+ * $Id: auth.c,v 1.37 1999/02/02 09:35:17 brian Exp $

+ authp->id++;

+ (*authp->fn.req)(authp);

+auth_Init(struct authinfo *authp, struct physical *p, auth_func req,

+ auth_func success, auth_func failure)

+ memset(authp, '\0', sizeof(struct authinfo));

+ authp->cfg.fsmretry = DEF_FSMRETRY;

+ authp->fn.req = req;

+ authp->fn.success = success;

+ authp->fn.failure = failure;

+ authp->physical = p;

+auth_StartReq(struct authinfo *authp)

+ authp->authtimer.arg = (void *)authp;

+ (*authp->fn.req)(authp);

+}

+

+struct mbuf *

+auth_ReadHeader(struct authinfo *authp, struct mbuf *bp)

+{

+ int len;

+

+ len = mbuf_Length(bp);

+ if (len >= sizeof authp->in.hdr) {

+ bp = mbuf_Read(bp, (u_char *)&authp->in.hdr, sizeof authp->in.hdr);

+ if (len >= ntohs(authp->in.hdr.length))

+ return bp;

+ }

+

+ mbuf_Free(bp);

+ return NULL;

+}

+

+struct mbuf *

+auth_ReadName(struct authinfo *authp, struct mbuf *bp, int len)

+{

+ if (len > sizeof authp->in.name - 1)

+ log_Printf(LogERROR, "auth_ReadName: Name too long (%d) !\n", len);

+ else {

+ int mlen = mbuf_Length(bp);

+

+ if (len > mlen)

+ log_Printf(LogERROR, "auth_ReadName: Short packet !\n");

+ else {

+ bp = mbuf_Read(bp, (u_char *)authp->in.name, len);

+ authp->in.name[len] = '\0';

+ return bp;

+ }

+ }

+

+ *authp->in.name = '\0';

+ mbuf_Free(bp);

+ return NULL;

+ * $Id: auth.h,v 1.14 1999/02/02 09:35:17 brian Exp $

+struct authinfo;

+typedef void (*auth_func)(struct authinfo *);

+ struct {

+ auth_func req;

+ auth_func success;

+ auth_func failure;

+ } fn;

+ struct {

+ struct fsmheader hdr;

+ char name[AUTHLEN];

+ } in;

+#define auth_Failure(a) (*a->fn.failure)(a);

+#define auth_Success(a) (*a->fn.success)(a);

+extern const char *Auth2Nam(u_short);

+extern void auth_Init(struct authinfo *, struct physical *,

+ auth_func, auth_func, auth_func);

+extern void auth_StartReq(struct authinfo *);

+extern struct mbuf *auth_ReadHeader(struct authinfo *, struct mbuf *);

+extern struct mbuf *auth_ReadName(struct authinfo *, struct mbuf *, int);

+ * $Id: bundle.c,v 1.44 1999/01/28 01:56:30 brian Exp $

+#ifndef NORADIUS

+ result += descriptor_UpdateSet(&bundle->radius.desc, r, w, e, n);

+#endif

+

+#ifndef NORADIUS

+ if (descriptor_IsSet(&bundle->radius.desc, fdset))

+ return 1;

+#endif

+

+#ifndef NORADIUS

+ if (descriptor_IsSet(&bundle->radius.desc, fdset))

+ descriptor_Read(&bundle->radius.desc, bundle, fdset);

+#endif

+

+ * $Id: ccp.c,v 1.41 1999/01/28 01:56:30 brian Exp $

+ * $Id: chap.c,v 1.39 1999/01/29 22:46:31 brian Exp $

+#include <string.h>

+#define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1)

+ const u_char *ptr, int count, const char *text)

+static char *

+chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, int MSChap)

+ char *result, *digest;

+ size_t nlen, klen;

+

+ nlen = strlen(name);

+ klen = strlen(key);

+

+#ifdef HAVE_DES

+ if (MSChap) {

+ char expkey[AUTHLEN << 2];

+ MD4_CTX MD4context;

+ int f;

+

+ if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL)

+ return result;

+

+ digest = result; /* this is the response */

+ *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */

+ memset(digest, '\0', 24);

+ digest += 24;

+

+ for (f = klen; f; f--) {

+ expkey[2*f-2] = key[f-1];

