Add a new option for ppp.conf: rad_port_id. It allows to

change the way of what ppp submits to the RADIUS server
as NAS-Port-Id. Possible options are: the PID of the process
owning the corresponding interface, tun(4) interface number,
interface index (as it would get returned by if_nametoindex(3)),
or it's possible to keep the default behavior. Check the ppp(8)
manual page for details.

PR:		bin/112764
Submitted by:	novel (myself)
Reviewed by:	flz
Approved by:	flz
MFC after:	1 month

4 files changed, 80 insertions, 12 deletions

diff --git a/usr.sbin/ppp/command.c b/usr.sbin/ppp/command.c
index de5eec4..04ad080 100644
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@@ -144,6 +144,7 @@
 #define	VAR_IPV6CPRETRY	37
 #define	VAR_RAD_ALIVE	38
 #define	VAR_PPPOE	39
+#define	VAR_PORT_ID	40
 
 /* ``accept|deny|disable|enable'' masks */
 #define NEG_HISMASK (1)
@@ -2311,6 +2312,29 @@ SetVariable(struct cmdargs const *arg)
     }
     break;
 
+#ifndef NORADIUS
+  case VAR_PORT_ID:
+    if (strcasecmp(argp, "default") == 0)
+	    arg->bundle->radius.port_id_type = RPI_DEFAULT;
+    else if (strcasecmp(argp, "pid") == 0)
+	    arg->bundle->radius.port_id_type = RPI_PID;
+    else if (strcasecmp(argp, "ifnum") == 0)
+	    arg->bundle->radius.port_id_type = RPI_IFNUM; 
+    else if (strcasecmp(argp, "tunnum") == 0)
+	    arg->bundle->radius.port_id_type = RPI_TUNNUM;
+    else {
+	   log_Printf(LogWARN,
+		"RADIUS port id must be one of \"default\", \"pid\", \"ifnum\" or \"tunnum\"\n");
+	   res = 1;
+    }
+
+    if (arg->bundle->radius.port_id_type && !arg->bundle->radius.cfg.file) {
+	    log_Printf(LogWARN, "rad_port_id requires radius to be configured\n");
+	    res = 1;
+    }
+
+    break;
+#endif
   }
 
   return res;
@@ -2415,7 +2439,9 @@ static struct cmdtab const SetCommands[] = {
   "RADIUS Config", "set radius cfgfile", (const void *)VAR_RADIUS},
   {"rad_alive", NULL, SetVariable, LOCAL_AUTH,
   "Raduis alive interval", "set rad_alive value",
-  (const void *)VAR_RAD_ALIVE},  
+  (const void *)VAR_RAD_ALIVE},
+  {"rad_port_id", NULL, SetVariable, LOCAL_AUTH,
+  "NAS-Port-Id", "set rad_port_id [default|pid|ifnum|tunnum]", (const void *)VAR_PORT_ID},
 #endif
   {"reconnect", NULL, datalink_SetReconnect, LOCAL_AUTH | LOCAL_CX,
   "Reconnect timeout", "set reconnect value ntries", NULL},
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4
index 983ef11..e71e659 100644
--- a/usr.sbin/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp.8.m4
@@ -27,7 +27,7 @@ changecom(,)dnl
 .\"
 .\" $FreeBSD$
 .\"
-.Dd September 5, 2006
+.Dd May 24, 2007
 .Dt PPP 8
 .Os
 .Sh NAME
@@ -5588,6 +5588,25 @@ value will tell
 to sent RADIUS accounting information to the RADIUS server every
 .Ar timeout
 seconds.
+.It set rad_port_id Ar option
+When RADIUS is configured, setting
+.Dq rad_port_id
+value allows to specify what should be sent to the RADIUS server as
+NAS-Port-Id.
+The
+.Ar option Ns No s
+are as follows:
+.Pp
+.Bl -tag -width Ds
+.It pid
+PID of the corresponding tunnel.
+.It tunnum
+tun(4) interface number.
+.It ifnum
+index of the interface as of returned by if_nametoindex(3).
+.It default
+keeps the default behavior.
+.El
 .It set reconnect Ar timeout ntries
 Should the line drop unexpectedly (due to loss of CD or LQR
 failure), a connection will be re-established after the given
diff --git a/usr.sbin/ppp/radius.c b/usr.sbin/ppp/radius.c
index c26059e..6b1d685 100644
--- a/usr.sbin/ppp/radius.c
+++ b/usr.sbin/ppp/radius.c
@@ -95,6 +95,7 @@
 #include "ncp.h"
 #include "bundle.h"
 #include "proto.h"
+#include "iface.h"
 
