1 /*
2 * Copyright 1999 Internet Business Solutions Ltd., Switzerland
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: src/usr.sbin/ppp/radius.c,v 1.11.2.5 2002/09/01 02:12:32 brian Exp $
27 */
28
29 #include <sys/param.h>
30
31 #include <sys/socket.h>
32 #include <netinet/in_systm.h>
33 #include <netinet/in.h>
34 #include <netinet/ip.h>
35 #include <arpa/inet.h>
36 #include <sys/un.h>
37 #include <net/route.h>
38
39 #ifdef LOCALRAD
40 #include "radlib.h"
41 #include "radlib_vs.h"
42 #else
43 #include <radlib.h>
44 #include <radlib_vs.h>
45 #endif
46
47 #include <errno.h>
48 #include <stdarg.h>
49 #include <stdio.h>
50 #include <stdlib.h>
51 #include <string.h>
52 #include <sys/time.h>
53 #include <termios.h>
54 #include <unistd.h>
55 #include <netdb.h>
56 #ifndef NODES
57 #include <openssl/md5.h>
58 #endif
59
60 #include "layer.h"
61 #include "defs.h"
62 #include "log.h"
63 #include "descriptor.h"
64 #include "prompt.h"
65 #include "timer.h"
66 #include "fsm.h"
67 #include "iplist.h"
68 #include "slcompress.h"
69 #include "throughput.h"
70 #include "lqr.h"
71 #include "hdlc.h"
72 #include "mbuf.h"
73 #include "ncpaddr.h"
74 #include "ip.h"
75 #include "ipcp.h"
76 #include "ipv6cp.h"
77 #include "route.h"
78 #include "command.h"
79 #include "filter.h"
80 #include "lcp.h"
81 #include "ccp.h"
82 #include "link.h"
83 #include "mp.h"
84 #include "radius.h"
85 #include "auth.h"
86 #include "async.h"
87 #include "physical.h"
88 #include "chat.h"
89 #include "cbcp.h"
90 #include "chap.h"
91 #include "datalink.h"
92 #include "ncp.h"
93 #include "bundle.h"
94 #include "proto.h"
95
96 #ifndef NODES
97 struct mschap_response {
98 u_char ident;
99 u_char flags;
100 u_char lm_response[24];
101 u_char nt_response[24];
102 };
103
104 struct mschap2_response {
105 u_char ident;
106 u_char flags;
107 u_char pchallenge[16];
108 u_char reserved[8];
109 u_char response[24];
110 };
111
112 #define AUTH_LEN 16
113 #define SALT_LEN 2
114 #endif
115
116 static const char *
radius_policyname(int policy)117 radius_policyname(int policy)
118 {
119 switch(policy) {
120 case MPPE_POLICY_ALLOWED:
121 return "Allowed";
122 case MPPE_POLICY_REQUIRED:
123 return "Required";
124 }
125 return NumStr(policy, NULL, 0);
126 }
127
128 static const char *
radius_typesname(int types)129 radius_typesname(int types)
130 {
131 switch(types) {
132 case MPPE_TYPE_40BIT:
133 return "40 bit";
134 case MPPE_TYPE_128BIT:
135 return "128 bit";
136 case MPPE_TYPE_40BIT|MPPE_TYPE_128BIT:
137 return "40 or 128 bit";
138 }
139 return NumStr(types, NULL, 0);
140 }
141
142 #ifndef NODES
143 static void
demangle(struct radius * r,const void * mangled,size_t mlen,char ** buf,size_t * len)144 demangle(struct radius *r, const void *mangled, size_t mlen,
145 char **buf, size_t *len)
146 {
147 char R[AUTH_LEN]; /* variable names as per rfc2548 */
148 const char *S;
149 u_char b[16];
150 const u_char *A, *C;
151 MD5_CTX Context;
152 int Slen, i, Clen, Ppos;
153 u_char *P;
154
155 if (mlen % 16 != SALT_LEN) {
156 log_Printf(LogWARN, "Cannot interpret mangled data of length %ld\n",
157 (u_long)mlen);
158 *buf = NULL;
159 *len = 0;
160 return;
161 }
162
163 /* We need the RADIUS Request-Authenticator */
164 if (rad_request_authenticator(r->cx.rad, R, sizeof R) != AUTH_LEN) {
165 log_Printf(LogWARN, "Cannot obtain the RADIUS request authenticator\n");
166 *buf = NULL;