+ expkey[2*f-1] = 0;

+ }

+

+ /*

+ * -----------

+ * answer = | k\0e\0y\0 |

+ * -----------

+ */

+ MD4Init(&MD4context);

+ MD4Update(&MD4context, expkey, klen << 1);

+ MD4Final(digest, &MD4context);

+ memcpy(digest + 25, name, nlen);

+

+ /*

+ * ``result'' is:

+ * ---- --------- -------------------- ------

+ * result = | 49 | 24 * \0 | digest (pad to 25) | name |

+ * ---- --------- -------------------- ------

+ */

+ chap_MS(digest, challenge + 1, *challenge);

+

+ /*

+ * ---- --------- ---------------- --- ----------

+ * result = | 49 | 24 * \0 | 24 byte digest | 1 | authname |

+ * ---- --------- ---------------- --- ----------

+ */

+ } else

+#endif

+ if ((result = malloc(nlen + 17)) != NULL) {

+ /* Normal MD5 stuff */

+ MD5_CTX MD5context;

+

+ digest = result;

+ *digest++ = 16; /* value size */

+

+ MD5Init(&MD5context);

+log_Printf(LogPHASE, "Build with 0x%x, %s & %.*s\n", id, key, *challenge, challenge+1);

+ MD5Update(&MD5context, &id, 1);

+ MD5Update(&MD5context, key, klen);

+ MD5Update(&MD5context, challenge + 1, *challenge);

+ MD5Final(digest, &MD5context);

+

+ memcpy(digest + 16, name, nlen);

+ /*

+ * ---- -------- ------

+ * result = | 16 | digest | name |

+ * ---- -------- ------

+ */

+ }

+

+ return result;

+}

+

+static void

+chap_Challenge(struct authinfo *authp)

+{

+ struct chap *chap = auth2chap(authp);

+ cp = chap->challenge;

+ if (*authp->physical->dl->bundle->radius.cfg.file) {

+ *cp++ = 16;

+ for (i = 0; i < 16; i++)

+ *cp++ = random() % (CHAPCHALLENGELEN-16) + 16;

+ for (i = 0; i < *chap->challenge; i++)

+ len = strlen(authp->physical->dl->bundle->cfg.auth.name);

+ memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len);

+ ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge,

+ cp - chap->challenge, NULL);

+chap_Success(struct authinfo *authp)

+ datalink_GotAuthname(authp->physical->dl, authp->in.name);

+ ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, "Welcome!!", 10, NULL);

+ authp->physical->link.lcp.auth_ineed = 0;

+ if (Enabled(authp->physical->dl->bundle, OPT_UTMP))

+ physical_Login(authp->physical, authp->in.name);

+ if (authp->physical->link.lcp.auth_iwait == 0)

+ * Either I didn't need to authenticate, or I've already been

+ * told that I got the answer right.

+ datalink_AuthOk(authp->physical->dl);

+chap_Failure(struct authinfo *authp)

+ ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL);

+ datalink_AuthNotOk(authp->physical->dl);

+chap_Init(struct chap *chap, struct physical *p)

+ auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure);

+ *chap->challenge = 0;

+ chap->using_MSChap = 0;

+}

+

+void

+chap_Input(struct physical *p, struct mbuf *bp)

+{

+ struct chap *chap = &p->dl->chap;

+ char *name, *key, *ans, *myans;

+ int len, nlen;

+ u_char alen;

+

+ if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL)

+ log_Printf(LogERROR, "Chap Input: Truncated header !\n");

+ else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE)

+ log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n",

+ chap->auth.in.hdr.code);

+ else {

+ len = mbuf_Length(bp);

+ ans = NULL;

+

+ if (chap->auth.in.hdr.code != CHAP_CHALLENGE &&

+ chap->auth.id != chap->auth.in.hdr.id &&

+ Enabled(p->dl->bundle, OPT_IDCHECK)) {

+ /* Wrong conversation dude ! */

+ log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n",

+ chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id,

+ chap->auth.id);

+ mbuf_Free(bp);

+ return;

+ }

+ chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */

+

+ switch (chap->auth.in.hdr.code) {

+ case CHAP_CHALLENGE:

+ bp = mbuf_Read(bp, chap->challenge, 1);

