version 1.1, 2012/02/21 23:32:47
|
version 1.1.1.2, 2013/07/22 08:44:29
|
Line 49
|
Line 49
|
/* Set menu options */ |
/* Set menu options */ |
|
|
enum { |
enum { |
|
UNSET_SERVER, |
SET_SERVER, |
SET_SERVER, |
SET_ME, |
SET_ME, |
SET_MEV6, |
SET_MEV6, |
Line 63
|
Line 64
|
/* |
/* |
* GLOBAL VARIABLES |
* GLOBAL VARIABLES |
*/ |
*/ |
| const struct cmdtab RadiusUnSetCmds[] = { |
| { "server {name} [{auth port}] [{acct port}]", "Unset (remove) radius server" , |
| RadiusSetCommand, NULL, 2, (void *) UNSET_SERVER }, |
| { NULL }, |
| }; |
| |
const struct cmdtab RadiusSetCmds[] = { |
const struct cmdtab RadiusSetCmds[] = { |
{ "server {name} {secret} [{auth port}] [{acct port}]", "Set radius server parameters" , |
{ "server {name} {secret} [{auth port}] [{acct port}]", "Set radius server parameters" , |
RadiusSetCommand, NULL, 2, (void *) SET_SERVER }, |
RadiusSetCommand, NULL, 2, (void *) SET_SERVER }, |
Line 344 RadiusSetCommand(Context ctx, int ac, char *av[], void
|
Line 350 RadiusSetCommand(Context ctx, int ac, char *av[], void
|
RadConf const conf = &ctx->lnk->lcp.auth.conf.radius; |
RadConf const conf = &ctx->lnk->lcp.auth.conf.radius; |
RadServe_Conf server; |
RadServe_Conf server; |
RadServe_Conf t_server; |
RadServe_Conf t_server; |
|
RadServe_Conf next, prev; |
int val, count; |
int val, count; |
struct u_addr t; |
struct u_addr t; |
int auth_port = 1812; |
int auth_port = 1812; |
Line 354 RadiusSetCommand(Context ctx, int ac, char *av[], void
|
Line 361 RadiusSetCommand(Context ctx, int ac, char *av[], void
|
|
|
switch ((intptr_t)arg) { |
switch ((intptr_t)arg) { |
|
|
|
case UNSET_SERVER: |
|
|
|
if (ac > 3 || ac < 1) { |
|
return(-1); |
|
} |
|
for ( prev = NULL, t_server = conf->server ; |
|
t_server != NULL && (next = t_server->next, 1) ; |
|
prev = t_server, t_server = next) { |
|
|
|
if (strcmp(t_server->hostname, av[0]) != 0) |
|
continue; |
|
if (ac > 1 && t_server->auth_port != atoi(av[1])) |
|
continue; |
|
if (ac > 2 && t_server->acct_port != atoi(av[2])) |
|
continue; |
|
|
|
if (t_server == conf->server) { |
|
conf->server = t_server->next; |
|
} else { |
|
prev->next = t_server->next; |
|
t_server->next = NULL; |
|
} |
|
|
|
Freee(t_server->hostname); |
|
Freee(t_server->sharedsecret); |
|
Freee(t_server); |
|
t_server = prev; |
|
} |
|
|
|
break; |
|
|
case SET_SERVER: |
case SET_SERVER: |
if (ac > 4 || ac < 2) { |
if (ac > 4 || ac < 2) { |
return(-1); |
return(-1); |
Line 1421 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1459 RadiusGetParams(AuthData auth, int eap_proxy)
|
|
|
case RAD_FRAMED_IP_ADDRESS: |
case RAD_FRAMED_IP_ADDRESS: |
ip = rad_cvt_addr(data); |
ip = rad_cvt_addr(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_ADDRESS: %s ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_ADDRESS: %s", |
auth->info.lnkname, inet_ntoa(ip))); |
auth->info.lnkname, inet_ntoa(ip))); |
| |
if (strcmp(inet_ntoa(ip), "255.255.255.255") == 0) { |
if (strcmp(inet_ntoa(ip), "255.255.255.255") == 0) { |
/* the peer can choose an address */ |
/* the peer can choose an address */ |
Log(LG_RADIUS2, ("[%s] the peer can choose an address", auth->info.lnkname)); |
Log(LG_RADIUS2, ("[%s] the peer can choose an address", auth->info.lnkname)); |
Line 1446 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1484 RadiusGetParams(AuthData auth, int eap_proxy)
|
/* copy it into the persistent data struct */ |
/* copy it into the persistent data struct */ |