167 *len = 0;
168 return;
169 }
170
171 A = (const u_char *)mangled; /* Salt comes first */
172 C = (const u_char *)mangled + SALT_LEN; /* Then the ciphertext */
173 Clen = mlen - SALT_LEN;
174 S = rad_server_secret(r->cx.rad); /* We need the RADIUS secret */
175 Slen = strlen(S);
176 P = alloca(Clen); /* We derive our plaintext */
177
178 MD5_Init(&Context);
179 MD5_Update(&Context, S, Slen);
180 MD5_Update(&Context, R, AUTH_LEN);
181 MD5_Update(&Context, A, SALT_LEN);
182 MD5_Final(b, &Context);
183 Ppos = 0;
184
185 while (Clen) {
186 Clen -= 16;
187
188 for (i = 0; i < 16; i++)
189 P[Ppos++] = C[i] ^ b[i];
190
191 if (Clen) {
192 MD5_Init(&Context);
193 MD5_Update(&Context, S, Slen);
194 MD5_Update(&Context, C, 16);
195 MD5_Final(b, &Context);
196 }
197
198 C += 16;
199 }
200
201 /*
202 * The resulting plain text consists of a one-byte length, the text and
203 * maybe some padding.
204 */
205 *len = *P;
206 if (*len > mlen - 1) {
207 log_Printf(LogWARN, "Mangled data seems to be garbage\n");
208 *buf = NULL;
209 *len = 0;
210 return;
211 }
212
213 *buf = malloc(*len);
214 memcpy(*buf, P + 1, *len);
215 }
216 #endif
217
218 /*
219 * rad_continue_send_request() has given us `got' (non-zero). Deal with it.
220 */
221 static void
radius_Process(struct radius * r,int got)222 radius_Process(struct radius *r, int got)
223 {
224 char *argv[MAXARGS], *nuke;
225 struct bundle *bundle;
226 int argc, addrs, res, width;
227 size_t len;
228 struct ncprange dest;
229 struct ncpaddr gw;
230 const void *data;
231 const char *stype;
232 u_int32_t ipaddr, vendor;
233 struct in_addr ip;
234
235 r->cx.fd = -1; /* Stop select()ing */
236 stype = r->cx.auth ? "auth" : "acct";
237
238 switch (got) {
239 case RAD_ACCESS_ACCEPT:
240 log_Printf(LogPHASE, "Radius(%s): ACCEPT received\n", stype);
241 if (!r->cx.auth) {
242 rad_close(r->cx.rad);
243 return;
244 }
245 break;
246
247 case RAD_ACCESS_REJECT:
248 log_Printf(LogPHASE, "Radius(%s): REJECT received\n", stype);
249 if (!r->cx.auth) {
250 rad_close(r->cx.rad);
251 return;
252 }
253 break;
254
255 case RAD_ACCESS_CHALLENGE:
256 /* we can't deal with this (for now) ! */
257 log_Printf(LogPHASE, "Radius: CHALLENGE received (can't handle yet)\n");
258 if (r->cx.auth)
259 auth_Failure(r->cx.auth);
260 rad_close(r->cx.rad);
261 return;
262
263 case RAD_ACCOUNTING_RESPONSE:
264 log_Printf(LogPHASE, "Radius(%s): Accounting response received\n", stype);
265 if (r->cx.auth)
266 auth_Failure(r->cx.auth); /* unexpected !!! */
267
268 /* No further processing for accounting requests, please */
269 rad_close(r->cx.rad);
270 return;
271
272 case -1:
273 log_Printf(LogPHASE, "radius(%s): %s\n", stype, rad_strerror(r->cx.rad));
274 if (r->cx.auth)
275 auth_Failure(r->cx.auth);
276 rad_close(r->cx.rad);
277 return;
278
279 default:
280 log_Printf(LogERROR, "rad_send_request(%s): Failed %d: %s\n", stype,
281 got, rad_strerror(r->cx.rad));
282 if (r->cx.auth)
283 auth_Failure(r->cx.auth);
284 rad_close(r->cx.rad);
285 return;
286 }
287
288 /* Let's see what we've got in our reply */
289 r->ip.s_addr = r->mask.s_addr = INADDR_NONE;
290 r->mtu = 0;
291 r->vj = 0;
292 while ((res = rad_get_attr(r->cx.rad, &data, &len)) > 0) {
293 switch (res) {
294 case RAD_FRAMED_IP_ADDRESS:
295 r->ip = rad_cvt_addr(data);
296 log_Printf(LogPHASE, " IP %s\n", inet_ntoa(r->ip));
297 break;
298
299 case RAD_FILTER_ID:
