADIUS) ? LogRADIUS : LogPHASE, 1017 "Radius: Request sent\n"); 1018 log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout); 1019 r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS; 1020 r->cx.timer.func = radius_Timeout; 1021 r->cx.timer.name = "radius auth"; 1022 r->cx.timer.arg = r; 1023 timer_Start(&r->cx.timer); 1024 } 1025 1026 return 1; 1027 } 1028 1029 /* Fetch IP, netmask from IPCP */ 1030 void 1031 radius_Account_Set_Ip(struct radacct *ac, struct in_addr *peer_ip, 1032 struct in_addr *netmask) 1033 { 1034 ac->proto = PROTO_IPCP; 1035 memcpy(&ac->peer.ip.addr, peer_ip, sizeof(ac->peer.ip.addr)); 1036 memcpy(&ac->peer.ip.mask, netmask, sizeof(ac->peer.ip.mask)); 1037 } 1038 1039 #ifndef NOINET6 1040 /* Fetch interface-id from IPV6CP */ 1041 void 1042 radius_Account_Set_Ipv6(struct radacct *ac, u_char *ifid) 1043 { 1044 ac->proto = PROTO_IPV6CP; 1045 memcpy(&ac->peer.ipv6.ifid, ifid, sizeof(ac->peer.ipv6.ifid)); 1046 } 1047 #endif 1048 1049 /* 1050 * Send an accounting request to the RADIUS server 1051 */ 1052 void 1053 radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl, 1054 int acct_type, struct pppThroughput *stats) 1055 { 1056 struct timeval tv; 1057 int got; 1058 char hostname[MAXHOSTNAMELEN]; 1059 char *mac_addr; 1060 struct hostent *hp; 1061 struct in_addr hostaddr; 1062 1063 if (!*r->cfg.file) 1064 return; 1065 1066 if (r->cx.fd != -1) 1067 /* 1068 * We assume that our name/key/challenge is the same as last time, 1069 * and just continue to wait for the RADIUS server(s). 1070 */ 1071 return; 1072 1073 timer_Stop(&r->cx.timer); 1074 1075 if ((r->cx.rad = rad_acct_open()) == NULL) { 1076 log_Printf(LogERROR, "rad_auth_open: %s\n", strerror(errno)); 1077 return; 1078 } 1079 1080 if (rad_config(r->cx.rad, r->cfg.file) != 0) { 1081 log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(r->cx.rad)); 1082 rad_close(r->cx.rad); 1083 return; 1084 } 1085 1086 if (rad_create_request(r->cx.rad, RAD_ACCOUNTING_REQUEST) != 0) { 1087 log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(r->cx.rad)); 1088 rad_close(r->cx.rad); 1089 return; 1090 } 1091 1092 /* Grab some accounting data and initialize structure */ 1093 if (acct_type == RAD_START) { 1094 ac->rad_parent = r; 1095 /* Fetch username from datalink */ 1096 strncpy(ac->user_name, dl->peer.authname, sizeof ac->user_name); 1097 ac->user_name[AUTHLEN-1] = '\0'; 1098 1099 ac->authentic = 2; /* Assume RADIUS verified auth data */ 1100 1101 /* Generate a session ID */ 1102 snprintf(ac->session_id, sizeof ac->session_id, "%s%ld-%s%lu", 1103 dl->bundle->cfg.auth.name, (long)getpid(), 1104 dl->peer.authname, (unsigned long)stats->uptime); 1105 1106 /* And grab our MP socket name */ 1107 snprintf(ac->multi_session_id, sizeof ac->multi_session_id, "%s", 1108 dl->bundle->ncp.mp.active ? 1109 dl->bundle->ncp.mp.server.socket.sun_path : ""); 1110 }; 1111 1112 if (rad_put_string(r->cx.rad, RAD_USER_NAME, ac->user_name) != 0 || 1113 rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 || 1114 rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) { 1115 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad)); 1116 rad_close(r->cx.rad); 1117 return; 1118 } 1119 switch (ac->proto) { 1120 case PROTO_IPCP: 1121 if (rad_put_addr(r->cx.rad, RAD_FRAMED_IP_ADDRESS, 1122 ac->peer.ip.addr) != 0 || 1123 rad_put_addr(r->cx.rad, RAD_FRAMED_IP_NETMASK, 