strlcpy(auth->params.authname, tmpval, sizeof(auth->params.authname)); |
strlcpy(auth->params.authname, tmpval, sizeof(auth->params.authname)); |
free(tmpval); |
free(tmpval); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_USER_NAME: %s ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_USER_NAME: %s", |
auth->info.lnkname, auth->params.authname)); |
auth->info.lnkname, auth->params.authname)); |
break; |
break; |
|
|
case RAD_FRAMED_IP_NETMASK: |
case RAD_FRAMED_IP_NETMASK: |
ip = rad_cvt_addr(data); |
ip = rad_cvt_addr(data); |
auth->params.netmask = in_addrtowidth(&ip); |
auth->params.netmask = in_addrtowidth(&ip); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_NETMASK: %s (/%d) ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_NETMASK: %s (/%d)", |
auth->info.lnkname, inet_ntoa(ip), auth->params.netmask)); |
auth->info.lnkname, inet_ntoa(ip), auth->params.netmask)); |
break; |
break; |
|
|
case RAD_FRAMED_ROUTE: |
case RAD_FRAMED_ROUTE: |
route = rad_cvt_string(data, len); |
route = rad_cvt_string(data, len); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: %s ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: %s", |
auth->info.lnkname, route)); |
auth->info.lnkname, route)); |
if (!ParseRange(route, &range, ALLOW_IPV4)) { |
if (!ParseRange(route, &range, ALLOW_IPV4)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: Bad route \"%s\"", |
Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: Bad route \"%s\"", |
Line 1488 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1526 RadiusGetParams(AuthData auth, int eap_proxy)
|
|
|
case RAD_FRAMED_IPV6_ROUTE: |
case RAD_FRAMED_IPV6_ROUTE: |
route = rad_cvt_string(data, len); |
route = rad_cvt_string(data, len); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: %s ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: %s", |
auth->info.lnkname, route)); |
auth->info.lnkname, route)); |
if (!ParseRange(route, &range, ALLOW_IPV6)) { |
if (!ParseRange(route, &range, ALLOW_IPV6)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: Bad route \"%s\"", auth->info.lnkname, route)); |
Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: Bad route \"%s\"", auth->info.lnkname, route)); |
Line 1516 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1554 RadiusGetParams(AuthData auth, int eap_proxy)
|
|
|
case RAD_SESSION_TIMEOUT: |
case RAD_SESSION_TIMEOUT: |
auth->params.session_timeout = rad_cvt_int(data); |
auth->params.session_timeout = rad_cvt_int(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_SESSION_TIMEOUT: %u ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_SESSION_TIMEOUT: %u", |
auth->info.lnkname, auth->params.session_timeout)); |
auth->info.lnkname, auth->params.session_timeout)); |
break; |
break; |
|
|
case RAD_IDLE_TIMEOUT: |
case RAD_IDLE_TIMEOUT: |
auth->params.idle_timeout = rad_cvt_int(data); |
auth->params.idle_timeout = rad_cvt_int(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_IDLE_TIMEOUT: %u ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_IDLE_TIMEOUT: %u", |
auth->info.lnkname, auth->params.idle_timeout)); |
auth->info.lnkname, auth->params.idle_timeout)); |
break; |
break; |
|
|
case RAD_ACCT_INTERIM_INTERVAL: |
case RAD_ACCT_INTERIM_INTERVAL: |
auth->params.acct_update = rad_cvt_int(data); |
auth->params.acct_update = rad_cvt_int(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_ACCT_INTERIM_INTERVAL: %u ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_ACCT_INTERIM_INTERVAL: %u", |
