--- embedaddon/mpd/src/radius.c 2012/02/21 23:32:47 1.1.1.1 +++ embedaddon/mpd/src/radius.c 2016/11/02 09:50:34 1.1.1.4 @@ -1,7 +1,7 @@ /* * See ``COPYRIGHT.mpd'' * - * $Id: radius.c,v 1.1.1.1 2012/02/21 23:32:47 misho Exp $ + * $Id: radius.c,v 1.1.1.4 2016/11/02 09:50:34 misho Exp $ * */ @@ -45,11 +45,16 @@ static int RadiusPutAcct(AuthData auth); static int RadiusGetParams(AuthData auth, int eap_proxy); static int RadiusSendRequest(AuthData auth); + static void RadiusLogError(AuthData auth, const char *errmsg); /* Set menu options */ enum { + UNSET_SERVER, SET_SERVER, +#ifdef HAVE_RAD_BIND + SET_SRC_ADDR, +#endif SET_ME, SET_MEV6, SET_IDENTIFIER, @@ -63,10 +68,19 @@ /* * GLOBAL VARIABLES */ - + const struct cmdtab RadiusUnSetCmds[] = { + { "server {name} [{auth port}] [{acct port}]", "Unset (remove) radius server" , + RadiusSetCommand, NULL, 2, (void *) UNSET_SERVER }, + { NULL }, + }; + const struct cmdtab RadiusSetCmds[] = { { "server {name} {secret} [{auth port}] [{acct port}]", "Set radius server parameters" , RadiusSetCommand, NULL, 2, (void *) SET_SERVER }, +#ifdef HAVE_RAD_BIND + { "src-addr {ip}", "Set source address for request" , + RadiusSetCommand, NULL, 2, (void *) SET_SRC_ADDR }, +#endif { "me {ip}", "Set NAS IP address" , RadiusSetCommand, NULL, 2, (void *) SET_ME }, { "v6me {ip}", "Set NAS IPv6 address" , @@ -190,20 +204,19 @@ RadiusEapProxy(void *arg) AuthData auth = (AuthData)arg; int pos = 0, mlen = RAD_MAX_ATTR_LEN; - Log(LG_RADIUS, ("[%s] RADIUS: EAP proxying user '%s'", + Log(LG_RADIUS, ("[%s] RADIUS: EAP proxying user '%s'", auth->info.lnkname, auth->params.authname)); if (RadiusStart(auth, RAD_ACCESS_REQUEST) == RAD_NACK) { - auth->status = AUTH_STATUS_FAIL; + auth->status = AUTH_STATUS_FAIL; return; } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_NAME: %s", auth->info.lnkname, auth->params.authname)); if (rad_put_string(auth->radius.handle, RAD_USER_NAME, auth->params.authname) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_USER_NAME failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - auth->status = AUTH_STATUS_FAIL; + RadiusLogError(auth, "Put RAD_USER_NAME failed"); + auth->status = AUTH_STATUS_FAIL; return; } @@ -217,9 +230,8 @@ RadiusEapProxy(void *arg) auth->info.lnkname, mlen, auth->params.eapmsg_len)); memcpy(chunk, &auth->params.eapmsg[pos], mlen); if (rad_put_attr(auth->radius.handle, RAD_EAP_MESSAGE, chunk, mlen) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_EAP_MESSAGE failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - auth->status = AUTH_STATUS_FAIL; + RadiusLogError(auth, "Put RAD_EAP_MESSAGE failed"); + auth->status = AUTH_STATUS_FAIL; return; } } @@ -254,6 +266,9 @@ RadStat(Context ctx, int ac, char *av[], void *arg) Printf("\tTimeout : %d\r\n", conf->radius_timeout); Printf("\tRetries : %d\r\n", conf->radius_retries); Printf("\tConfig-file : %s\r\n", (conf->file ? conf->file : "none")); +#ifdef HAVE_RAD_BIND + Printf("\tSrc address : %s\r\n", inet_ntoa(conf->src_addr)); +#endif Printf("\tMe (NAS-IP) : %s\r\n", inet_ntoa(conf->radius_me)); Printf("\tv6Me (NAS-IP): %s\r\n", u_addrtoa(&conf->radius_mev6, buf1, sizeof(buf1))); Printf("\tIdentifier : %s\r\n", (conf->identifier ? conf->identifier : "")); @@ -290,6 +305,7 @@ RadStat(Context ctx, int ac, char *av[], void *arg) Printf("\tClass : 0x%s\r\n", buf); Freee(buf); + Printf("\tFilter Id : %s\r\n", (a->params.filter_id ? a->params.filter_id : "")); return (0); } @@ -313,8 +329,7 @@ RadiusAddServer(AuthData auth, short request_type) s->sharedsecret, c->radius_timeout, c->radius_retries) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Adding server error: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Adding server error"); return (RAD_NACK); } } @@ -325,14 +340,17 @@ RadiusAddServer(AuthData auth, short request_type) s->sharedsecret, c->radius_timeout, c->radius_retries) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Adding server error: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Adding server error"); return (RAD_NACK); } } s = s->next; } +#ifdef HAVE_RAD_BIND + if (c->src_addr.s_addr != INADDR_ANY) + rad_bind_to(auth->radius.handle, c->src_addr.s_addr); +#endif return (RAD_ACK); } @@ -344,6 +362,7 @@ RadiusSetCommand(Context ctx, int ac, char *av[], void RadConf const conf = &ctx->lnk->lcp.auth.conf.radius; RadServe_Conf server; RadServe_Conf t_server; + RadServe_Conf next, prev; int val, count; struct u_addr t; int auth_port = 1812; @@ -354,6 +373,37 @@ RadiusSetCommand(Context ctx, int ac, char *av[], void switch ((intptr_t)arg) { + case UNSET_SERVER: + + if (ac > 3 || ac < 1) { + return(-1); + } + for ( prev = NULL, t_server = conf->server ; + t_server != NULL && (next = t_server->next, 1) ; + prev = t_server, t_server = next) { + + if (strcmp(t_server->hostname, av[0]) != 0) + continue; + if (ac > 1 && t_server->auth_port != atoi(av[1])) + continue; + if (ac > 2 && t_server->acct_port != atoi(av[2])) + continue; + + if (t_server == conf->server) { + conf->server = t_server->next; + } else { + prev->next = t_server->next; + t_server->next = NULL; + } + + Freee(t_server->hostname); + Freee(t_server->sharedsecret); + Freee(t_server); + t_server = prev; + } + + break; + case SET_SERVER: if (ac > 4 || ac < 2) { return(-1); @@ -397,9 +447,18 @@ RadiusSetCommand(Context ctx, int ac, char *av[], void break; +#ifdef HAVE_RAD_BIND + case SET_SRC_ADDR: + if (ParseAddr(*av, &t, ALLOW_IPV4)) { + u_addrtoin_addr(&t, &conf->src_addr); + } else + Error("Bad Src address '%s'.", *av); + break; +#endif + case SET_ME: if (ParseAddr(*av, &t, ALLOW_IPV4)) { - u_addrtoin_addr(&t,&conf->radius_me); + u_addrtoin_addr(&t, &conf->radius_me); } else Error("Bad NAS address '%s'.", *av); break; @@ -469,13 +528,15 @@ RadiusOpen(AuthData auth, short request_type) if (request_type == RAD_ACCESS_REQUEST) { if ((auth->radius.handle = rad_open()) == NULL) { - Log(LG_RADIUS, ("[%s] RADIUS: rad_open failed", auth->info.lnkname)); + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: rad_open failed", + auth->info.lnkname)); return (RAD_NACK); } } else { /* RAD_ACCOUNTING_REQUEST */ if ((auth->radius.handle = rad_acct_open()) == NULL) { - Log(LG_RADIUS, ("[%s] RADIUS: rad_acct_open failed", auth->info.lnkname)); + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: rad_acct_open failed", + auth->info.lnkname)); return (RAD_NACK); } } @@ -483,8 +544,7 @@ RadiusOpen(AuthData auth, short request_type) if (conf->file && strlen(conf->file)) { Log(LG_RADIUS2, ("[%s] RADIUS: using %s", auth->info.lnkname, conf->file)); if (rad_config(auth->radius.handle, conf->file) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: rad_config: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "rad_config"); return (RAD_NACK); } } @@ -517,7 +577,8 @@ RadiusStart(AuthData auth, short request_type) tmpval = conf->identifier; } else { if (gethostname(host, sizeof(host)) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: gethostname() for RAD_NAS_IDENTIFIER failed", + Log(LG_ERR|LG_RADIUS, + ("[%s] RADIUS: gethostname() for RAD_NAS_IDENTIFIER failed", auth->info.lnkname)); return (RAD_NACK); } @@ -526,8 +587,7 @@ RadiusStart(AuthData auth, short request_type) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_IDENTIFIER: %s", auth->info.lnkname, tmpval)); if (rad_put_string(auth->radius.handle, RAD_NAS_IDENTIFIER, tmpval) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_IDENTIFIER failed %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_NAS_IDENTIFIER failed"); return (RAD_NACK); } @@ -535,19 +595,21 @@ RadiusStart(AuthData auth, short request_type) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_IP_ADDRESS: %s", auth->info.lnkname, inet_ntoa(conf->radius_me))); if (rad_put_addr(auth->radius.handle, RAD_NAS_IP_ADDRESS, conf->radius_me) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_IP_ADDRESS failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + RadiusLogError(auth, "Put RAD_NAS_IP_ADDRESS failed"); + return (RAD_NACK); } } if (!u_addrempty(&conf->radius_mev6)) { Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_IPV6_ADDRESS: %s", auth->info.lnkname, u_addrtoa(&conf->radius_mev6,buf,sizeof(buf)))); +#ifdef HAVE_RAD_ADDR6 + if (rad_put_addr6(auth->radius.handle, RAD_NAS_IPV6_ADDRESS, conf->radius_mev6.u.ip6) == -1) { +#else if (rad_put_attr(auth->radius.handle, RAD_NAS_IPV6_ADDRESS, &conf->radius_mev6.u.ip6, sizeof(conf->radius_mev6.u.ip6)) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_IPV6_ADDRESS failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); +#endif + RadiusLogError(auth, "Put RAD_NAS_IPV6_ADDRESS failed"); + return (RAD_NACK); } } @@ -559,25 +621,22 @@ RadiusStart(AuthData auth, short request_type) && request_type != RAD_ACCOUNTING_REQUEST) { Log(LG_RADIUS2, ("[%s] RADIUS: Put Message Authenticator", auth->info.lnkname)); if (rad_put_message_authentic(auth->radius.handle) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put message_authentic failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + RadiusLogError(auth, "Put message_authentic failed"); + return (RAD_NACK); } } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_SESSION_ID: %s", auth->info.lnkname, auth->info.session_id)); if (rad_put_string(auth->radius.handle, RAD_ACCT_SESSION_ID, auth->info.session_id) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_SESSION_ID: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_ACCT_SESSION_ID failed"); return (RAD_NACK); } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_PORT: %d", auth->info.lnkname, auth->info.linkID)); if (rad_put_int(auth->radius.handle, RAD_NAS_PORT, auth->info.linkID) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_PORT failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_NAS_PORT failed"); return (RAD_NACK); } @@ -602,24 +661,21 @@ RadiusStart(AuthData auth, short request_type) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_PORT_TYPE: %d", auth->info.lnkname, porttype)); if (rad_put_int(auth->radius.handle, RAD_NAS_PORT_TYPE, porttype) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_PORT_TYPE failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_NAS_PORT_TYPE failed"); return (RAD_NACK); } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_SERVICE_TYPE: RAD_FRAMED", auth->info.lnkname)); if (rad_put_int(auth->radius.handle, RAD_SERVICE_TYPE, RAD_FRAMED) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_SERVICE_TYPE failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_SERVICE_TYPE failed"); return (RAD_NACK); } - + Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_FRAMED_PROTOCOL: RAD_PPP", auth->info.lnkname)); if (rad_put_int(auth->radius.handle, RAD_FRAMED_PROTOCOL, RAD_PPP) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_FRAMED_PROTOCOL failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_FRAMED_PROTOCOL failed"); return (RAD_NACK); } @@ -628,9 +684,8 @@ RadiusStart(AuthData auth, short request_type) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_STATE: 0x%s", auth->info.lnkname, tmpval)); Freee(tmpval); if (rad_put_attr(auth->radius.handle, RAD_STATE, auth->params.state, auth->params.state_len) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_STATE failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + RadiusLogError(auth, "Put RAD_STATE failed"); + return (RAD_NACK); } } @@ -639,26 +694,23 @@ RadiusStart(AuthData auth, short request_type) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CLASS: 0x%s", auth->info.lnkname, tmpval)); Freee(tmpval); if (rad_put_attr(auth->radius.handle, RAD_CLASS, auth->params.class, auth->params.class_len) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_CLASS failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + RadiusLogError(auth, "Put RAD_CLASS failed"); + return (RAD_NACK); } } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CALLING_STATION_ID: %s", - auth->info.lnkname, auth->params.callingnum)); + auth->info.lnkname, auth->params.callingnum)); if (rad_put_string(auth->radius.handle, RAD_CALLING_STATION_ID, - auth->params.callingnum) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_CALLING_STATION_ID failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + auth->params.callingnum) == -1) { + RadiusLogError(auth, "Put RAD_CALLING_STATION_ID failed"); + return (RAD_NACK); } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CALLED_STATION_ID: %s", auth->info.lnkname, auth->params.callednum)); if (rad_put_string(auth->radius.handle, RAD_CALLED_STATION_ID, - auth->params.callednum) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_CALLED_STATION_ID failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + auth->params.callednum) == -1) { + RadiusLogError(auth, "Put RAD_CALLED_STATION_ID failed"); return (RAD_NACK); } @@ -667,26 +719,23 @@ RadiusStart(AuthData auth, short request_type) auth->info.lnkname, auth->params.peeriface)); if (rad_put_string(auth->radius.handle, RAD_NAS_PORT_ID, auth->params.peeriface) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_PORT_ID failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + RadiusLogError(auth, "Put RAD_NAS_PORT_ID failed"); + return (RAD_NACK); } } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_LINK: %s", - auth->info.lnkname, auth->info.lnkname)); + auth->info.lnkname, auth->info.lnkname)); if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_LINK, auth->info.lnkname) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_LINK: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); - return (RAD_NACK); + RadiusLogError(auth, "Put RAD_MPD_LINK failed"); + return (RAD_NACK); } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_PEER_IDENT: %s", auth->info.lnkname, auth->info.peer_ident)); if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_PEER_IDENT, auth->info.peer_ident) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_PEER_IDENT failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MPD_PEER_IDENT failed"); return (RAD_NACK); } @@ -722,8 +771,7 @@ RadiusStart(AuthData auth, short request_type) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_TYPE: %d", auth->info.lnkname, porttype)); if (rad_put_int(auth->radius.handle, RAD_TUNNEL_TYPE, porttype) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_TYPE failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_TUNNEL_TYPE failed"); return (RAD_NACK); } } @@ -741,8 +789,7 @@ RadiusStart(AuthData auth, short request_type) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_MEDIUM_TYPE: %d", auth->info.lnkname, porttype)); if (rad_put_int(auth->radius.handle, RAD_TUNNEL_MEDIUM_TYPE, porttype) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_MEDIUM_TYPE failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_TUNNEL_MEDIUM_TYPE failed"); return (RAD_NACK); } if (auth->info.originate == LINK_ORIGINATE_LOCAL) { @@ -752,12 +799,11 @@ RadiusStart(AuthData auth, short request_type) } if (tmpval[0]) { Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_SERVER_ENDPOINT: %s", - auth->info.lnkname, tmpval)); + auth->info.lnkname, tmpval)); if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_SERVER_ENDPOINT, - 0, tmpval) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_SERVER_ENDPOINT failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + 0, tmpval) == -1) { + RadiusLogError(auth, "Put RAD_TUNNEL_SERVER_ENDPOINT failed"); + return (RAD_NACK); } } if (auth->info.originate == LINK_ORIGINATE_LOCAL) { @@ -767,12 +813,11 @@ RadiusStart(AuthData auth, short request_type) } if (tmpval[0]) { Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_CLIENT_ENDPOINT: %s", - auth->info.lnkname, tmpval)); + auth->info.lnkname, tmpval)); if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_CLIENT_ENDPOINT, - 0, tmpval) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_CLIENT_ENDPOINT failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + 0, tmpval) == -1) { + RadiusLogError(auth, "Put RAD_TUNNEL_CLIENT_ENDPOINT failed"); + return (RAD_NACK); } } if (auth->info.originate == LINK_ORIGINATE_LOCAL) { @@ -782,12 +827,11 @@ RadiusStart(AuthData auth, short request_type) } if (tmpval[0]) { Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_SERVER_AUTH_ID: %s", - auth->info.lnkname, tmpval)); + auth->info.lnkname, tmpval)); if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_SERVER_AUTH_ID, - 0, tmpval) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_SERVER_AUTH_ID failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + 0, tmpval) == -1) { + RadiusLogError(auth, "Put RAD_TUNNEL_SERVER_AUTH_ID failed"); + return (RAD_NACK); } } if (auth->info.originate == LINK_ORIGINATE_LOCAL) { @@ -797,12 +841,11 @@ RadiusStart(AuthData auth, short request_type) } if (tmpval[0]) { Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_CLIENT_AUTH_ID: %s", - auth->info.lnkname, tmpval)); + auth->info.lnkname, tmpval)); if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_CLIENT_AUTH_ID, - 0, tmpval) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_CLIENT_AUTH_ID failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + 0, tmpval) == -1) { + RadiusLogError(auth, "Put RAD_TUNNEL_CLIENT_AUTH_ID failed"); + return (RAD_NACK); } } } @@ -810,22 +853,20 @@ RadiusStart(AuthData auth, short request_type) if (auth->info.phys_type == &gPppoePhysType) { if (auth->params.selfname[0]) { Log(LG_RADIUS2, ("[%s] RADIUS: Put ADSL-Agent-Circuit-Id: %s", - auth->info.lnkname, auth->params.selfname)); + auth->info.lnkname, auth->params.selfname)); if (rad_put_vendor_string(auth->radius.handle, 3561, 1, - auth->params.selfname) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put ADSL-Agent-Circuit-Id failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + auth->params.selfname) == -1) { + RadiusLogError(auth, "Put ADSL-Agent-Circuit-Id failed"); + return (RAD_NACK); } } if (auth->params.peername[0]) { Log(LG_RADIUS2, ("[%s] RADIUS: Put ADSL-Agent-Remote-Id: %s", - auth->info.lnkname, auth->params.peername)); + auth->info.lnkname, auth->params.peername)); if (rad_put_vendor_string(auth->radius.handle, 3561, 2, - auth->params.peername) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put ADSL-Agent-Remote-Id failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + auth->params.peername) == -1) { + RadiusLogError(auth, "Put ADSL-Agent-Remote-Id failed"); + return (RAD_NACK); } } } @@ -849,8 +890,7 @@ RadiusPutAuth(AuthData auth) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_NAME: %s", auth->info.lnkname, auth->params.authname)); if (rad_put_string(auth->radius.handle, RAD_USER_NAME, auth->params.authname) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_USER_NAME failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_USER_NAME failed"); return (RAD_NACK); } @@ -859,7 +899,7 @@ RadiusPutAuth(AuthData auth) case CHAP_ALG_MSOFT: if (cp->value_len != 49) { - Log(LG_RADIUS, ("[%s] RADIUS: RADIUS_CHAP (MSOFTv1) unrecognised key length %d/%d", + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: RADIUS_CHAP (MSOFTv1) unrecognised key length %d/%d", auth->info.lnkname, cp->value_len, 49)); return (RAD_NACK); } @@ -868,8 +908,7 @@ RadiusPutAuth(AuthData auth) auth->info.lnkname)); if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP_CHALLENGE, cp->chal_data, cp->chal_len) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MICROSOFT_MS_CHAP_CHALLENGE failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MICROSOFT_MS_CHAP_CHALLENGE failed"); return (RAD_NACK); } @@ -883,15 +922,14 @@ RadiusPutAuth(AuthData auth) auth->info.lnkname)); if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP_RESPONSE, &rad_mschapval, sizeof(rad_mschapval)) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MICROSOFT_MS_CHAP_RESPONSE failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MICROSOFT_MS_CHAP_RESPONSE failed"); return (RAD_NACK); } break; case CHAP_ALG_MSOFTv2: if (cp->value_len != sizeof(*mschapv2val)) { - Log(LG_RADIUS, ("[%s] RADIUS: RADIUS_CHAP (MSOFTv2) unrecognised key length %d/%d", + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: RADIUS_CHAP (MSOFTv2) unrecognised key length %d/%d", auth->info.lnkname, cp->value_len, (int)sizeof(*mschapv2val))); return (RAD_NACK); } @@ -900,8 +938,7 @@ RadiusPutAuth(AuthData auth) auth->info.lnkname)); if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP_CHALLENGE, cp->chal_data, cp->chal_len) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MICROSOFT_MS_CHAP_CHALLENGE failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MICROSOFT_MS_CHAP_CHALLENGE failed"); return (RAD_NACK); } @@ -919,8 +956,7 @@ RadiusPutAuth(AuthData auth) auth->info.lnkname)); if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP2_RESPONSE, &rad_mschapv2val, sizeof(rad_mschapv2val)) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put vendor_attr(RAD_MICROSOFT_MS_CHAP2_RESPONSE failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put vendor_attr(RAD_MICROSOFT_MS_CHAP2_RESPONSE failed"); return (RAD_NACK); } break; @@ -932,36 +968,30 @@ RadiusPutAuth(AuthData auth) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CHAP_CHALLENGE", auth->info.lnkname)); if (rad_put_attr(auth->radius.handle, RAD_CHAP_CHALLENGE, cp->chal_data, cp->chal_len) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_CHAP_CHALLENGE failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_CHAP_CHALLENGE failed"); return (RAD_NACK); } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CHAP_PASSWORD", auth->info.lnkname)); if (rad_put_attr(auth->radius.handle, RAD_CHAP_PASSWORD, &rad_chapval, cp->value_len + 1) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_CHAP_PASSWORD failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_CHAP_PASSWORD failed"); return (RAD_NACK); } break; default: - Log(LG_RADIUS, ("[%s] RADIUS: RADIUS unkown CHAP ALG %d", + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: RADIUS unkown CHAP ALG: %d", auth->info.lnkname, auth->alg)); return (RAD_NACK); } } else if (auth->proto == PROTO_PAP) { - - Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_PASSWORD", - auth->info.lnkname)); + Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_PASSWORD", auth->info.lnkname)); if (rad_put_string(auth->radius.handle, RAD_USER_PASSWORD, pp->peer_pass) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_USER_PASSWORD failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_USER_PASSWORD failed"); return (RAD_NACK); } - } else { - Log(LG_RADIUS, ("[%s] RADIUS: RADIUS unkown Proto %d", + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: RADIUS unkown Proto: %d", auth->info.lnkname, auth->proto)); return (RAD_NACK); } @@ -975,22 +1005,21 @@ RadiusPutAcct(AuthData auth) { char *username; int authentic; + char buf[64]; if (auth->acct_type == AUTH_ACCT_START) { Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: RAD_START", - auth->info.lnkname)); + auth->info.lnkname)); if (rad_put_int(auth->radius.handle, RAD_ACCT_STATUS_TYPE, RAD_START)) { - Log(LG_RADIUS, ("[%s] RADIUS: Put STATUS_TYPE: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + RadiusLogError(auth, "Put STATUS_TYPE failed"); + return (RAD_NACK); } } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_FRAMED_IP_ADDRESS: %s", auth->info.lnkname, inet_ntoa(auth->info.peer_addr))); if (rad_put_addr(auth->radius.handle, RAD_FRAMED_IP_ADDRESS, auth->info.peer_addr)) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_FRAMED_IP_ADDRESS: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_FRAMED_IP_ADDRESS failed"); return (RAD_NACK); } @@ -1000,66 +1029,68 @@ RadiusPutAcct(AuthData auth) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_FRAMED_IP_NETMASK: %s", auth->info.lnkname, inet_ntoa(ip))); if (rad_put_addr(auth->radius.handle, RAD_FRAMED_IP_NETMASK, ip)) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_FRAMED_IP_NETMASK: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_FRAMED_IP_NETMASK failed"); return (RAD_NACK); } } +#ifdef HAVE_RAD_ADDR6 + Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_FRAMED_IPV6_ADDRESS: %s", + auth->info.lnkname, inet_ntop(AF_INET6, &auth->info.peer_addr6, buf, + sizeof(buf)))); + if (rad_put_addr6(auth->radius.handle, RAD_FRAMED_IPV6_ADDRESS, auth->info.peer_addr6)) { + RadiusLogError(auth, "Put RAD_FRAMED_IPV6_ADDRESS failed"); + return (RAD_NACK); + } +#endif + username = auth->params.authname; Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_NAME: %s", auth->info.lnkname, username)); if (rad_put_string(auth->radius.handle, RAD_USER_NAME, username) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_USER_NAME: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_USER_NAME failed"); return (RAD_NACK); } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_MULTI_SESSION_ID: %s", auth->info.lnkname, auth->info.msession_id)); if (rad_put_string(auth->radius.handle, RAD_ACCT_MULTI_SESSION_ID, auth->info.msession_id) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_MULTI_SESSION_ID: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_ACCT_MULTI_SESSION_ID failed"); return (RAD_NACK); } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_BUNDLE: %s", auth->info.lnkname, auth->info.bundname)); if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_BUNDLE, auth->info.bundname) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_BUNDLE: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MPD_BUNDLE failed"); return (RAD_NACK); } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_IFACE: %s", auth->info.lnkname, auth->info.ifname)); if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_IFACE, auth->info.ifname) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_IFACE: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MPD_IFACE failed"); return (RAD_NACK); } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_IFACE_INDEX: %u", auth->info.lnkname, auth->info.ifindex)); if (rad_put_vendor_int(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_IFACE_INDEX, auth->info.ifindex) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_IFACE_INDEX: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MPD_IFACE_INDEX failed"); return (RAD_NACK); } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_PEER_IDENT: %s", auth->info.lnkname, auth->info.peer_ident)); if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_PEER_IDENT, auth->info.peer_ident) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_PEER_IDENT failed %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MPD_PEER_IDENT failed"); return (RAD_NACK); } Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_LINK_COUNT: %d", auth->info.lnkname, auth->info.n_links)); if (rad_put_int(auth->radius.handle, RAD_ACCT_LINK_COUNT, auth->info.n_links) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_LINK_COUNT failed: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_ACCT_LINK_COUNT failed"); return (RAD_NACK); } @@ -1071,8 +1102,7 @@ RadiusPutAcct(AuthData auth) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_AUTHENTIC: %d", auth->info.lnkname, authentic)); if (rad_put_int(auth->radius.handle, RAD_ACCT_AUTHENTIC, authentic) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_AUTHENTIC failed: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_ACCT_AUTHENTIC failed"); return (RAD_NACK); } @@ -1088,8 +1118,7 @@ RadiusPutAcct(AuthData auth) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: RAD_STOP", auth->info.lnkname)); if (rad_put_int(auth->radius.handle, RAD_ACCT_STATUS_TYPE, RAD_STOP)) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_ACCT_STATUS_TYPE failed"); return (RAD_NACK); } @@ -1122,16 +1151,14 @@ RadiusPutAcct(AuthData auth) auth->info.lnkname, auth->info.downReason, termCause)); if (rad_put_int(auth->radius.handle, RAD_ACCT_TERMINATE_CAUSE, termCause) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_TERMINATE_CAUSE failed: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_ACCT_TERMINATE_CAUSE failed"); return (RAD_NACK); } } else { Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: RAD_UPDATE", auth->info.lnkname)); if (rad_put_int(auth->radius.handle, RAD_ACCT_STATUS_TYPE, RAD_UPDATE)) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_ACCT_STATUS_TYPE failed"); return (RAD_NACK); } } @@ -1139,8 +1166,7 @@ RadiusPutAcct(AuthData auth) Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_SESSION_TIME: %ld", auth->info.lnkname, (long int)(time(NULL) - auth->info.last_up))); if (rad_put_int(auth->radius.handle, RAD_ACCT_SESSION_TIME, time(NULL) - auth->info.last_up) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_SESSION_TIME failed: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_ACCT_SESSION_TIME failed"); return (RAD_NACK); } @@ -1156,8 +1182,7 @@ RadiusPutAcct(AuthData auth) if (rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_OCTETS, auth->info.stats.recvOctets % MAX_U_INT32) != 0 || rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_PACKETS, auth->info.stats.recvFrames) != 0 || rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_GIGAWORDS, auth->info.stats.recvOctets / MAX_U_INT32) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put input stats: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put input stats failed"); return (RAD_NACK); } #ifdef USE_NG_BPF @@ -1173,8 +1198,7 @@ RadiusPutAcct(AuthData auth) if (rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_OCTETS, auth->info.stats.xmitOctets % MAX_U_INT32) != 0 || rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_PACKETS, auth->info.stats.xmitFrames) != 0 || rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_GIGAWORDS, auth->info.stats.xmitOctets / MAX_U_INT32) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put output stats: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put output stats failed"); return (RAD_NACK); } #ifdef USE_NG_BPF @@ -1184,32 +1208,31 @@ RadiusPutAcct(AuthData auth) snprintf(str, sizeof(str), "%s:%llu", ssr->name, (long long unsigned)ssr->Octets); Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_INPUT_OCTETS: %s", - auth->info.lnkname, str)); + auth->info.lnkname, str)); if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_INPUT_OCTETS, str) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_INPUT_OCTETS: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MPD_INPUT_OCTETS failed"); + return (RAD_NACK); } snprintf(str, sizeof(str), "%s:%llu", ssr->name, (long long unsigned)ssr->Packets); Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_INPUT_PACKETS: %s", - auth->info.lnkname, str)); + auth->info.lnkname, str)); if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_INPUT_PACKETS, str) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_INPUT_PACKETS: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MPD_INPUT_PACKETS failed"); + return (RAD_NACK); } if (strcmp(ssr->name,auth->params.std_acct[0]) == 0) { Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_INPUT_OCTETS: %lu", - auth->info.lnkname, (long unsigned int)(ssr->Octets % MAX_U_INT32))); + auth->info.lnkname, (long unsigned int)(ssr->Octets % MAX_U_INT32))); Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_INPUT_GIGAWORDS: %lu", - auth->info.lnkname, (long unsigned int)(ssr->Octets / MAX_U_INT32))); + auth->info.lnkname, (long unsigned int)(ssr->Octets / MAX_U_INT32))); Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_INPUT_PACKETS: %lu", - auth->info.lnkname, (long unsigned int)(ssr->Packets))); + auth->info.lnkname, (long unsigned int)(ssr->Packets))); if (rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_OCTETS, ssr->Octets % MAX_U_INT32) != 0 || rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_PACKETS, ssr->Packets) != 0 || rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_GIGAWORDS, ssr->Octets / MAX_U_INT32) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put input stats: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); - return (RAD_NACK); + RadiusLogError(auth, "Put input stats failed"); + return (RAD_NACK); } } } @@ -1218,32 +1241,31 @@ RadiusPutAcct(AuthData auth) snprintf(str, sizeof(str), "%s:%llu", ssr->name, (long long unsigned)ssr->Octets); Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_OUTPUT_OCTETS: %s", - auth->info.lnkname, str)); + auth->info.lnkname, str)); if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_OUTPUT_OCTETS, str) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_OUTPUT_OCTETS: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MPD_OUTPUT_OCTETS failed"); + return (RAD_NACK); } snprintf(str, sizeof(str), "%s:%llu", ssr->name, (long long unsigned)ssr->Packets); Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_OUTPUT_PACKETS: %s", - auth->info.lnkname, str)); + auth->info.lnkname, str)); if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_OUTPUT_PACKETS, str) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_OUTPUT_PACKETS: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "Put RAD_MPD_OUTPUT_PACKETS failed"); + return (RAD_NACK); } if (strcmp(ssr->name,auth->params.std_acct[1]) == 0) { Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_OUTPUT_OCTETS: %lu", - auth->info.lnkname, (long unsigned int)(ssr->Octets % MAX_U_INT32))); + auth->info.lnkname, (long unsigned int)(ssr->Octets % MAX_U_INT32))); Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_OUTPUT_GIGAWORDS: %lu", - auth->info.lnkname, (long unsigned int)(ssr->Octets / MAX_U_INT32))); + auth->info.lnkname, (long unsigned int)(ssr->Octets / MAX_U_INT32))); Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_OUTPUT_PACKETS: %lu", - auth->info.lnkname, (long unsigned int)(ssr->Packets))); + auth->info.lnkname, (long unsigned int)(ssr->Packets))); if (rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_OCTETS, ssr->Octets % MAX_U_INT32) != 0 || rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_PACKETS, ssr->Packets) != 0 || rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_GIGAWORDS, ssr->Octets / MAX_U_INT32) != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: Put output stats: %s", auth->info.lnkname, - rad_strerror(auth->radius.handle))); - return (RAD_NACK); + RadiusLogError(auth, "Put output stats failed"); + return (RAD_NACK); } } } @@ -1264,9 +1286,9 @@ RadiusSendRequest(AuthData auth) auth->info.lnkname, auth->params.authname)); n = rad_init_send_request(auth->radius.handle, &fd, &tv); if (n != 0) { - Log(LG_RADIUS, ("[%s] RADIUS: rad_init_send_request failed: %d %s", - auth->info.lnkname, n, rad_strerror(auth->radius.handle))); - return (RAD_NACK); + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: rad_init_send_request failed: %d %s", + auth->info.lnkname, n, rad_strerror(auth->radius.handle))); + return (RAD_NACK); } gettimeofday(&timelimit, NULL); @@ -1282,9 +1304,9 @@ RadiusSendRequest(AuthData auth) n = poll(fds,1,tv.tv_sec*1000+tv.tv_usec/1000); if (n == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: poll failed %s", auth->info.lnkname, - strerror(errno))); - return (RAD_NACK); + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: poll failed %s", + auth->info.lnkname, strerror(errno))); + return (RAD_NACK); } if ((fds[0].revents&POLLIN)!=POLLIN) { @@ -1337,7 +1359,7 @@ RadiusSendRequest(AuthData auth) return (RAD_NACK); default: - Log(LG_RADIUS, ("[%s] RADIUS: rad_send_request: unexpected return value: %d", + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: rad_send_request: unexpected return value: %d", auth->info.lnkname, n)); return (RAD_NACK); } @@ -1355,6 +1377,8 @@ RadiusGetParams(AuthData auth, int eap_proxy) char *route; char *tmpval; struct in_addr ip; + struct in6_addr ipv6; + char buf[64]; #if defined(USE_NG_BPF) || defined(USE_IPFW) struct acl **acls, *acls1; char *acl, *acl1, *acl2, *acl3; @@ -1421,10 +1445,10 @@ RadiusGetParams(AuthData auth, int eap_proxy) case RAD_FRAMED_IP_ADDRESS: ip = rad_cvt_addr(data); - Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_ADDRESS: %s ", + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_ADDRESS: %s", auth->info.lnkname, inet_ntoa(ip))); - - if (strcmp(inet_ntoa(ip), "255.255.255.255") == 0) { + + if (ip.s_addr == INADDR_BROADCAST) { /* the peer can choose an address */ Log(LG_RADIUS2, ("[%s] the peer can choose an address", auth->info.lnkname)); ip.s_addr=0; @@ -1441,28 +1465,38 @@ RadiusGetParams(AuthData auth, int eap_proxy) } break; +#ifdef HAVE_RAD_ADDR6 + case RAD_FRAMED_IPV6_ADDRESS: + ipv6 = rad_cvt_addr6(data); + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ADDRESS: %s", + auth->info.lnkname, inet_ntop(AF_INET6, &ipv6, buf, sizeof(buf)))); + in6_addrtou_range(&ipv6, 