+ len -= *chap->challenge + 1;

+ if (len < 0) {

+ log_Printf(LogERROR, "Chap Input: Truncated challenge !\n");

+ mbuf_Free(bp);

+ return;

+ }

+ bp = mbuf_Read(bp, chap->challenge + 1, *chap->challenge);

+ bp = auth_ReadName(&chap->auth, bp, len);

+ break;

+

+ auth_StopTimer(&chap->auth);

+ bp = mbuf_Read(bp, &alen, 1);

+ len -= alen + 1;

+ if (len < 0) {

+ log_Printf(LogERROR, "Chap Input: Truncated response !\n");

+ mbuf_Free(bp);

+ return;

+ }

+ if ((ans = malloc(alen + 2)) == NULL) {

+ log_Printf(LogERROR, "Chap Input: Out of memory !\n");

+ mbuf_Free(bp);

+ return;

+ }

+ *ans = chap->auth.id;

+ bp = mbuf_Read(bp, ans + 1, alen);

+ ans[alen+1] = '\0';

+ bp = auth_ReadName(&chap->auth, bp, len);

+ break;

+

+ case CHAP_SUCCESS:

+ case CHAP_FAILURE:

+ /* chap->auth.in.name is already set up at CHALLENGE time */

+ if ((ans = malloc(len + 1)) == NULL) {

+ log_Printf(LogERROR, "Chap Input: Out of memory !\n");

+ mbuf_Free(bp);

+ return;

+ }

+ bp = mbuf_Read(bp, ans, len);

+ ans[len] = '\0';

+ break;

+ }

+

+ switch (chap->auth.in.hdr.code) {

+ case CHAP_RESPONSE:

+ if (*chap->auth.in.name)

+ log_Printf(LogPHASE, "Chap Input: %s (from %s)\n",

+ chapcodes[chap->auth.in.hdr.code], chap->auth.in.name);

+ else

+ log_Printf(LogPHASE, "Chap Input: %s\n",

+ chapcodes[chap->auth.in.hdr.code]);

+ break;

+

+ if (*ans)

+ log_Printf(LogPHASE, "Chap Input: %s (%s)\n",

+ chapcodes[chap->auth.in.hdr.code], ans);

+ else

+ log_Printf(LogPHASE, "Chap Input: %s\n",

+ chapcodes[chap->auth.in.hdr.code]);

+ break;

+

+ switch (chap->auth.in.hdr.code) {

+ case CHAP_CHALLENGE:

+ name = p->dl->bundle->cfg.auth.name;

+ nlen = strlen(name);

+ key = p->dl->bundle->cfg.auth.key;

+ myans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge, 0);

+ if (myans) {

+ ChapOutput(p, CHAP_RESPONSE, chap->auth.id, myans,

+ *myans + 1 + nlen, name);

+ free(myans);

+ } else

+ ChapOutput(p, CHAP_FAILURE, chap->auth.id, "Out of memory!",

+ 14, NULL);

+ break;

+

+ case CHAP_RESPONSE:

+ name = chap->auth.in.name;

+ nlen = strlen(name);

+#ifndef NORADIUS

+ if (*p->dl->bundle->radius.cfg.file) {

+ chap->challenge[*chap->challenge+1] = '\0';

+log_Printf(LogPHASE, "Challenge %s, answer is %d bytes starting with %d\n", chap->challenge+1, alen+1, *ans);

+ radius_Authenticate(&p->dl->bundle->radius, &chap->auth,

+ chap->auth.in.name, ans, chap->challenge + 1);

+ } else

+#endif

+ {

+ key = auth_GetSecret(p->dl->bundle, name, nlen, p);

+ if (key) {

+ myans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge,

+ chap->using_MSChap);

+ if (myans == NULL)

+ key = NULL;

+ else {

+ if (memcmp(myans, ans, 1 + *myans))

+ key = NULL;

+ free(myans);

+ }

+ }

+

+ if (key)

+ chap_Success(&chap->auth);

+ else

+ chap_Failure(&chap->auth);

+ }

+

+ break;

+

+ case CHAP_SUCCESS:

+ if (p->link.lcp.auth_iwait == PROTO_CHAP) {

+ p->link.lcp.auth_iwait = 0;

+ if (p->link.lcp.auth_ineed == 0)

+ /*

+ * We've succeeded in our ``login''

+ * If we're not expecting the peer to authenticate (or he already

+ * has), proceed to network phase.