300 free(r->filterid);
301 if ((r->filterid = rad_cvt_string(data, len)) == NULL) {
302 log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
303 auth_Failure(r->cx.auth);
304 rad_close(r->cx.rad);
305 return;
306 }
307 log_Printf(LogPHASE, " Filter \"%s\"\n", r->filterid);
308 break;
309
310 case RAD_SESSION_TIMEOUT:
311 r->sessiontime = rad_cvt_int(data);
312 log_Printf(LogPHASE, " Session-Timeout %lu\n", r->sessiontime);
313 break;
314
315 case RAD_FRAMED_IP_NETMASK:
316 r->mask = rad_cvt_addr(data);
317 log_Printf(LogPHASE, " Netmask %s\n", inet_ntoa(r->mask));
318 break;
319
320 case RAD_FRAMED_MTU:
321 r->mtu = rad_cvt_int(data);
322 log_Printf(LogPHASE, " MTU %lu\n", r->mtu);
323 break;
324
325 case RAD_FRAMED_ROUTING:
326 /* Disabled for now - should we automatically set up some filters ? */
327 /* rad_cvt_int(data); */
328 /* bit 1 = Send routing packets */
329 /* bit 2 = Receive routing packets */
330 break;
331
332 case RAD_FRAMED_COMPRESSION:
333 r->vj = rad_cvt_int(data) == 1 ? 1 : 0;
334 log_Printf(LogPHASE, " VJ %sabled\n", r->vj ? "en" : "dis");
335 break;
336
337 case RAD_FRAMED_ROUTE:
338 /*
339 * We expect a string of the format ``dest[/bits] gw [metrics]''
340 * Any specified metrics are ignored. MYADDR and HISADDR are
341 * understood for ``dest'' and ``gw'' and ``0.0.0.0'' is the same
342 * as ``HISADDR''.
343 */
344
345 if ((nuke = rad_cvt_string(data, len)) == NULL) {
346 log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
347 auth_Failure(r->cx.auth);
348 rad_close(r->cx.rad);
349 return;
350 }
351
352 log_Printf(LogPHASE, " Route: %s\n", nuke);
353 bundle = r->cx.auth->physical->dl->bundle;
354 ip.s_addr = INADDR_ANY;
355 ncprange_setip4host(&dest, ip);
356 argc = command_Interpret(nuke, strlen(nuke), argv);
357 if (argc < 0)
358 log_Printf(LogWARN, "radius: %s: Syntax error\n",
359 argc == 1 ? argv[0] : "\"\"");
360 else if (argc < 2)
361 log_Printf(LogWARN, "radius: %s: Invalid route\n",
362 argc == 1 ? argv[0] : "\"\"");
363 else if ((strcasecmp(argv[0], "default") != 0 &&
364 !ncprange_aton(&dest, &bundle->ncp, argv[0])) ||
365 !ncpaddr_aton(&gw, &bundle->ncp, argv[1]))
366 log_Printf(LogWARN, "radius: %s %s: Invalid route\n",
367 argv[0], argv[1]);
368 else {
369 ncprange_getwidth(&dest, &width);
370 if (width == 32 && strchr(argv[0], '/') == NULL) {
371 /* No mask specified - use the natural mask */
372 ncprange_getip4addr(&dest, &ip);
373 ncprange_setip4mask(&dest, addr2mask(ip));
374 }
375 addrs = 0;
376
377 if (!strncasecmp(argv[0], "HISADDR", 7))
378 addrs = ROUTE_DSTHISADDR;
379 else if (!strncasecmp(argv[0], "MYADDR", 6))
380 addrs = ROUTE_DSTMYADDR;
381
382 if (ncpaddr_getip4addr(&gw, &ipaddr) && ipaddr == INADDR_ANY) {
383 addrs |= ROUTE_GWHISADDR;
384 ncpaddr_setip4(&gw, bundle->ncp.ipcp.peer_ip);
385 } else if (strcasecmp(argv[1], "HISADDR") == 0)
386 addrs |= ROUTE_GWHISADDR;
387
388 route_Add(&r->routes, addrs, &dest, &gw);
389 }
390 free(nuke);
391 break;
392
393 case RAD_REPLY_MESSAGE:
394 free(r->repstr);
395 if ((r->repstr = rad_cvt_string(data, len)) == NULL) {
396 log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
397 auth_Failure(r->cx.auth);
398 rad_close(r->cx.rad);
399 return;
400 }
401 log_Printf(LogPHASE, " Reply-Message \"%s\"\n", r->repstr);
402 break;
403
404 case RAD_VENDOR_SPECIFIC:
405 if ((res = rad_get_vendor_attr(&vendor, &data, &len)) <= 0) {
