2 * Copyright 1999 Internet Business Solutions Ltd., Switzerland
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * $FreeBSD: src/usr.sbin/ppp/radius.c,v 1.11.2.5 2002/09/01 02:12:32 brian Exp $
30 #include <sys/param.h>
32 #include <sys/socket.h>
33 #include <netinet/in_systm.h>
34 #include <netinet/in.h>
35 #include <netinet/ip.h>
36 #include <arpa/inet.h>
38 #include <net/route.h>
42 #include "radlib_vs.h"
45 #include <radlib_vs.h>
64 #include "descriptor.h"
69 #include "slcompress.h"
70 #include "throughput.h"
98 struct mschap_response {
101 u_char lm_response[24];
102 u_char nt_response[24];
105 struct mschap2_response {
108 u_char pchallenge[16];
118 radius_policyname(int policy)
121 case MPPE_POLICY_ALLOWED:
123 case MPPE_POLICY_REQUIRED:
126 return NumStr(policy, NULL, 0);
130 radius_typesname(int types)
133 case MPPE_TYPE_40BIT:
135 case MPPE_TYPE_128BIT:
137 case MPPE_TYPE_40BIT|MPPE_TYPE_128BIT:
138 return "40 or 128 bit";
140 return NumStr(types, NULL, 0);
145 demangle(struct radius *r, const void *mangled, size_t mlen,
146 char **buf, size_t *len)
148 char R[AUTH_LEN]; /* variable names as per rfc2548 */
153 int Slen, i, Clen, Ppos;
156 if (mlen % 16 != SALT_LEN) {
157 log_Printf(LogWARN, "Cannot interpret mangled data of length %ld\n",
164 /* We need the RADIUS Request-Authenticator */
165 if (rad_request_authenticator(r->cx.rad, R, sizeof R) != AUTH_LEN) {
166 log_Printf(LogWARN, "Cannot obtain the RADIUS request authenticator\n");
172 A = (const u_char *)mangled; /* Salt comes first */
173 C = (const u_char *)mangled + SALT_LEN; /* Then the ciphertext */
174 Clen = mlen - SALT_LEN;
175 S = rad_server_secret(r->cx.rad); /* We need the RADIUS secret */
177 P = alloca(Clen); /* We derive our plaintext */
180 MD5Update(&Context, S, Slen);
181 MD5Update(&Context, R, AUTH_LEN);
182 MD5Update(&Context, A, SALT_LEN);
183 MD5Final(b, &Context);
189 for (i = 0; i < 16; i++)
190 P[Ppos++] = C[i] ^ b[i];
194 MD5Update(&Context, S, Slen);
195 MD5Update(&Context, C, 16);
196 MD5Final(b, &Context);
203 * The resulting plain text consists of a one-byte length, the text and
204 * maybe some padding.
207 if (*len > mlen - 1) {
208 log_Printf(LogWARN, "Mangled data seems to be garbage\n");
215 memcpy(*buf, P + 1, *len);
220 * rad_continue_send_request() has given us `got' (non-zero). Deal with it.