1124 ac->peer.ip.mask) != 0) { 1125 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad)); 1126 rad_close(r->cx.rad); 1127 return; 1128 } 1129 break; 1130 #ifndef NOINET6 1131 case PROTO_IPV6CP: 1132 if (rad_put_attr(r->cx.rad, RAD_FRAMED_INTERFACE_ID, ac->peer.ipv6.ifid, 1133 sizeof(ac->peer.ipv6.ifid)) != 0) { 1134 log_Printf(LogERROR, "rad_put_attr: %s\n", rad_strerror(r->cx.rad)); 1135 rad_close(r->cx.rad); 1136 return; 1137 } 1138 if (r->ipv6prefix) { 1139 /* 1140 * Since PPP doesn't delegate an IPv6 prefix to a peer, 1141 * Framed-IPv6-Prefix may be not used, actually. 1142 */ 1143 if (rad_put_attr(r->cx.rad, RAD_FRAMED_IPV6_PREFIX, r->ipv6prefix, 1144 sizeof(struct in6_addr) + 2) != 0) { 1145 log_Printf(LogERROR, "rad_put_attr: %s\n", rad_strerror(r->cx.rad)); 1146 rad_close(r->cx.rad); 1147 return; 1148 } 1149 } 1150 break; 1151 #endif 1152 default: 1153 /* We don't log any protocol specific information */ 1154 break; 1155 } 1156 1157 if ((mac_addr = getenv("HISMACADDR")) != NULL && 1158 rad_put_string(r->cx.rad, RAD_CALLING_STATION_ID, mac_addr) != 0) { 1159 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad)); 1160 rad_close(r->cx.rad); 1161 return; 1162 } 1163 1164 if (gethostname(hostname, sizeof hostname) != 0) 1165 log_Printf(LogERROR, "rad_put: gethostname(): %s\n", strerror(errno)); 1166 else { 1167 if (Enabled(dl->bundle, OPT_NAS_IP_ADDRESS) && 1168 (hp = gethostbyname(hostname)) != NULL) { 1169 hostaddr.s_addr = *(u_long *)hp->h_addr; 1170 if (rad_put_addr(r->cx.rad, RAD_NAS_IP_ADDRESS, hostaddr) != 0) { 1171 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n", 1172 rad_strerror(r->cx.rad)); 1173 rad_close(r->cx.rad); 1174 return; 1175 } 1176 } 1177 if (Enabled(dl->bundle, OPT_NAS_IDENTIFIER) && 1178 rad_put_string(r->cx.rad, RAD_NAS_IDENTIFIER, hostname) != 0) { 1179 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n", 1180 rad_strerror(r->cx.rad)); 1181 rad_close(r->cx.rad); 1182 return; 1183 } 1184 } 1185 1186 radius_put_physical_details(r->cx.rad, dl->physical); 1187 1188 if (rad_put_int(r->cx.rad, RAD_ACCT_STATUS_TYPE, acct_type) != 0 || 1189 rad_put_string(r->cx.rad, RAD_ACCT_SESSION_ID, ac->session_id) != 0 || 1190 rad_put_string(r->cx.rad, RAD_ACCT_MULTI_SESSION_ID, 1191 ac->multi_session_id) != 0 || 1192 rad_put_int(r->cx.rad, RAD_ACCT_DELAY_TIME, 0) != 0) { 1193 /* XXX ACCT_DELAY_TIME should be increased each time a packet is waiting */ 1194 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad)); 1195 rad_close(r->cx.rad); 1196 return; 1197 } 1198 1199 if (acct_type == RAD_STOP || acct_type == RAD_ALIVE) 1200 /* Show some statistics */ 1201 if (rad_put_int(r->cx.rad, RAD_ACCT_INPUT_OCTETS, stats->OctetsIn % UINT32_MAX) != 0 || 1202 rad_put_int(r->cx.rad, RAD_ACCT_INPUT_GIGAWORDS, stats->OctetsIn / UINT32_MAX) != 0 || 1203 rad_put_int(r->cx.rad, RAD_ACCT_INPUT_PACKETS, stats->PacketsIn) != 0 || 1204 rad_put_int(r->cx.rad, RAD_ACCT_OUTPUT_OCTETS, stats->OctetsOut % UINT32_MAX) != 0 || 1205 rad_put_int(r->cx.rad, RAD_ACCT_OUTPUT_GIGAWORDS, stats->OctetsOut / UINT32_MAX) != 0 || 1206 rad_put_int(r->cx.rad, RAD_ACCT_OUTPUT_PACKETS, stats->PacketsOut) 1207 != 0 || 1208 rad_put_int(r->cx.rad, RAD_ACCT_SESSION_TIME, throughput_uptime(stats)) 1209 != 0) { 1210 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad)); 1211 rad_close(r->cx.rad); 1212 return; 1213 } 