+ */

+ datalink_AuthOk(p->dl);

+ }

+ break;

+

+ case CHAP_FAILURE:

+ datalink_AuthNotOk(p->dl);

+ break;

+ }

+ free(ans);

+

+ * $Id: chap.h,v 1.10 1998/05/21 21:44:27 brian Exp $

+ char challenge[CHAPCHALLENGELEN + AUTHLEN];

+extern void chap_Init(struct chap *, struct physical *);

+extern void chap_Input(struct physical *, struct mbuf *);

+ * $Id: datalink.c,v 1.28 1999/02/02 09:35:17 brian Exp $

+ datalink_GotAuthname(dl, "");

+ auth_StartReq(&dl->pap);

+ auth_StartReq(&dl->chap.auth);

+datalink_GotAuthname(struct datalink *dl, const char *name)

+ strncpy(dl->peer.authname, name, sizeof dl->peer.authname - 1);

+ dl->peer.authname[sizeof dl->peer.authname - 1] = '\0';

+

+ pap_Init(&dl->pap, dl->physical);

+ chap_Init(&dl->chap, dl->physical);

+ pap_Init(&dl->pap, dl->physical);

+ dl->pap.cfg.fsmretry = odl->pap.cfg.fsmretry;

+

+ chap_Init(&dl->chap, dl->physical);

+ dl->chap.auth.cfg.fsmretry = odl->chap.auth.cfg.fsmretry;

+

+ retry = dl->pap.cfg.fsmretry;

+ pap_Init(&dl->pap, dl->physical);

+ dl->pap.cfg.fsmretry = retry;

+

+ retry = dl->chap.auth.cfg.fsmretry;

+ chap_Init(&dl->chap, dl->physical);

+ dl->chap.auth.cfg.fsmretry = retry;

+

+ * $Id: datalink.h,v 1.5 1998/08/07 18:42:48 brian Exp $

+extern void datalink_GotAuthname(struct datalink *, const char *);

+ * $Id: descriptor.h,v 1.4 1998/06/24 19:33:31 brian Exp $

+#define RADIUS_DESCRIPTOR (8)

+ * $Id: hdlc.c,v 1.37 1999/01/28 01:56:32 brian Exp $

+ pap_Input(p, bp);

+ chap_Input(p, bp);

+ * $Id: ipcp.c,v 1.70 1999/02/02 20:27:12 brian Exp $

+ * $Id: link.c,v 1.6 1998/08/26 18:07:56 brian Exp $

+ * $Id: main.c,v 1.149 1999/02/02 09:35:29 brian Exp $

+ log_Printf(LogTIMER, "Select returns %d\n", i);

+

+ * $Id: mbuf.c,v 1.22 1998/08/25 17:48:42 brian Exp $

+ if (bp->cnt == 0)

+ * $Id: pap.c,v 1.30 1999/02/02 09:35:17 brian Exp $

+#include <stdlib.h>

+#define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1)

+static void

+pap_Req(struct authinfo *authp)

+ struct bundle *bundle = authp->physical->dl->bundle;

+ namelen = strlen(bundle->cfg.auth.name);

+ keylen = strlen(bundle->cfg.auth.key);

+ log_Printf(LogDEBUG, "pap_Req: namelen = %d, keylen = %d\n", namelen, keylen);

+ log_Printf(LogPHASE, "Pap Output: %s ********\n", bundle->cfg.auth.name);

+ if (*bundle->cfg.auth.name == '\0')

+ lh.id = authp->id;

+ memcpy(cp, bundle->cfg.auth.name, namelen);

+ memcpy(cp, bundle->cfg.auth.key, keylen);

+ hdlc_Output(&authp->physical->link, PRI_LINK, PROTO_PAP, bp);

+SendPapCode(struct authinfo *authp, int code, const char *message)

+ lh.id = authp->id;

+

+ hdlc_Output(&authp->physical->link, PRI_LINK, PROTO_PAP, bp);

+static void

+pap_Success(struct authinfo *authp)

+ datalink_GotAuthname(authp->physical->dl, authp->in.name);

+ SendPapCode(authp, PAP_ACK, "Greetings!!");

+ authp->physical->link.lcp.auth_ineed = 0;

+ if (Enabled(authp->physical->dl->bundle, OPT_UTMP))

+ physical_Login(authp->physical, authp->in.name);

+

+ if (authp->physical->link.lcp.auth_iwait == 0)

+ /*

+ * Either I didn't need to authenticate, or I've already been

+ * told that I got the answer right.