auth->info.lnkname, auth->params.acct_update)); |
auth->info.lnkname, auth->params.acct_update)); |
break; |
break; |
|
|
case RAD_FRAMED_MTU: |
case RAD_FRAMED_MTU: |
i = rad_cvt_int(data); |
i = rad_cvt_int(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_MTU: %u ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_MTU: %u", |
auth->info.lnkname, i)); |
auth->info.lnkname, i)); |
if (i < IFACE_MIN_MTU || i > IFACE_MAX_MTU) { |
if (i < IFACE_MIN_MTU || i > IFACE_MAX_MTU) { |
Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_MTU: invalid MTU: %u ", | Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_MTU: invalid MTU: %u", |
auth->info.lnkname, i)); |
auth->info.lnkname, i)); |
auth->params.mtu = 0; |
auth->params.mtu = 0; |
break; |
break; |
Line 1576 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1614 RadiusGetParams(AuthData auth, int eap_proxy)
|
break; |
break; |
|
|
case RAD_REPLY_MESSAGE: |
case RAD_REPLY_MESSAGE: |
|
Freee(auth->reply_message); |
|
auth->reply_message = NULL; |
|
if (len == 0) |
|
break; |
tmpval = rad_cvt_string(data, len); |
tmpval = rad_cvt_string(data, len); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_REPLY_MESSAGE: %s ", |
|
auth->info.lnkname, tmpval)); |
|
auth->reply_message = Mdup(MB_AUTH, tmpval, len + 1); |
auth->reply_message = Mdup(MB_AUTH, tmpval, len + 1); |
free(tmpval); |
free(tmpval); |
|
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_REPLY_MESSAGE: %s", |
|
auth->info.lnkname, auth->reply_message)); |
break; |
break; |
|
|
case RAD_FRAMED_POOL: |
case RAD_FRAMED_POOL: |
Line 1588 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1630 RadiusGetParams(AuthData auth, int eap_proxy)
|
/* copy it into the persistent data struct */ |
/* copy it into the persistent data struct */ |
strlcpy(auth->params.ippool, tmpval, sizeof(auth->params.ippool)); |
strlcpy(auth->params.ippool, tmpval, sizeof(auth->params.ippool)); |
free(tmpval); |
free(tmpval); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_POOL: %s ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_POOL: %s", |
auth->info.lnkname, auth->params.ippool)); |
auth->info.lnkname, auth->params.ippool)); |
break; |
break; |
|
|
case RAD_VENDOR_SPECIFIC: |
case RAD_VENDOR_SPECIFIC: |
if ((res = rad_get_vendor_attr(&vendor, &data, &len)) == -1) { |
if ((res = rad_get_vendor_attr(&vendor, &data, &len)) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Get vendor attr failed: %s ", | Log(LG_RADIUS, ("[%s] RADIUS: Get vendor attr failed: %s", |
auth->info.lnkname, rad_strerror(auth->radius.handle))); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); |
return RAD_NACK; |
return RAD_NACK; |
} |
} |
Line 1653 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1695 RadiusGetParams(AuthData auth, int eap_proxy)
|
|
|
case RAD_MICROSOFT_MS_CHAP_DOMAIN: |
case RAD_MICROSOFT_MS_CHAP_DOMAIN: |
Freee(auth->params.msdomain); |
Freee(auth->params.msdomain); |
|
auth->params.msdomain = NULL; |
|
if (len == 0) |
|
break; |
tmpval = rad_cvt_string(data, len); |
tmpval = rad_cvt_string(data, len); |
auth->params.msdomain = Mdup(MB_AUTH, tmpval, len + 1); |
auth->params.msdomain = Mdup(MB_AUTH, tmpval, len + 1); |
free(tmpval); |
free(tmpval); |
Line 1724 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1769 RadiusGetParams(AuthData auth, int eap_proxy)
|
|
|
case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: |
case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: |
{ |
{ |
char buf[64]; | char buf[48]; |