223 radius_Process(struct radius *r, int got)
225 char *argv[MAXARGS], *nuke;
226 struct bundle *bundle;
227 int argc, addrs, res, width;
229 struct ncprange dest;
233 u_int32_t ipaddr, vendor;
236 r->cx.fd = -1; /* Stop select()ing */
237 stype = r->cx.auth ? "auth" : "acct";
240 case RAD_ACCESS_ACCEPT:
241 log_Printf(LogPHASE, "Radius(%s): ACCEPT received\n", stype);
243 rad_close(r->cx.rad);
248 case RAD_ACCESS_REJECT:
249 log_Printf(LogPHASE, "Radius(%s): REJECT received\n", stype);
251 rad_close(r->cx.rad);
256 case RAD_ACCESS_CHALLENGE:
257 /* we can't deal with this (for now) ! */
258 log_Printf(LogPHASE, "Radius: CHALLENGE received (can't handle yet)\n");
260 auth_Failure(r->cx.auth);
261 rad_close(r->cx.rad);
264 case RAD_ACCOUNTING_RESPONSE:
265 log_Printf(LogPHASE, "Radius(%s): Accounting response received\n", stype);
267 auth_Failure(r->cx.auth); /* unexpected !!! */
269 /* No further processing for accounting requests, please */
270 rad_close(r->cx.rad);
274 log_Printf(LogPHASE, "radius(%s): %s\n", stype, rad_strerror(r->cx.rad));
276 auth_Failure(r->cx.auth);
277 rad_close(r->cx.rad);
281 log_Printf(LogERROR, "rad_send_request(%s): Failed %d: %s\n", stype,
282 got, rad_strerror(r->cx.rad));
284 auth_Failure(r->cx.auth);
285 rad_close(r->cx.rad);
289 /* Let's see what we've got in our reply */
290 r->ip.s_addr = r->mask.s_addr = INADDR_NONE;
293 while ((res = rad_get_attr(r->cx.rad, &data, &len)) > 0) {
295 case RAD_FRAMED_IP_ADDRESS:
296 r->ip = rad_cvt_addr(data);
297 log_Printf(LogPHASE, " IP %s\n", inet_ntoa(r->ip));
302 if ((r->filterid = rad_cvt_string(data, len)) == NULL) {
303 log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
304 auth_Failure(r->cx.auth);
305 rad_close(r->cx.rad);
308 log_Printf(LogPHASE, " Filter \"%s\"\n", r->filterid);
311 case RAD_SESSION_TIMEOUT:
312 r->sessiontime = rad_cvt_int(data);
313 log_Printf(LogPHASE, " Session-Timeout %lu\n", r->sessiontime);
316 case RAD_FRAMED_IP_NETMASK:
317 r->mask = rad_cvt_addr(data);
318 log_Printf(LogPHASE, " Netmask %s\n", inet_ntoa(r->mask));
322 r->mtu = rad_cvt_int(data);
323 log_Printf(LogPHASE, " MTU %lu\n", r->mtu);
326 case RAD_FRAMED_ROUTING:
327 /* Disabled for now - should we automatically set up some filters ? */
328 /* rad_cvt_int(data); */
329 /* bit 1 = Send routing packets */
330 /* bit 2 = Receive routing packets */
333 case RAD_FRAMED_COMPRESSION:
334 r->vj = rad_cvt_int(data) == 1 ? 1 : 0;
335 log_Printf(LogPHASE, " VJ %sabled\n", r->vj ? "en" : "dis");
338 case RAD_FRAMED_ROUTE:
340 * We expect a string of the format ``dest[/bits] gw [metrics]''
341 * Any specified metrics are ignored. MYADDR and HISADDR are
342 * understood for ``dest'' and ``gw'' and ``0.0.0.0'' is the same
346 if ((nuke = rad_cvt_string(data, len)) == NULL) {
347 log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
348 auth_Failure(r->cx.auth);
349 rad_close(r->cx.rad);
353 log_Printf(LogPHASE, " Route: %s\n", nuke);
354 bundle = r->cx.auth->physical->dl->bundle;
355 ip.s_addr = INADDR_ANY;
356 ncprange_setip4host(&dest, ip);
357 argc = command_Interpret(nuke, strlen(nuke), argv);