406 log_Printf(LogERROR, "rad_get_vendor_attr: %s (failing!)\n",
407 rad_strerror(r->cx.rad));
408 auth_Failure(r->cx.auth);
409 rad_close(r->cx.rad);
410 return;
411 }
412
413 switch (vendor) {
414 case RAD_VENDOR_MICROSOFT:
415 switch (res) {
416 #ifndef NODES
417 case RAD_MICROSOFT_MS_CHAP_ERROR:
418 free(r->errstr);
419 if (len == 0)
420 r->errstr = NULL;
421 else {
422 if (len < 3 || ((const char *)data)[1] != '=') {
423 /*
424 * Only point at the String field if we don't think the
425 * peer has misformatted the response.
426 */
427 data = (const char *)data + 1;
428 len--;
429 } else
430 log_Printf(LogWARN, "Warning: The MS-CHAP-Error "
431 "attribute is mis-formatted. Compensating\n");
432 if ((r->errstr = rad_cvt_string((const char *)data,
433 len)) == NULL) {
434 log_Printf(LogERROR, "rad_cvt_string: %s\n",
435 rad_strerror(r->cx.rad));
436 auth_Failure(r->cx.auth);
437 rad_close(r->cx.rad);
438 return;
439 }
440 log_Printf(LogPHASE, " MS-CHAP-Error \"%s\"\n", r->errstr);
441 }
442 break;
443
444 case RAD_MICROSOFT_MS_CHAP2_SUCCESS:
445 free(r->msrepstr);
446 if (len == 0)
447 r->msrepstr = NULL;
448 else {
449 if (len < 3 || ((const char *)data)[1] != '=') {
450 /*
451 * Only point at the String field if we don't think the
452 * peer has misformatted the response.
453 */
454 data = (const char *)data + 1;
455 len--;
456 } else
457 log_Printf(LogWARN, "Warning: The MS-CHAP2-Success "
458 "attribute is mis-formatted. Compensating\n");
459 if ((r->msrepstr = rad_cvt_string((const char *)data,
460 len)) == NULL) {
461 log_Printf(LogERROR, "rad_cvt_string: %s\n",
462 rad_strerror(r->cx.rad));
463 auth_Failure(r->cx.auth);
464 rad_close(r->cx.rad);
465 return;
466 }
467 log_Printf(LogPHASE, " MS-CHAP2-Success \"%s\"\n",
468 r->msrepstr);
469 }
470 break;
471
472 case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY:
473 r->mppe.policy = rad_cvt_int(data);
474 log_Printf(LogPHASE, " MS-MPPE-Encryption-Policy %s\n",
475 radius_policyname(r->mppe.policy));
476 break;
477
478 case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES:
479 r->mppe.types = rad_cvt_int(data);
480 log_Printf(LogPHASE, " MS-MPPE-Encryption-Types %s\n",
481 radius_typesname(r->mppe.types));
482 break;
483
484 case RAD_MICROSOFT_MS_MPPE_RECV_KEY:
485 free(r->mppe.recvkey);
486 demangle(r, data, len, &r->mppe.recvkey, &r->mppe.recvkeylen);
487 log_Printf(LogPHASE, " MS-MPPE-Recv-Key ********\n");
488 break;
489
490 case RAD_MICROSOFT_MS_MPPE_SEND_KEY:
491 demangle(r, data, len, &r->mppe.sendkey, &r->mppe.sendkeylen);
492 log_Printf(LogPHASE, " MS-MPPE-Send-Key ********\n");
493 break;
494 #endif
495
496 default:
497 log_Printf(LogDEBUG, "Dropping MICROSOFT vendor specific "
498 "RADIUS attribute %d\n", res);
499 break;
500 }
501 break;
502
503 default:
504 log_Printf(LogDEBUG, "Dropping vendor %lu RADIUS attribute %d\n",
505 (unsigned long)vendor, res);
506 break;
507 }
508 break;
509
510 default:
511 log_Printf(LogDEBUG, "Dropping RADIUS attribute %d\n", res);
512 break;
513 }
514 }
515
516 if (res == -1) {
517 log_Printf(LogERROR, "rad_get_attr: %s (failing!)\n",
518 rad_strerror(r->cx.rad));
519 auth_Failure(r->cx.auth);
520 } else if (got == RAD_ACCESS_REJECT)
521 auth_Failure(r->cx.auth);
522 else {
523 r->valid = 1;
524 auth_Success(r->cx.auth);
525 }
526 rad_close(r->cx.rad);
527 }
528
529 /*