+ */

+ datalink_AuthOk(authp->physical->dl);

+}

+static void

+pap_Failure(struct authinfo *authp)

+{

+ SendPapCode(authp, PAP_NAK, "Login incorrect");

+ datalink_AuthNotOk(authp->physical->dl);

+}

+void

+pap_Init(struct authinfo *pap, struct physical *p)

+{

+ auth_Init(pap, p, pap_Req, pap_Success, pap_Failure);

+pap_Input(struct physical *p, struct mbuf *bp)

+ struct authinfo *authp = &p->dl->pap;

+ u_char nlen, klen, *key;

+

+ if ((bp = auth_ReadHeader(authp, bp)) == NULL)

+ return;

+

+ if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {

+ log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code);

+ mbuf_Free(bp);

+ return;

+ }

+

+ if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id &&

+ Enabled(p->dl->bundle, OPT_IDCHECK)) {

+ /* Wrong conversation dude ! */

+ log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n",

+ papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id);

+ mbuf_Free(bp);

+ return;

+ }

+ authp->id = authp->in.hdr.id; /* We respond with this id */

+

+ if (bp) {

+ bp = mbuf_Read(bp, &nlen, 1);

+ bp = auth_ReadName(authp, bp, nlen);

+ }

+

+ log_Printf(LogPHASE, "Pap Input: %s (%s)\n",

+ papcodes[authp->in.hdr.code], authp->in.name);

+

+ switch (authp->in.hdr.code) {

+ case PAP_REQUEST:

+ if (bp == NULL) {

+ log_Printf(LogPHASE, "Pap Input: No key given !\n");

+ break;

+ }

+ bp = mbuf_Read(bp, &klen, 1);

+ if (mbuf_Length(bp) < klen) {

+ log_Printf(LogERROR, "Pap Input: Truncated key !\n");

+ break;

+ }

+ if ((key = malloc(klen+1)) == NULL) {

+ log_Printf(LogERROR, "Pap Input: Out of memory !\n");

+ break;

+ }

+ bp = mbuf_Read(bp, key, klen);

+ key[klen] = '\0';

+

+#ifndef NORADIUS

+ if (*p->dl->bundle->radius.cfg.file)

+ radius_Authenticate(&p->dl->bundle->radius, authp, authp->in.name,

+ key, NULL);

+ else

+#endif

+ if (auth_Validate(p->dl->bundle, authp->in.name, key, p))

+ pap_Success(authp);

+ else

+ pap_Failure(authp);

+

+ free(key);

+ break;

+ case PAP_ACK:

+ auth_StopTimer(authp);

+ if (p->link.lcp.auth_iwait == PROTO_PAP) {

+ p->link.lcp.auth_iwait = 0;

+ if (p->link.lcp.auth_ineed == 0)

+ /*

+ * We've succeeded in our ``login''

+ * If we're not expecting the peer to authenticate (or he already

+ * has), proceed to network phase.

+ */

+ datalink_AuthOk(p->dl);

+ break;

+

+ case PAP_NAK:

+ auth_StopTimer(authp);

+ datalink_AuthNotOk(p->dl);

+ break;

+

+ * $Id: pap.h,v 1.8 1999/02/02 09:35:17 brian Exp $

+extern void pap_Init(struct authinfo *, struct physical *);

+extern void pap_Input(struct physical *, struct mbuf *);

+ * $Id: radius.c,v 1.2 1999/01/29 22:46:31 brian Exp $

+#include <sys/time.h>

+#include "auth.h"

+#include "async.h"

+#include "physical.h"

+#include "chat.h"

+#include "cbcp.h"

+#include "chap.h"

+#include "datalink.h"

+/*

+ * rad_continue_send_request() has given us `got' (non-zero). Deal with it.