359 log_Printf(LogWARN, "radius: %s: Syntax error\n",
360 argc == 1 ? argv[0] : "\"\"");
362 log_Printf(LogWARN, "radius: %s: Invalid route\n",
363 argc == 1 ? argv[0] : "\"\"");
364 else if ((strcasecmp(argv[0], "default") != 0 &&
365 !ncprange_aton(&dest, &bundle->ncp, argv[0])) ||
366 !ncpaddr_aton(&gw, &bundle->ncp, argv[1]))
367 log_Printf(LogWARN, "radius: %s %s: Invalid route\n",
370 ncprange_getwidth(&dest, &width);
371 if (width == 32 && strchr(argv[0], '/') == NULL) {
372 /* No mask specified - use the natural mask */
373 ncprange_getip4addr(&dest, &ip);
374 ncprange_setip4mask(&dest, addr2mask(ip));
378 if (!strncasecmp(argv[0], "HISADDR", 7))
379 addrs = ROUTE_DSTHISADDR;
380 else if (!strncasecmp(argv[0], "MYADDR", 6))
381 addrs = ROUTE_DSTMYADDR;
383 if (ncpaddr_getip4addr(&gw, &ipaddr) && ipaddr == INADDR_ANY) {
384 addrs |= ROUTE_GWHISADDR;
385 ncpaddr_setip4(&gw, bundle->ncp.ipcp.peer_ip);
386 } else if (strcasecmp(argv[1], "HISADDR") == 0)
387 addrs |= ROUTE_GWHISADDR;
389 route_Add(&r->routes, addrs, &dest, &gw);
394 case RAD_REPLY_MESSAGE:
396 if ((r->repstr = rad_cvt_string(data, len)) == NULL) {
397 log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
398 auth_Failure(r->cx.auth);
399 rad_close(r->cx.rad);
402 log_Printf(LogPHASE, " Reply-Message \"%s\"\n", r->repstr);
405 case RAD_VENDOR_SPECIFIC:
406 if ((res = rad_get_vendor_attr(&vendor, &data, &len)) <= 0) {
407 log_Printf(LogERROR, "rad_get_vendor_attr: %s (failing!)\n",
408 rad_strerror(r->cx.rad));
409 auth_Failure(r->cx.auth);
410 rad_close(r->cx.rad);
415 case RAD_VENDOR_MICROSOFT:
418 case RAD_MICROSOFT_MS_CHAP_ERROR:
423 if (len < 3 || ((const char *)data)[1] != '=') {
425 * Only point at the String field if we don't think the
426 * peer has misformatted the response.
428 ((const char *)data)++;
431 log_Printf(LogWARN, "Warning: The MS-CHAP-Error "
432 "attribute is mis-formatted. Compensating\n");
433 if ((r->errstr = rad_cvt_string((const char *)data,
435 log_Printf(LogERROR, "rad_cvt_string: %s\n",
436 rad_strerror(r->cx.rad));
437 auth_Failure(r->cx.auth);
438 rad_close(r->cx.rad);
441 log_Printf(LogPHASE, " MS-CHAP-Error \"%s\"\n", r->errstr);
445 case RAD_MICROSOFT_MS_CHAP2_SUCCESS:
450 if (len < 3 || ((const char *)data)[1] != '=') {
452 * Only point at the String field if we don't think the
453 * peer has misformatted the response.
455 ((const char *)data)++;
458 log_Printf(LogWARN, "Warning: The MS-CHAP2-Success "
459 "attribute is mis-formatted. Compensating\n");
460 if ((r->msrepstr = rad_cvt_string((const char *)data,
462 log_Printf(LogERROR, "rad_cvt_string: %s\n",
463 rad_strerror(r->cx.rad));
464 auth_Failure(r->cx.auth);
465 rad_close(r->cx.rad);
468 log_Printf(LogPHASE, " MS-CHAP2-Success \"%s\"\n",
473 case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY:
474 r->mppe.policy = rad_cvt_int(data);
475 log_Printf(LogPHASE, " MS-MPPE-Encryption-Policy %s\n",
476 radius_policyname(r->mppe.policy));
479 case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES:
480 r->mppe.types = rad_cvt_int(data);