530 * We've either timed out or select()ed on the read descriptor
531 */
532 static void
radius_Continue(struct radius * r,int sel)533 radius_Continue(struct radius *r, int sel)
534 {
535 struct timeval tv;
536 int got;
537
538 timer_Stop(&r->cx.timer);
539 if ((got = rad_continue_send_request(r->cx.rad, sel, &r->cx.fd, &tv)) == 0) {
540 log_Printf(LogPHASE, "Radius: Request re-sent\n");
541 r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
542 timer_Start(&r->cx.timer);
543 return;
544 }
545
546 radius_Process(r, got);
547 }
548
549 /*
550 * Time to call rad_continue_send_request() - timed out.
551 */
552 static void
radius_Timeout(void * v)553 radius_Timeout(void *v)
554 {
555 radius_Continue((struct radius *)v, 0);
556 }
557
558 /*
559 * Time to call rad_continue_send_request() - something to read.
560 */
561 static void
radius_Read(struct fdescriptor * d,struct bundle * bundle __unused,const fd_set * fdset __unused)562 radius_Read(struct fdescriptor *d, struct bundle *bundle __unused, const fd_set *fdset __unused)
563 {
564 radius_Continue(descriptor2radius(d), 1);
565 }
566
567 /*
568 * Behave as a struct fdescriptor (descriptor.h)
569 */
570 static int
radius_UpdateSet(struct fdescriptor * d,fd_set * r,fd_set * w __unused,fd_set * e __unused,int * n)571 radius_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w __unused, fd_set *e __unused, int *n)
572 {
573 struct radius *rad = descriptor2radius(d);
574
575 if (r && rad->cx.fd != -1) {
576 FD_SET(rad->cx.fd, r);
577 if (*n < rad->cx.fd + 1)
578 *n = rad->cx.fd + 1;
579 log_Printf(LogTIMER, "Radius: fdset(r) %d\n", rad->cx.fd);
580 return 1;
581 }
582
583 return 0;
584 }
585
586 /*
587 * Behave as a struct fdescriptor (descriptor.h)
588 */
589 static int
radius_IsSet(struct fdescriptor * d,const fd_set * fdset)590 radius_IsSet(struct fdescriptor *d, const fd_set *fdset)
591 {
592 struct radius *r = descriptor2radius(d);
593
594 return r && r->cx.fd != -1 && FD_ISSET(r->cx.fd, fdset);
595 }
596
597 /*
598 * Behave as a struct fdescriptor (descriptor.h)
599 */
600 static int
radius_Write(struct fdescriptor * d __unused,struct bundle * bundle __unused,const fd_set * fdset __unused)601 radius_Write(struct fdescriptor *d __unused, struct bundle *bundle __unused, const fd_set *fdset __unused)
602 {
603 /* We never want to write here ! */
604 log_Printf(LogALERT, "radius_Write: Internal error: Bad call !\n");
605 return 0;
606 }
607
608 /*
609 * Initialise ourselves
610 */
611 void
radius_Init(struct radius * r)612 radius_Init(struct radius *r)
613 {
614 r->desc.type = RADIUS_DESCRIPTOR;
615 r->desc.UpdateSet = radius_UpdateSet;
616 r->desc.IsSet = radius_IsSet;
617 r->desc.Read = radius_Read;
618 r->desc.Write = radius_Write;
619 r->cx.fd = -1;
620 r->cx.rad = NULL;
621 memset(&r->cx.timer, '\0', sizeof r->cx.timer);
622 r->cx.auth = NULL;
623 r->valid = 0;
624 r->vj = 0;
625 r->ip.s_addr = INADDR_ANY;
626 r->mask.s_addr = INADDR_NONE;
627 r->routes = NULL;
628 r->mtu = DEF_MTU;
629 r->msrepstr = NULL;
630 r->repstr = NULL;
631 r->errstr = NULL;
632 r->mppe.policy = 0;
633 r->mppe.types = 0;
634 r->mppe.recvkey = NULL;
635 r->mppe.recvkeylen = 0;
636 r->mppe.sendkey = NULL;
637 r->mppe.sendkeylen = 0;
638 *r->cfg.file = '\0';
639 log_Printf(LogDEBUG, "Radius: radius_Init\n");
640 }
641
642 /*
643 * Forget everything and go back to initialised state.