+ */

+static void

+radius_Process(struct radius *r, int got)

+ struct bundle *bundle;

+ int len, argc, addrs;

+ const void *data;

+ r->cx.fd = -1; /* Stop select()ing */

+ log_Printf(LogPHASE, "Radius: ACCEPT received\n");

+ case RAD_ACCESS_REJECT:

+ log_Printf(LogPHASE, "Radius: REJECT received\n");

+ auth_Failure(r->cx.auth);

+ rad_close(r->cx.rad);

+ return;

+

+ log_Printf(LogPHASE, "Radius: CHALLENGE received (can't handle yet)\n");

+ auth_Failure(r->cx.auth);

+ rad_close(r->cx.rad);

+ return;

+ log_Printf(LogPHASE, "radius: %s\n", rad_strerror(r->cx.rad));

+ auth_Failure(r->cx.auth);

+ rad_close(r->cx.rad);

+ return;

+ got, rad_strerror(r->cx.rad));

+ auth_Failure(r->cx.auth);

+ rad_close(r->cx.rad);

+ return;

+ while ((got = rad_get_attr(r->cx.rad, &data, &len)) > 0) {

+ log_Printf(LogPHASE, " IP %s\n", inet_ntoa(r->ip));

+ log_Printf(LogPHASE, " Netmask %s\n", inet_ntoa(r->mask));

+ log_Printf(LogPHASE, " MTU %lu\n", r->mtu);

+ log_Printf(LogPHASE, " VJ %sabled\n", r->vj ? "en" : "dis");

+ log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));

+ rad_close(r->cx.rad);

+ return;

+ log_Printf(LogPHASE, " Route: %s\n", nuke);

+ bundle = r->cx.auth->physical->dl->bundle;

+ log_Printf(LogERROR, "rad_get_attr: %s (failing!)\n",

+ rad_strerror(r->cx.rad));

+ auth_Failure(r->cx.auth);

+ rad_close(r->cx.rad);

+ } else {

+ r->valid = 1;

+ auth_Success(r->cx.auth);

+ rad_close(r->cx.rad);

+ }

+}

+

+/*

+ * We've either timed out or select()ed on the read descriptor

+ */

+static void

+radius_Continue(struct radius *r, int sel)

+{

+ struct timeval tv;

+ int got;

+

+ timer_Stop(&r->cx.timer);

+ if ((got = rad_continue_send_request(r->cx.rad, sel, &r->cx.fd, &tv)) == 0) {

+ log_Printf(LogPHASE, "Radius: Request re-sent\n");

+ r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;

+ timer_Start(&r->cx.timer);

+ return;

+ radius_Process(r, got);

+}

+/*

+ * Time to call rad_continue_send_request() - timed out.

+ */

+static void

+radius_Timeout(void *v)

+{

+ radius_Continue((struct radius *)v, 0);

+/*

+ * Time to call rad_continue_send_request() - something to read.

+ */

+static void

+radius_Read(struct descriptor *d, struct bundle *bundle, const fd_set *fdset)

+{

+ radius_Continue(descriptor2radius(d), 1);

+}

+

+/*

+ * Behave as a struct descriptor (descriptor.h)

+ */

+static int

+radius_UpdateSet(struct descriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n)

+{

+ struct radius *rad = descriptor2radius(d);

+

+ if (r && rad->cx.fd != -1) {

+ FD_SET(rad->cx.fd, r);

+ if (*n < rad->cx.fd + 1)

+ *n = rad->cx.fd + 1;

+ log_Printf(LogTIMER, "Radius: fdset(r) %d\n", rad->cx.fd);

+ return 1;

+ }

+

+ return 0;

+}

+

+/*

+ * Behave as a struct descriptor (descriptor.h)

+ */

+static int

+radius_IsSet(struct descriptor *d, const fd_set *fdset)

+{

+ struct radius *r = descriptor2radius(d);

+

+ return r && r->cx.fd != -1 && FD_ISSET(r->cx.fd, fdset);

+}

+

+/*

+ * Behave as a struct descriptor (descriptor.h)

+ */

+static int

+radius_Write(struct descriptor *d, struct bundle *bundle, const fd_set *fdset)

+{

+ /* We never want to write here ! */

+ log_Printf(LogALERT, "radius_Write: Internal error: Bad call !\n");

+ return 0;

+}

+

+/*

+ * Initialise ourselves

+ */

+void

+radius_Init(struct radius *r)

+{

+ r->valid = 0;

+ r->cx.fd = -1;

+ *r->cfg.file = '\0';;

+ r->desc.type = RADIUS_DESCRIPTOR;

+ r->desc.UpdateSet = radius_UpdateSet;

+ r->desc.IsSet = radius_IsSet;

+ r->desc.Read = radius_Read;

+ r->desc.Write = radius_Write;

+ memset(&r->cx.timer, '\0', sizeof r->cx.timer);

+}

+

+/*

+ * Forget everything and go back to initialised state.