481 log_Printf(LogPHASE, " MS-MPPE-Encryption-Types %s\n",
482 radius_typesname(r->mppe.types));
485 case RAD_MICROSOFT_MS_MPPE_RECV_KEY:
486 free(r->mppe.recvkey);
487 demangle(r, data, len, &r->mppe.recvkey, &r->mppe.recvkeylen);
488 log_Printf(LogPHASE, " MS-MPPE-Recv-Key ********\n");
491 case RAD_MICROSOFT_MS_MPPE_SEND_KEY:
492 demangle(r, data, len, &r->mppe.sendkey, &r->mppe.sendkeylen);
493 log_Printf(LogPHASE, " MS-MPPE-Send-Key ********\n");
498 log_Printf(LogDEBUG, "Dropping MICROSOFT vendor specific "
499 "RADIUS attribute %d\n", res);
505 log_Printf(LogDEBUG, "Dropping vendor %lu RADIUS attribute %d\n",
506 (unsigned long)vendor, res);
512 log_Printf(LogDEBUG, "Dropping RADIUS attribute %d\n", res);
518 log_Printf(LogERROR, "rad_get_attr: %s (failing!)\n",
519 rad_strerror(r->cx.rad));
520 auth_Failure(r->cx.auth);
521 } else if (got == RAD_ACCESS_REJECT)
522 auth_Failure(r->cx.auth);
525 auth_Success(r->cx.auth);
527 rad_close(r->cx.rad);
531 * We've either timed out or select()ed on the read descriptor
534 radius_Continue(struct radius *r, int sel)
539 timer_Stop(&r->cx.timer);
540 if ((got = rad_continue_send_request(r->cx.rad, sel, &r->cx.fd, &tv)) == 0) {
541 log_Printf(LogPHASE, "Radius: Request re-sent\n");
542 r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
543 timer_Start(&r->cx.timer);
547 radius_Process(r, got);
551 * Time to call rad_continue_send_request() - timed out.
554 radius_Timeout(void *v)
556 radius_Continue((struct radius *)v, 0);
560 * Time to call rad_continue_send_request() - something to read.
563 radius_Read(struct fdescriptor *d, struct bundle *bundle, const fd_set *fdset)
565 radius_Continue(descriptor2radius(d), 1);
569 * Behave as a struct fdescriptor (descriptor.h)
572 radius_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n)
574 struct radius *rad = descriptor2radius(d);
576 if (r && rad->cx.fd != -1) {
577 FD_SET(rad->cx.fd, r);
578 if (*n < rad->cx.fd + 1)
580 log_Printf(LogTIMER, "Radius: fdset(r) %d\n", rad->cx.fd);
588 * Behave as a struct fdescriptor (descriptor.h)
591 radius_IsSet(struct fdescriptor *d, const fd_set *fdset)
593 struct radius *r = descriptor2radius(d);
595 return r && r->cx.fd != -1 && FD_ISSET(r->cx.fd, fdset);
599 * Behave as a struct fdescriptor (descriptor.h)
602 radius_Write(struct fdescriptor *d, struct bundle *bundle, const fd_set *fdset)
604 /* We never want to write here ! */
605 log_Printf(LogALERT, "radius_Write: Internal error: Bad call !\n");
610 * Initialise ourselves
613 radius_Init(struct radius *r)
615 r->desc.type = RADIUS_DESCRIPTOR;
616 r->desc.UpdateSet = radius_UpdateSet;
617 r->desc.IsSet = radius_IsSet;
618 r->desc.Read = radius_Read;
619 r->desc.Write = radius_Write;
622 memset(&r->cx.timer, '\0', sizeof r->cx.timer);
626 r->ip.s_addr = INADDR_ANY;
627 r->mask.s_addr = INADDR_NONE;
635 r->mppe.recvkey = NULL;
636 r->mppe.recvkeylen = 0;
637 r->mppe.sendkey = NULL;
638 r->mppe.sendkeylen = 0;
639 *r->cfg.file = '\0';;
640 log_Printf(LogDEBUG, "Radius: radius_Init\n");
644 * Forget everything and go back to initialised state.