64, &auth->params.range); + auth->params.range_valid = 1; + break; +#endif + case RAD_USER_NAME: tmpval = rad_cvt_string(data, len); /* copy it into the persistent data struct */ strlcpy(auth->params.authname, tmpval, sizeof(auth->params.authname)); free(tmpval); - Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_USER_NAME: %s ", + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_USER_NAME: %s", auth->info.lnkname, auth->params.authname)); break; case RAD_FRAMED_IP_NETMASK: ip = rad_cvt_addr(data); auth->params.netmask = in_addrtowidth(&ip); - Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_NETMASK: %s (/%d) ", + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_NETMASK: %s (/%d)", auth->info.lnkname, inet_ntoa(ip), auth->params.netmask)); break; case RAD_FRAMED_ROUTE: route = rad_cvt_string(data, len); - Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: %s ", + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: %s", auth->info.lnkname, route)); if (!ParseRange(route, &range, ALLOW_IPV4)) { - Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: Bad route \"%s\"", + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: Bad route \"%s\"", auth->info.lnkname, route)); free(route); break; @@ -1473,7 +1507,7 @@ RadiusGetParams(AuthData auth, int eap_proxy) j = 0; SLIST_FOREACH(r1, &auth->params.routes, next) { if (!u_rangecompare(&r->dest, &r1->dest)) { - Log(LG_RADIUS, ("[%s] RADIUS: Duplicate route %s", + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Duplicate route %s", auth->info.lnkname, route)); j = 1; } @@ -1488,10 +1522,10 @@ RadiusGetParams(AuthData auth, int eap_proxy) case RAD_FRAMED_IPV6_ROUTE: route = rad_cvt_string(data, len); - Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: %s ", + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: %s", auth->info.lnkname, route)); if (!ParseRange(route, &range, ALLOW_IPV6)) { - Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: Bad route \"%s\"", auth->info.lnkname, route)); + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: Bad route \"%s\"", auth->info.lnkname, route)); free(route); break; } @@ -1501,7 +1535,7 @@ RadiusGetParams(AuthData auth, int eap_proxy) j = 0; SLIST_FOREACH(r1, &auth->params.routes, next) { if (!u_rangecompare(&r->dest, &r1->dest)) { - Log(LG_RADIUS, ("[%s] RADIUS: Duplicate route %s", + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Duplicate route %s", auth->info.lnkname, route)); j = 1; } @@ -1516,28 +1550,28 @@ RadiusGetParams(AuthData auth, int eap_proxy) case RAD_SESSION_TIMEOUT: auth->params.session_timeout = rad_cvt_int(data); - Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_SESSION_TIMEOUT: %u ", + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_SESSION_TIMEOUT: %u", auth->info.lnkname, auth->params.session_timeout)); break; case RAD_IDLE_TIMEOUT: auth->params.idle_timeout = rad_cvt_int(data); - Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_IDLE_TIMEOUT: %u ", + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_IDLE_TIMEOUT: %u", auth->info.lnkname, auth->params.idle_timeout)); break; case RAD_ACCT_INTERIM_INTERVAL: auth->params.acct_update = rad_cvt_int(data); - Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_ACCT_INTERIM_INTERVAL: %u ", + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_ACCT_INTERIM_INTERVAL: %u", auth->info.lnkname, auth->params.acct_update)); break; case RAD_FRAMED_MTU: i = rad_cvt_int(data); - Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_MTU: %u ", + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_MTU: %u", auth->info.lnkname, i)); if (i < IFACE_MIN_MTU || i > IFACE_MAX_MTU) { - Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_MTU: invalid MTU: %u ", + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_MTU: invalid MTU: %u", auth->info.lnkname, i)); auth->params.mtu = 0; break; @@ -1564,10 +1598,15 @@ RadiusGetParams(AuthData auth, int eap_proxy) break; case RAD_FILTER_ID: + Freee(auth->params.filter_id); + auth->params.filter_id = NULL; + if (len == 0) + break; tmpval = rad_cvt_string(data, len); - Log(LG_RADIUS2, ("[%s] RADIUS: Get (RAD_FILTER_ID: %s)", - auth->info.lnkname, tmpval)); + auth->params.filter_id = Mdup(MB_AUTH, tmpval, len + 1); free(tmpval); + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FILTER_ID: %s", + auth->info.lnkname, auth->params.filter_id)); break; case RAD_SERVICE_TYPE: @@ -1576,11 +1615,15 @@ RadiusGetParams(AuthData auth, int eap_proxy) break; case RAD_REPLY_MESSAGE: + Freee(auth->reply_message); + auth->reply_message = NULL; + if (len == 0) + break; tmpval = rad_cvt_string(data, len); - Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_REPLY_MESSAGE: %s ", - auth->info.lnkname, tmpval)); auth->reply_message = Mdup(MB_AUTH, tmpval, len + 1); free(tmpval); + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_REPLY_MESSAGE: %s", + auth->info.lnkname, auth->reply_message)); break; case RAD_FRAMED_POOL: @@ -1588,13 +1631,13 @@ RadiusGetParams(AuthData auth, int eap_proxy) /* copy it into the persistent data struct */ strlcpy(auth->params.ippool, tmpval, sizeof(auth->params.ippool)); free(tmpval); - Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_POOL: %s ", + Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_POOL: %s", auth->info.lnkname, auth->params.ippool)); break; case RAD_VENDOR_SPECIFIC: if ((res = rad_get_vendor_attr(&vendor, &data, &len)) == -1) { - Log(LG_RADIUS, ("[%s] RADIUS: Get vendor attr failed: %s ", + Log(LG_RADIUS, ("[%s] RADIUS: Get vendor attr failed: %s", auth->info.lnkname, rad_strerror(auth->radius.handle))); return RAD_NACK; } @@ -1653,6 +1696,9 @@ RadiusGetParams(AuthData auth, int eap_proxy) case RAD_MICROSOFT_MS_CHAP_DOMAIN: Freee(auth->params.msdomain); + auth->params.msdomain = NULL; + if (len == 0) + break; tmpval = rad_cvt_string(data, len); auth->params.msdomain = Mdup(MB_AUTH, tmpval, len + 1); free(tmpval); @@ -1667,8 +1713,7 @@ RadiusGetParams(AuthData auth, int eap_proxy) auth->info.lnkname)); tmpkey = rad_demangle_mppe_key(auth->radius.handle, data, len, &tmpkey_len); if (!tmpkey) { - Log(LG_RADIUS, ("[%s] RADIUS: rad_demangle_mppe_key failed: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "rad_demangle_mppe_key failed"); return RAD_NACK; } @@ -1682,8 +1727,7 @@ RadiusGetParams(AuthData auth, int eap_proxy) auth->info.lnkname)); tmpkey = rad_demangle_mppe_key(auth->radius.handle, data, len, &tmpkey_len); if (!tmpkey) { - Log(LG_RADIUS, ("[%s] RADIUS: rad_demangle_mppe_key failed: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "rad_demangle_mppe_key failed"); return RAD_NACK; } memcpy(auth->params.msoft.xmit_key, tmpkey, MPPE_KEY_LEN); @@ -1697,15 +1741,14 @@ RadiusGetParams(AuthData auth, int eap_proxy) auth->info.lnkname)); if (len != 32) { - Log(LG_RADIUS, ("[%s] RADIUS: Server returned garbage %d of expected %d Bytes", + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Server returned garbage %d of expected %d Bytes", auth->info.lnkname, (int)len, 32)); return RAD_NACK; } tmpkey = rad_demangle(auth->radius.handle, data, len); if (tmpkey == NULL) { - Log(LG_RADIUS, ("[%s] RADIUS: rad_demangle failed: %s", - auth->info.lnkname, rad_strerror(auth->radius.handle))); + RadiusLogError(auth, "rad_demangle failed"); return RAD_NACK; } memcpy(auth->params.msoft.lm_hash, tmpkey, sizeof(auth->params.msoft.lm_hash)); @@ -1724,7 +1767,7 @@ RadiusGetParams(AuthData auth, int eap_proxy) case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: { - char buf[64]; + char buf[48]; auth->params.msoft.types = rad_cvt_int(data); Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: %d (%s)", auth->info.lnkname, auth->params.msoft.types, @@ -1757,7 +1800,7 @@ RadiusGetParams(AuthData auth, int eap_proxy) break; default: - Log(LG_RADIUS2, ("[%s] RADIUS: Dropping MICROSOFT vendor specific attribute: %d ", + Log(LG_RADIUS2, ("[%s] RADIUS: Dropping MICROSOFT vendor specific attribute: %d", auth->info.lnkname, res)); break; } @@ -1843,9 +1886,9 @@ RadiusGetParams(AuthData auth, int eap_proxy) Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_MPD_FILTER: %s", auth->info.lnkname, acl)); acl2 = strsep(&acl1, "#"); - i = atol(acl2); + i = atoi(acl2); if (i <= 0 || i > ACL_FILTERS) { - Log(LG_RADIUS, ("[%s] RADIUS: Wrong filter number: %i", + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Wrong filter number: %i", auth->info.lnkname, i)); free(acl); break; @@ -1861,7 +1904,7 @@ RadiusGetParams(AuthData auth, int eap_proxy) } else if (strcasecmp(acl2, "out") == 0) { i = 1; } else { - Log(LG_ERR, ("[%s] RADIUS: Wrong limit direction: '%s'", + Log(LG_ERR|LG_ERR, ("[%s] RADIUS: Wrong limit direction: '%s'", auth->info.lnkname, acl2)); free(acl); break; @@ -1892,17 +1935,16 @@ RadiusGetParams(AuthData auth, int eap_proxy) } #if defined(USE_NG_BPF) || defined(USE_IPFW) if (acl1 == NULL) { - Log(LG_ERR, ("[%s] RADIUS: Incorrect acl!", - auth->info.lnkname)); + Log(LG_ERR, ("[%s] RADIUS: Incorrect acl!", auth->info.lnkname)); free(acl); break; } - + acl3 = acl1; strsep(&acl3, "="); acl2 = acl1; strsep(&acl2, "#"); - i = atol(acl1); + i = atoi(acl1); if (i <= 0) { Log(LG_ERR, ("[%s] RADIUS: Wrong acl number: %i", auth->info.lnkname, i)); @@ -1933,8 +1975,7 @@ RadiusGetParams(AuthData auth, int eap_proxy) } else if (((*acls)->number == acls1->number) && (res != RAD_MPD_TABLE) && (res != RAD_MPD_TABLE_STATIC)) { - Log(LG_ERR, ("[%s] RADIUS: Duplicate acl", - auth->info.lnkname)); + Log(LG_ERR, ("[%s] RADIUS: Duplicate acl", auth->info.lnkname)); Freee(acls1); free(acl); break; @@ -1948,14 +1989,14 @@ RadiusGetParams(AuthData auth, int eap_proxy) #endif /* USE_NG_BPF or USE_IPFW */ default: - Log(LG_RADIUS2, ("[%s] RADIUS: Dropping vendor %d attribute: %d ", + Log(LG_RADIUS2, ("[%s] RADIUS: Dropping vendor %d attribute: %d", auth->info.lnkname, vendor, res)); break; } break; default: - Log(LG_RADIUS2, ("[%s] RADIUS: Dropping attribute: %d ", + Log(LG_RADIUS2, ("[%s] RADIUS: Dropping attribute: %d", auth->info.lnkname, res)); break; } @@ -1966,7 +2007,8 @@ RadiusGetParams(AuthData auth, int eap_proxy) /* sanity check, this happens when FreeRADIUS has no msoft-dictionary loaded */ if (auth->proto == PROTO_CHAP && auth->alg == CHAP_ALG_MSOFTv2 && auth->mschapv2resp == NULL && auth->status == AUTH_STATUS_SUCCESS) { - Log(LG_RADIUS, ("[%s] RADIUS: PANIC no MS-CHAP2-Success received from server!", + Log(LG_ERR|LG_RADIUS, + ("[%s] RADIUS: PANIC no MS-CHAP2-Success received from server!", auth->info.lnkname)); return RAD_NACK; } @@ -1975,7 +2017,8 @@ RadiusGetParams(AuthData auth, int eap_proxy) /* print warning, because MPPE doesen't work */ if (!(auth->params.msoft.has_keys || auth->params.msoft.has_nt_hash || auth->params.msoft.has_lm_hash) && auth->params.msoft.policy != MPPE_POLICY_NONE) { - Log(LG_RADIUS, ("[%s] RADIUS: WARNING no MPPE-Keys received, MPPE will not work", + Log(LG_ERR|LG_RADIUS, + ("[%s] RADIUS: WARNING no MPPE-Keys received, MPPE will not work", auth->info.lnkname)); } @@ -1986,7 +2029,8 @@ RadiusGetParams(AuthData auth, int eap_proxy) (auth->params.msoft.has_keys || auth->params.msoft.has_nt_hash || auth->params.msoft.has_lm_hash)) { auth->params.msoft.policy = MPPE_POLICY_ALLOWED; auth->params.msoft.types = MPPE_TYPE_40BIT | MPPE_TYPE_128BIT | MPPE_TYPE_56BIT; - Log(LG_RADIUS, ("[%s] RADIUS: MPPE-Keys present, but no MPPE-Infos received => allowing MPPE with all types", + Log(LG_ERR|LG_RADIUS, + ("[%s] RADIUS: MPPE-Keys present, but no MPPE-Infos received => allowing MPPE with all types", auth->info.lnkname)); } @@ -2003,7 +2047,8 @@ RadiusGetParams(AuthData auth, int eap_proxy) j = 0; SLIST_FOREACH(r1, &auth->params.routes, next) { if (!u_rangecompare(&r->dest, &r1->dest)) { - Log(LG_RADIUS, ("[%s] RADIUS: Duplicate route", auth->info.lnkname)); + Log(LG_ERR|LG_RADIUS, + ("[%s] RADIUS: Duplicate route", auth->info.lnkname)); j = 1; } }; @@ -2016,4 +2061,11 @@ RadiusGetParams(AuthData auth, int eap_proxy) } return (RAD_ACK); +} + +static void +RadiusLogError(AuthData auth, const char *errmsg) +{ + Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: %s: %s", + auth->info.lnkname, errmsg, rad_strerror(auth->radius.handle))); }