 #ifndef NODES
 struct mschap_response {
@@ -825,7 +826,7 @@ radius_Destroy(struct radius *r)
 }
 
 static int
-radius_put_physical_details(struct rad_handle *rad, struct physical *p)
+radius_put_physical_details(struct radius *rad, struct physical *p)
 {
   int slot, type;
 
@@ -853,16 +854,32 @@ radius_put_physical_details(struct rad_handle *rad, struct physical *p)
         break;
     }
 
-  if (rad_put_int(rad, RAD_NAS_PORT_TYPE, type) != 0) {
-    log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad));
-    rad_close(rad);
+  if (rad_put_int(rad->cx.rad, RAD_NAS_PORT_TYPE, type) != 0) {
+    log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad->cx.rad));
+    rad_close(rad->cx.rad);
     return 0;
   }
 
-  if ((slot = physical_Slot(p)) >= 0)
-    if (rad_put_int(rad, RAD_NAS_PORT, slot) != 0) {
-      log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad));
-      rad_close(rad);
+  switch (rad->port_id_type) {
+    case RPI_PID:
+      slot = (int)getpid();
+      break;
+    case RPI_IFNUM:
+      slot = p->dl->bundle->iface->index;
+      break;
+    case RPI_TUNNUM:
+      slot = p->dl->bundle->unit;
+      break;
+    case RPI_DEFAULT:
+    default:
+      slot = physical_Slot(p);
+      break;
+  }
+  
+  if (slot >= 0)
+    if (rad_put_int(rad->cx.rad, RAD_NAS_PORT, slot) != 0) {
+      log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad->cx.rad));
+      rad_close(rad->cx.rad);
       return 0;
     }
 
@@ -1031,7 +1048,7 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,
     return 0;
   }
 
-  radius_put_physical_details(r->cx.rad, authp->physical);
+  radius_put_physical_details(r, authp->physical);
 
   log_Printf(LogRADIUS, "Radius(auth): %s data sent for %s\n", what, name);
 
@@ -1209,7 +1226,7 @@ radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl,
     }
   }
 
-  radius_put_physical_details(r->cx.rad, dl->physical);
+  radius_put_physical_details(r, dl->physical);
 
   if (rad_put_int(r->cx.rad, RAD_ACCT_STATUS_TYPE, acct_type) != 0 ||
       rad_put_string(r->cx.rad, RAD_ACCT_SESSION_ID, ac->session_id) != 0 ||
diff --git a/usr.sbin/ppp/radius.h b/usr.sbin/ppp/radius.h
index bba7e45..ab144a5 100644
--- a/usr.sbin/ppp/radius.h
+++ b/usr.sbin/ppp/radius.h
@@ -32,6 +32,11 @@
 #define	MPPE_TYPE_40BIT		2
 #define	MPPE_TYPE_128BIT	4
 
+#define	RPI_DEFAULT		1
+#define	RPI_PID			2
+#define	RPI_IFNUM		3
+#define	RPI_TUNNUM		4
+
 struct radius {
   struct fdescriptor desc;	/* We're a sort of (selectable) fdescriptor */
   struct {
@@ -70,6 +75,7 @@ struct radius {
     struct pppTimer timer;	/* for this long */
     int interval;
   } alive;
+  short unsigned int port_id_type;
 };
 
 struct radacct {