647 radius_Destroy(struct radius *r)
650 log_Printf(LogDEBUG, "Radius: radius_Destroy\n");
651 timer_Stop(&r->cx.timer);
652 route_DeleteAll(&r->routes);
661 free(r->mppe.recvkey);
662 r->mppe.recvkey = NULL;
663 r->mppe.recvkeylen = 0;
664 free(r->mppe.sendkey);
665 r->mppe.sendkey = NULL;
666 r->mppe.sendkeylen = 0;
667 if (r->cx.fd != -1) {
669 rad_close(r->cx.rad);
674 radius_put_physical_details(struct rad_handle *rad, struct physical *p)
680 switch (p->handler->type) {
682 type = RAD_ISDN_SYNC;
702 if (rad_put_int(rad, RAD_NAS_PORT_TYPE, type) != 0) {
703 log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad));
708 if ((slot = physical_Slot(p)) >= 0)
709 if (rad_put_int(rad, RAD_NAS_PORT, slot) != 0) {
710 log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad));
719 * Start an authentication request to the RADIUS server.
722 radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,
723 const char *key, int klen, const char *nchallenge,
728 char hostname[MAXHOSTNAMELEN];
731 struct in_addr hostaddr;
734 struct mschap_response msresp;
735 struct mschap2_response msresp2;
736 const struct MSCHAPv2_resp *keyv2;
744 * We assume that our name/key/challenge is the same as last time,
745 * and just continue to wait for the RADIUS server(s).
751 if ((r->cx.rad = rad_auth_open()) == NULL) {
752 log_Printf(LogERROR, "rad_auth_open: %s\n", strerror(errno));
756 if (rad_config(r->cx.rad, r->cfg.file) != 0) {
757 log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(r->cx.rad));
758 rad_close(r->cx.rad);
762 if (rad_create_request(r->cx.rad, RAD_ACCESS_REQUEST) != 0) {
763 log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(r->cx.rad));
764 rad_close(r->cx.rad);
768 if (rad_put_string(r->cx.rad, RAD_USER_NAME, name) != 0 ||
769 rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 ||
770 rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) {
771 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
772 rad_close(r->cx.rad);
776 switch (authp->physical->link.lcp.want_auth) {
778 /* We're talking PAP */
779 if (rad_put_attr(r->cx.rad, RAD_USER_PASSWORD, key, klen) != 0) {
780 log_Printf(LogERROR, "PAP: rad_put_string: %s\n",
781 rad_strerror(r->cx.rad));
782 rad_close(r->cx.rad);
788 switch (authp->physical->link.lcp.want_authtype) {
790 if (rad_put_attr(r->cx.rad, RAD_CHAP_PASSWORD, key, klen) != 0 ||
791 rad_put_attr(r->cx.rad, RAD_CHAP_CHALLENGE, nchallenge, nclen) != 0) {
792 log_Printf(LogERROR, "CHAP: rad_put_string: %s\n",
793 rad_strerror(r->cx.rad));
794 rad_close(r->cx.rad);
802 log_Printf(LogERROR, "CHAP80: Unrecognised key length %d\n", klen);
803 rad_close(r->cx.rad);
807 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
808 RAD_MICROSOFT_MS_CHAP_CHALLENGE, nchallenge, nclen);
811 memcpy(msresp.lm_response, key + 1, 24);
812 memcpy(msresp.nt_response, key + 25, 24);
813 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
814 RAD_MICROSOFT_MS_CHAP_RESPONSE, &msresp,
819 if (klen != sizeof(*keyv2) + 1) {
820 log_Printf(LogERROR, "CHAP81: Unrecognised key length %d\n", klen);
821 rad_close(r->cx.rad);
825 keyv2 = (const struct MSCHAPv2_resp *)(key + 1);