644 */
645 void
radius_Destroy(struct radius * r)646 radius_Destroy(struct radius *r)
647 {
648 r->valid = 0;
649 log_Printf(LogDEBUG, "Radius: radius_Destroy\n");
650 timer_Stop(&r->cx.timer);
651 route_DeleteAll(&r->routes);
652 free(r->filterid);
653 r->filterid = NULL;
654 free(r->msrepstr);
655 r->msrepstr = NULL;
656 free(r->repstr);
657 r->repstr = NULL;
658 free(r->errstr);
659 r->errstr = NULL;
660 free(r->mppe.recvkey);
661 r->mppe.recvkey = NULL;
662 r->mppe.recvkeylen = 0;
663 free(r->mppe.sendkey);
664 r->mppe.sendkey = NULL;
665 r->mppe.sendkeylen = 0;
666 if (r->cx.fd != -1) {
667 r->cx.fd = -1;
668 rad_close(r->cx.rad);
669 }
670 }
671
672 static int
radius_put_physical_details(struct rad_handle * rad,struct physical * p)673 radius_put_physical_details(struct rad_handle *rad, struct physical *p)
674 {
675 int slot, type;
676
677 type = RAD_VIRTUAL;
678 if (p->handler)
679 switch (p->handler->type) {
680 case TTY_DEVICE:
681 type = RAD_ASYNC;
682 break;
683
684 case ETHER_DEVICE:
685 type = RAD_ETHERNET;
686 break;
687
688 case TCP_DEVICE:
689 case UDP_DEVICE:
690 case EXEC_DEVICE:
691 case ATM_DEVICE:
692 case NG_DEVICE:
693 type = RAD_VIRTUAL;
694 break;
695 }
696
697 if (rad_put_int(rad, RAD_NAS_PORT_TYPE, type) != 0) {
698 log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad));
699 rad_close(rad);
700 return 0;
701 }
702
703 if ((slot = physical_Slot(p)) >= 0)
704 if (rad_put_int(rad, RAD_NAS_PORT, slot) != 0) {
705 log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad));
706 rad_close(rad);
707 return 0;
708 }
709
710 return 1;
711 }
712
713 /*
714 * Start an authentication request to the RADIUS server.
715 */
716 int
radius_Authenticate(struct radius * r,struct authinfo * authp,const char * name,const char * key,int klen,const char * nchallenge,int nclen)717 radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,
718 const char *key, int klen, const char *nchallenge,
719 int nclen)
720 {
721 struct timeval tv;
722 int got;
723 char hostname[MAXHOSTNAMELEN];
724 #if 0
725 struct hostent *hp;
726 struct in_addr hostaddr;
727 #endif
728 #ifndef NODES
729 struct mschap_response msresp;
730 struct mschap2_response msresp2;
731 const struct MSCHAPv2_resp *keyv2;
732 #endif
733
734 if (!*r->cfg.file)
735 return 0;
736
737 if (r->cx.fd != -1)
738 /*
739 * We assume that our name/key/challenge is the same as last time,
740 * and just continue to wait for the RADIUS server(s).