+ */

+void

+radius_Destroy(struct radius *r)

+{

+ r->valid = 0;

+ timer_Stop(&r->cx.timer);

+ route_DeleteAll(&r->routes);

+ if (r->cx.fd != -1) {

+ r->cx.fd = -1;

+ rad_close(r->cx.rad);

+ }

+}

+

+/*

+ * Start an authentication request to the RADIUS server.

+ */

+void

+radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,

+ const char *key, const char *challenge)

+{

+ struct timeval tv;

+ int got;

+

+ if (!*r->cfg.file)

+ return;

+

+ if (r->cx.fd != -1)

+ /*

+ * We assume that our name/key/challenge is the same as last time,

+ * and just continue to wait for the RADIUS server(s).

+ */

+ return;

+

+ radius_Destroy(r);

+

+ if ((r->cx.rad = rad_open()) == NULL) {

+ log_Printf(LogERROR, "rad_open: %s\n", strerror(errno));

+ return;

+ }

+

+ if (rad_config(r->cx.rad, r->cfg.file) != 0) {

+ log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(r->cx.rad));

+ rad_close(r->cx.rad);

+ return;

+ }

+

+ if (rad_create_request(r->cx.rad, RAD_ACCESS_REQUEST) != 0) {

+ log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(r->cx.rad));

+ rad_close(r->cx.rad);

+ return;

+ }

+

+ if (rad_put_string(r->cx.rad, RAD_USER_NAME, name) != 0 ||

+ rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 ||

+ rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) {

+ log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));

+ rad_close(r->cx.rad);

+ return;

+ }

+

+ if (challenge != NULL) {

+ /* We're talking CHAP */

+ if (rad_put_string(r->cx.rad, RAD_CHAP_PASSWORD, key) != 0 ||

+ rad_put_string(r->cx.rad, RAD_CHAP_CHALLENGE, challenge) != 0) {

+ log_Printf(LogERROR, "CHAP: rad_put_string: %s\n",

+ rad_strerror(r->cx.rad));

+ rad_close(r->cx.rad);

+ return;

+ }

+ } else if (rad_put_string(r->cx.rad, RAD_USER_PASSWORD, key) != 0) {

+ /* We're talking PAP */

+ log_Printf(LogERROR, "PAP: rad_put_string: %s\n", rad_strerror(r->cx.rad));

+ rad_close(r->cx.rad);

+ return;

+ }

+

+ if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))

+ radius_Process(r, got);

+ else {

+ log_Printf(LogPHASE, "Radius: Request sent\n");

+ log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout);

+ r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;

+ r->cx.timer.func = radius_Timeout;

+ r->cx.timer.name = "radius";

+ r->cx.timer.arg = r;

+ r->cx.auth = authp;

+ timer_Start(&r->cx.timer);

+ }

+}

+

+/*

+ * How do things look at the moment ?

+ */

+ * $Id: radius.h,v 1.1 1999/01/28 01:56:34 brian Exp $

+ struct descriptor desc; /* We're a sort of (selectable) descriptor */

+ struct {

+ int fd; /* We're selecting on this */

+ struct rad_handle *rad; /* Using this to talk to our lib */

+ struct pppTimer timer; /* for this long */

+ struct authinfo *auth; /* Tell this about success/failure */

+ } cx;

+#define descriptor2radius(d) \

+ ((d)->type == RADIUS_DESCRIPTOR ? (struct radius *)(d) : NULL)

+

+extern void radius_Authenticate(struct radius *, struct authinfo *,

+ const char *, const char *, const char *);

+ * $Id: vjcomp.c,v 1.24 1999/01/28 01:56:34 brian Exp $