1214 1215 if (log_IsKept(LogPHASE) || log_IsKept(LogRADIUS)) { 1216 const char *what; 1217 int level; 1218 1219 switch (acct_type) { 1220 case RAD_START: 1221 what = "START"; 1222 level = log_IsKept(LogPHASE) ? LogPHASE : LogRADIUS; 1223 break; 1224 case RAD_STOP: 1225 what = "STOP"; 1226 level = log_IsKept(LogPHASE) ? LogPHASE : LogRADIUS; 1227 break; 1228 case RAD_ALIVE: 1229 what = "ALIVE"; 1230 level = LogRADIUS; 1231 break; 1232 default: 1233 what = "<unknown>"; 1234 level = log_IsKept(LogPHASE) ? LogPHASE : LogRADIUS; 1235 break; 1236 } 1237 log_Printf(level, "Radius(acct): %s data sent\n", what); 1238 } 1239 1240 r->cx.auth = NULL; /* Not valid for accounting requests */ 1241 if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv))) 1242 radius_Process(r, got); 1243 else { 1244 log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout); 1245 r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS; 1246 r->cx.timer.func = radius_Timeout; 1247 r->cx.timer.name = "radius acct"; 1248 r->cx.timer.arg = r; 1249 timer_Start(&r->cx.timer); 1250 } 1251 } 1252 1253 /* 1254 * How do things look at the moment ? 1255 */ 1256 void 1257 radius_Show(struct radius *r, struct prompt *p) 1258 { 1259 prompt_Printf(p, " Radius config: %s", 1260 *r->cfg.file ? r->cfg.file : "none"); 1261 if (r->valid) { 1262 prompt_Printf(p, "\n IP: %s\n", inet_ntoa(r->ip)); 1263 prompt_Printf(p, " Netmask: %s\n", inet_ntoa(r->mask)); 1264 prompt_Printf(p, " MTU: %lu\n", r->mtu); 1265 prompt_Printf(p, " VJ: %sabled\n", r->vj ? "en" : "dis"); 1266 prompt_Printf(p, " Message: %s\n", r->repstr ? r->repstr : ""); 1267 prompt_Printf(p, " MPPE Enc Policy: %s\n", 1268 radius_policyname(r->mppe.policy)); 1269 prompt_Printf(p, " MPPE Enc Types: %s\n", 1270 radius_typesname(r->mppe.types)); 1271 prompt_Printf(p, " MPPE Recv Key: %seceived\n", 1272 r->mppe.recvkey ? "R" : "Not r"); 1273 prompt_Printf(p, " MPPE Send Key: %seceived\n", 1274 r->mppe.sendkey ? "R" : "Not r"); 1275 prompt_Printf(p, " MS-CHAP2-Response: %s\n", 1276 r->msrepstr ? r->msrepstr : ""); 1277 prompt_Printf(p, " Error Message: %s\n", r->errstr ? r->errstr : ""); 1278 if (r->routes) 1279 route_ShowSticky(p, r->routes, " Routes", 16); 1280 #ifndef NOINET6 1281 if (r->ipv6routes) 1282 route_ShowSticky(p, r->ipv6routes, " IPv6 Routes", 16); 1283 #endif 1284 } else 1285 prompt_Printf(p, " (not authenticated)\n"); 1286 } 1287 1288 static void 1289 radius_alive(void *v) 1290 { 1291 struct bundle *bundle = (struct bundle *)v; 1292 1293 timer_Stop(&bundle->radius.alive.timer); 1294 bundle->radius.alive.timer.load = bundle->radius.alive.interval * SECTICKS; 1295 if (bundle->radius.alive.timer.load) { 1296 radius_Account(&bundle->radius, &bundle->radacct, 1297 bundle->links, RAD_ALIVE, &bundle->ncp.ipcp.throughput); 1298 timer_Start(&bundle->radius.alive.timer); 1299 } 1300 } 1301 1302 void 1303 radius_StartTimer(struct bundle *bundle) 1304 { 1305 if (bundle->radius.cfg.file && bundle->radius.alive.interval) { 1306 bundle->radius.alive.timer.func = radius_alive; 1307 bundle->radius.alive.timer.name = "radius alive"; 1308 bundle->radius.alive.timer.load = bundle->radius.alive.interval * SECTICKS; 1309 bundle->radius.alive.timer.arg = bundle; 1310 radius_alive(bundle); 1311 } 1312 } 1313 1314 void 1315 radius_StopTimer(struct radius *r) 1316 { 1317 timer_Stop(&r->alive.timer); 1318 } 1319