diff options
| author | brian <brian@FreeBSD.org> | 1999-01-28 01:56:34 +0000 |
|---|---|---|
| committer | brian <brian@FreeBSD.org> | 1999-01-28 01:56:34 +0000 |
| commit | c970e06ccf646c8d420b2216f605eefeef3cdc0d (patch) | |
| tree | bb4ef8e30fe918a76dda062613ff6dce7f4acf28 /usr.sbin/ppp/auth.c | |
| parent | bada4b37ff3f7d5effb75895357b4276798f82de (diff) | |
| download | FreeBSD-src-c970e06ccf646c8d420b2216f605eefeef3cdc0d.zip FreeBSD-src-c970e06ccf646c8d420b2216f605eefeef3cdc0d.tar.gz | |
Initial RADIUS support (using libradius). See the man page for
details. Compiling with -DNORADIUS (the default for `release')
removes support.
TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.
Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(
Sponsored by: Internet Business Solutions Ltd., Switzerland
Diffstat (limited to 'usr.sbin/ppp/auth.c')
| -rw-r--r-- | usr.sbin/ppp/auth.c | 75 |
1 files changed, 52 insertions, 23 deletions
diff --git a/usr.sbin/ppp/auth.c b/usr.sbin/ppp/auth.c index 8d47984..f9cc803 100644 --- a/usr.sbin/ppp/auth.c +++ b/usr.sbin/ppp/auth.c @@ -17,12 +17,12 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: auth.c,v 1.33 1998/08/26 17:39:36 brian Exp $ + * $Id: auth.c,v 1.34 1998/12/17 00:28:12 brian Exp $ * * TODO: * o Implement check against with registered IP addresses. */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -53,6 +53,9 @@ #include "lcpproto.h" #include "filter.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" const char * @@ -105,12 +108,12 @@ auth_SetPhoneList(const char *name, char *phone, int phonelen) if (n < 5) continue; if (strcmp(vector[0], name) == 0) { - CloseSecret(fp); - if (*vector[4] == '\0') + CloseSecret(fp); + if (*vector[4] == '\0') return 0; strncpy(phone, vector[4], phonelen - 1); phone[phonelen - 1] = '\0'; - return 1; /* Valid */ + return 1; /* Valid */ } } CloseSecret(fp); @@ -128,10 +131,20 @@ auth_Select(struct bundle *bundle, const char *name) char buff[LINE_LEN]; if (*name == '\0') { - ipcp_Setup(&bundle->ncp.ipcp); + ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); return 1; } +#ifndef NORADIUS + if (bundle->radius.valid && bundle->radius.ip.s_addr != INADDR_NONE) { + /* We've got a radius IP - it overrides everything */ + if (!ipcp_UseHisIPaddr(bundle, bundle->radius.ip)) + return 0; + ipcp_Setup(&bundle->ncp.ipcp, bundle->radius.mask.s_addr); + /* Continue with ppp.secret in case we've got a new label */ + } +#endif + fp = OpenSecret(SECRETFILE); if (fp != NULL) { while (fgets(buff, sizeof buff, fp)) { @@ -143,14 +156,20 @@ auth_Select(struct bundle *bundle, const char *name) if (n < 2) continue; if (strcmp(vector[0], name) == 0) { - CloseSecret(fp); - if (n > 2 && *vector[2] && strcmp(vector[2], "*") && - !ipcp_UseHisaddr(bundle, vector[2], 1)) - return 0; - ipcp_Setup(&bundle->ncp.ipcp); - if (n > 3 && *vector[3] && strcmp(vector[3], "*")) - bundle_SetLabel(bundle, vector[3]); - return 1; /* Valid */ + CloseSecret(fp); +#ifndef NORADIUS + if (!bundle->radius.valid || bundle->radius.ip.s_addr == INADDR_NONE) { +#endif + if (n > 2 && *vector[2] && strcmp(vector[2], "*") && + !ipcp_UseHisaddr(bundle, vector[2], 1)) + return 0; + ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); +#ifndef NORADIUS + } +#endif + if (n > 3 && *vector[3] && strcmp(vector[3], "*")) + bundle_SetLabel(bundle, vector[3]); + return 1; /* Valid */ } } CloseSecret(fp); @@ -158,16 +177,21 @@ auth_Select(struct bundle *bundle, const char *name) #ifndef NOPASSWDAUTH /* Let 'em in anyway - they must have been in the passwd file */ - ipcp_Setup(&bundle->ncp.ipcp); + ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); return 1; #else - /* Disappeared from ppp.secret ? */ +#ifndef NORADIUS + if (bundle->radius.valid) + return 1; +#endif + + /* Disappeared from ppp.secret ??? */ return 0; #endif } int -auth_Validate(struct bundle *bundle, const char *system, +auth_Validate(struct bundle *bundle, const char *name, const char *key, struct physical *physical) { /* Used by PAP routines */ @@ -177,6 +201,11 @@ auth_Validate(struct bundle *bundle, const char *system, char *vector[5]; char buff[LINE_LEN]; +#ifndef NORADIUS + if (*bundle->radius.cfg.file) + return radius_Authenticate(&bundle->radius, bundle, name, key, NULL); +#endif + fp = OpenSecret(SECRETFILE); if (fp != NULL) { while (fgets(buff, sizeof buff, fp)) { @@ -187,9 +216,9 @@ auth_Validate(struct bundle *bundle, const char *system, n = MakeArgs(buff, vector, VECSIZE(vector)); if (n < 2) continue; - if (strcmp(vector[0], system) == 0) { - CloseSecret(fp); - return auth_CheckPasswd(vector[0], vector[1], key); + if (strcmp(vector[0], name) == 0) { + CloseSecret(fp); + return auth_CheckPasswd(name, vector[1], key); } } CloseSecret(fp); @@ -197,14 +226,14 @@ auth_Validate(struct bundle *bundle, const char *system, #ifndef NOPASSWDAUTH if (Enabled(bundle, OPT_PASSWDAUTH)) - return auth_CheckPasswd(system, "*", key); + return auth_CheckPasswd(name, "*", key); #endif return 0; /* Invalid */ } char * -auth_GetSecret(struct bundle *bundle, const char *system, int len, +auth_GetSecret(struct bundle *bundle, const char *name, int len, struct physical *physical) { /* Used by CHAP routines */ @@ -226,7 +255,7 @@ auth_GetSecret(struct bundle *bundle, const char *system, int len, n = MakeArgs(buff, vector, VECSIZE(vector)); if (n < 2) continue; - if (strlen(vector[0]) == len && strncmp(vector[0], system, len) == 0) { + if (strlen(vector[0]) == len && strncmp(vector[0], name, len) == 0) { CloseSecret(fp); return vector[1]; } |