auth->params.msoft.types = rad_cvt_int(data); |
auth->params.msoft.types = rad_cvt_int(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: %d (%s)", |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: %d (%s)", |
auth->info.lnkname, auth->params.msoft.types, |
auth->info.lnkname, auth->params.msoft.types, |
Line 1757 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1802 RadiusGetParams(AuthData auth, int eap_proxy)
|
break; |
break; |
|
|
default: |
default: |
Log(LG_RADIUS2, ("[%s] RADIUS: Dropping MICROSOFT vendor specific attribute: %d ", | Log(LG_RADIUS2, ("[%s] RADIUS: Dropping MICROSOFT vendor specific attribute: %d", |
auth->info.lnkname, res)); |
auth->info.lnkname, res)); |
break; |
break; |
} |
} |
Line 1843 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1888 RadiusGetParams(AuthData auth, int eap_proxy)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_MPD_FILTER: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_MPD_FILTER: %s", |
auth->info.lnkname, acl)); |
auth->info.lnkname, acl)); |
acl2 = strsep(&acl1, "#"); |
acl2 = strsep(&acl1, "#"); |
i = atol(acl2); | i = atoi(acl2); |
if (i <= 0 || i > ACL_FILTERS) { |
if (i <= 0 || i > ACL_FILTERS) { |
Log(LG_RADIUS, ("[%s] RADIUS: Wrong filter number: %i", |
Log(LG_RADIUS, ("[%s] RADIUS: Wrong filter number: %i", |
auth->info.lnkname, i)); |
auth->info.lnkname, i)); |
Line 1892 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1937 RadiusGetParams(AuthData auth, int eap_proxy)
|
} |
} |
#if defined(USE_NG_BPF) || defined(USE_IPFW) |
#if defined(USE_NG_BPF) || defined(USE_IPFW) |
if (acl1 == NULL) { |
if (acl1 == NULL) { |
Log(LG_ERR, ("[%s] RADIUS: Incorrect acl!", | Log(LG_ERR, ("[%s] RADIUS: Incorrect acl!", auth->info.lnkname)); |
auth->info.lnkname)); | |
free(acl); |
free(acl); |
break; |
break; |
} |
} |
| |
acl3 = acl1; |
acl3 = acl1; |
strsep(&acl3, "="); |
strsep(&acl3, "="); |
acl2 = acl1; |
acl2 = acl1; |
strsep(&acl2, "#"); |
strsep(&acl2, "#"); |
i = atol(acl1); | i = atoi(acl1); |
if (i <= 0) { |
if (i <= 0) { |
Log(LG_ERR, ("[%s] RADIUS: Wrong acl number: %i", |
Log(LG_ERR, ("[%s] RADIUS: Wrong acl number: %i", |
auth->info.lnkname, i)); |
auth->info.lnkname, i)); |
Line 1933 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1977 RadiusGetParams(AuthData auth, int eap_proxy)
|
} else if (((*acls)->number == acls1->number) && |
} else if (((*acls)->number == acls1->number) && |
(res != RAD_MPD_TABLE) && |
(res != RAD_MPD_TABLE) && |
(res != RAD_MPD_TABLE_STATIC)) { |
(res != RAD_MPD_TABLE_STATIC)) { |
Log(LG_ERR, ("[%s] RADIUS: Duplicate acl", | Log(LG_ERR, ("[%s] RADIUS: Duplicate acl", auth->info.lnkname)); |
auth->info.lnkname)); | |
Freee(acls1); |
Freee(acls1); |
free(acl); |
free(acl); |
break; |
break; |
Line 1948 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1991 RadiusGetParams(AuthData auth, int eap_proxy)
|
#endif /* USE_NG_BPF or USE_IPFW */ |
#endif /* USE_NG_BPF or USE_IPFW */ |
|
|
default: |
default: |
Log(LG_RADIUS2, ("[%s] RADIUS: Dropping vendor %d attribute: %d ", | Log(LG_RADIUS2, ("[%s] RADIUS: Dropping vendor %d attribute: %d", |
auth->info.lnkname, vendor, res)); |
auth->info.lnkname, vendor, res)); |
break; |
break; |
} |
} |
break; |
break; |
|
|
default: |
default: |
Log(LG_RADIUS2, ("[%s] RADIUS: Dropping attribute: %d ", | Log(LG_RADIUS2, ("[%s] RADIUS: Dropping attribute: %d", |
auth->info.lnkname, res)); |
auth->info.lnkname, res)); |
break; |
break; |
} |
} |