826 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
827 RAD_MICROSOFT_MS_CHAP_CHALLENGE, nchallenge, nclen);
828 msresp2.ident = *key;
829 msresp2.flags = keyv2->Flags;
830 memcpy(msresp2.response, keyv2->NTResponse, sizeof msresp2.response);
831 memset(msresp2.reserved, '\0', sizeof msresp2.reserved);
832 memcpy(msresp2.pchallenge, keyv2->PeerChallenge,
833 sizeof msresp2.pchallenge);
834 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
835 RAD_MICROSOFT_MS_CHAP2_RESPONSE, &msresp2,
840 log_Printf(LogERROR, "CHAP: Unrecognised type 0x%02x\n",
841 authp->physical->link.lcp.want_authtype);
842 rad_close(r->cx.rad);
847 if (gethostname(hostname, sizeof hostname) != 0)
848 log_Printf(LogERROR, "rad_put: gethostname(): %s\n", strerror(errno));
851 if ((hp = gethostbyname(hostname)) != NULL) {
852 hostaddr.s_addr = *(u_long *)hp->h_addr;
853 if (rad_put_addr(r->cx.rad, RAD_NAS_IP_ADDRESS, hostaddr) != 0) {
854 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
855 rad_strerror(r->cx.rad));
856 rad_close(r->cx.rad);
861 if (rad_put_string(r->cx.rad, RAD_NAS_IDENTIFIER, hostname) != 0) {
862 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
863 rad_strerror(r->cx.rad));
864 rad_close(r->cx.rad);
869 radius_put_physical_details(r->cx.rad, authp->physical);
872 if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))
873 radius_Process(r, got);
875 log_Printf(LogPHASE, "Radius: Request sent\n");
876 log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout);
877 r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
878 r->cx.timer.func = radius_Timeout;
879 r->cx.timer.name = "radius auth";
881 timer_Start(&r->cx.timer);
888 * Send an accounting request to the RADIUS server
891 radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl,
892 int acct_type, struct in_addr *peer_ip, struct in_addr *netmask,
893 struct pppThroughput *stats)
897 char hostname[MAXHOSTNAMELEN];
900 struct in_addr hostaddr;
908 * We assume that our name/key/challenge is the same as last time,
909 * and just continue to wait for the RADIUS server(s).
913 timer_Stop(&r->cx.timer);
915 if ((r->cx.rad = rad_acct_open()) == NULL) {
916 log_Printf(LogERROR, "rad_auth_open: %s\n", strerror(errno));
920 if (rad_config(r->cx.rad, r->cfg.file) != 0) {
921 log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(r->cx.rad));
922 rad_close(r->cx.rad);
926 if (rad_create_request(r->cx.rad, RAD_ACCOUNTING_REQUEST) != 0) {
927 log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(r->cx.rad));
928 rad_close(r->cx.rad);
932 /* Grab some accounting data and initialize structure */
933 if (acct_type == RAD_START) {
935 /* Fetch username from datalink */
936 strncpy(ac->user_name, dl->peer.authname, sizeof ac->user_name);
937 ac->user_name[AUTHLEN-1] = '\0';
939 ac->authentic = 2; /* Assume RADIUS verified auth data */
941 /* Generate a session ID */
942 snprintf(ac->session_id, sizeof ac->session_id, "%s%ld-%s%lu",
943 dl->bundle->cfg.auth.name, (long)getpid(),
944 dl->peer.authname, (unsigned long)stats->uptime);
946 /* And grab our MP socket name */
947 snprintf(ac->multi_session_id, sizeof ac->multi_session_id, "%s",
948 dl->bundle->ncp.mp.active ?
949 dl->bundle->ncp.mp.server.socket.sun_path : "");
951 /* Fetch IP, netmask from IPCP */
952 memcpy(&ac->ip, peer_ip, sizeof(ac->ip));
953 memcpy(&ac->mask, netmask, sizeof(ac->mask));
956 if (rad_put_string(r->cx.rad, RAD_USER_NAME, ac->user_name) != 0 ||
957 rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 ||
958 rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0 ||
959 rad_put_addr(r->cx.rad, RAD_FRAMED_IP_ADDRESS, ac->ip) != 0 ||
960 rad_put_addr(r->cx.rad, RAD_FRAMED_IP_NETMASK, ac->mask) != 0) {
961 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
962 rad_close(r->cx.rad);
966 if (gethostname(hostname, sizeof hostname) != 0)
967 log_Printf(LogERROR, "rad_put: gethostname(): %s\n", strerror(errno));
970 if ((hp = gethostbyname(hostname)) != NULL) {
971 hostaddr.s_addr = *(u_long *)hp->h_addr;
972 if (rad_put_addr(r->cx.rad, RAD_NAS_IP_ADDRESS, hostaddr) != 0) {
973 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
974 rad_strerror(r->cx.rad));
975 rad_close(r->cx.rad);
980 if (rad_put_string(r->cx.rad, RAD_NAS_IDENTIFIER, hostname) != 0) {
981 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
982 rad_strerror(r->cx.rad));
983 rad_close(r->cx.rad);
988 radius_put_physical_details(r->cx.rad, dl->physical);
990 if (rad_put_int(r->cx.rad, RAD_ACCT_STATUS_TYPE, acct_type) != 0 ||
991 rad_put_string(r->cx.rad, RAD_ACCT_SESSION_ID, ac->session_id) != 0 ||
992 rad_put_string(r->cx.rad, RAD_ACCT_MULTI_SESSION_ID,
993 ac->multi_session_id) != 0 ||
994 rad_put_int(r->cx.rad, RAD_ACCT_DELAY_TIME, 0) != 0) {
995 /* XXX ACCT_DELAY_TIME should be increased each time a packet is waiting */
996 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
997 rad_close(r->cx.rad);
1001 if (acct_type == RAD_STOP)
1002 /* Show some statistics */
1003 if (rad_put_int(r->cx.rad, RAD_ACCT_INPUT_OCTETS, stats->OctetsIn) != 0 ||
1004 rad_put_int(r->cx.rad, RAD_ACCT_INPUT_PACKETS, stats->PacketsIn) != 0 ||
1005 rad_put_int(r->cx.rad, RAD_ACCT_OUTPUT_OCTETS, stats->OctetsOut) != 0 ||
1006 rad_put_int(r->cx.rad, RAD_ACCT_OUTPUT_PACKETS, stats->PacketsOut)
1008 rad_put_int(r->cx.rad, RAD_ACCT_SESSION_TIME, throughput_uptime(stats))
1010 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
1011 rad_close(r->cx.rad);
1015 r->cx.auth = NULL; /* Not valid for accounting requests */
1016 if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))
1017 radius_Process(r, got);
1019 log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout);
1020 r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
1021 r->cx.timer.func = radius_Timeout;
1022 r->cx.timer.name = "radius acct";
1023 r->cx.timer.arg = r;
1024 timer_Start(&r->cx.timer);
1029 * How do things look at the moment ?
1032 radius_Show(struct radius *r, struct prompt *p)
1034 prompt_Printf(p, " Radius config: %s",
1035 *r->cfg.file ? r->cfg.file : "none");
1037 prompt_Printf(p, "\n IP: %s\n", inet_ntoa(r->ip));
1038 prompt_Printf(p, " Netmask: %s\n", inet_ntoa(r->mask));
1039 prompt_Printf(p, " MTU: %lu\n", r->mtu);
1040 prompt_Printf(p, " VJ: %sabled\n", r->vj ? "en" : "dis");
1041 prompt_Printf(p, " Message: %s\n", r->repstr ? r->repstr : "");
1042 prompt_Printf(p, " MPPE Enc Policy: %s\n",
1043 radius_policyname(r->mppe.policy));
1044 prompt_Printf(p, " MPPE Enc Types: %s\n",
1045 radius_typesname(r->mppe.types));
1046 prompt_Printf(p, " MPPE Recv Key: %seceived\n",
1047 r->mppe.recvkey ? "R" : "Not r");
1048 prompt_Printf(p, " MPPE Send Key: %seceived\n",
1049 r->mppe.sendkey ? "R" : "Not r");
1050 prompt_Printf(p, " MS-CHAP2-Response: %s\n",
1051 r->msrepstr ? r->msrepstr : "");
1052 prompt_Printf(p, " Error Message: %s\n", r->errstr ? r->errstr : "");
1054 route_ShowSticky(p, r->routes, " Routes", 16);
1056 prompt_Printf(p, " (not authenticated)\n");