741 */
742 return 1;
743
744 radius_Destroy(r);
745
746 if ((r->cx.rad = rad_auth_open()) == NULL) {
747 log_Printf(LogERROR, "rad_auth_open: %s\n", strerror(errno));
748 return 0;
749 }
750
751 if (rad_config(r->cx.rad, r->cfg.file) != 0) {
752 log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(r->cx.rad));
753 rad_close(r->cx.rad);
754 return 0;
755 }
756
757 if (rad_create_request(r->cx.rad, RAD_ACCESS_REQUEST) != 0) {
758 log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(r->cx.rad));
759 rad_close(r->cx.rad);
760 return 0;
761 }
762
763 if (rad_put_string(r->cx.rad, RAD_USER_NAME, name) != 0 ||
764 rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 ||
765 rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0) {
766 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
767 rad_close(r->cx.rad);
768 return 0;
769 }
770
771 switch (authp->physical->link.lcp.want_auth) {
772 case PROTO_PAP:
773 /* We're talking PAP */
774 if (rad_put_attr(r->cx.rad, RAD_USER_PASSWORD, key, klen) != 0) {
775 log_Printf(LogERROR, "PAP: rad_put_string: %s\n",
776 rad_strerror(r->cx.rad));
777 rad_close(r->cx.rad);
778 return 0;
779 }
780 break;
781
782 case PROTO_CHAP:
783 switch (authp->physical->link.lcp.want_authtype) {
784 case 0x5:
785 if (rad_put_attr(r->cx.rad, RAD_CHAP_PASSWORD, key, klen) != 0 ||
786 rad_put_attr(r->cx.rad, RAD_CHAP_CHALLENGE, nchallenge, nclen) != 0) {
787 log_Printf(LogERROR, "CHAP: rad_put_string: %s\n",
788 rad_strerror(r->cx.rad));
789 rad_close(r->cx.rad);
790 return 0;
791 }
792 break;
793
794 #ifndef NODES
795 case 0x80:
796 if (klen != 50) {
797 log_Printf(LogERROR, "CHAP80: Unrecognised key length %d\n", klen);
798 rad_close(r->cx.rad);
799 return 0;
800 }
801
802 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
803 RAD_MICROSOFT_MS_CHAP_CHALLENGE, nchallenge, nclen);
804 msresp.ident = *key;
805 msresp.flags = 0x01;
806 memcpy(msresp.lm_response, key + 1, 24);
807 memcpy(msresp.nt_response, key + 25, 24);
808 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
809 RAD_MICROSOFT_MS_CHAP_RESPONSE, &msresp,
810 sizeof msresp);
811 break;
812
813 case 0x81:
814 if (klen != sizeof(*keyv2) + 1) {
815 log_Printf(LogERROR, "CHAP81: Unrecognised key length %d\n", klen);
816 rad_close(r->cx.rad);
817 return 0;
818 }
819
820 keyv2 = (const struct MSCHAPv2_resp *)(key + 1);
821 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
822 RAD_MICROSOFT_MS_CHAP_CHALLENGE, nchallenge, nclen);
823 msresp2.ident = *key;
824 msresp2.flags = keyv2->Flags;
825 memcpy(msresp2.response, keyv2->NTResponse, sizeof msresp2.response);
826 memset(msresp2.reserved, '\0', sizeof msresp2.reserved);
827 memcpy(msresp2.pchallenge, keyv2->PeerChallenge,
828 sizeof msresp2.pchallenge);
829 rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT,
830 RAD_MICROSOFT_MS_CHAP2_RESPONSE, &msresp2,
831 sizeof msresp2);
832 break;
833 #endif
834 default:
835 log_Printf(LogERROR, "CHAP: Unrecognised type 0x%02x\n",
836 authp->physical->link.lcp.want_authtype);
837 rad_close(r->cx.rad);
838 return 0;
839 }
840 }
841
842 if (gethostname(hostname, sizeof hostname) != 0)
843 log_Printf(LogERROR, "rad_put: gethostname(): %s\n", strerror(errno));
844 else {
845 #if 0
846 if ((hp = gethostbyname(hostname)) != NULL) {
847 hostaddr.s_addr = *(u_long *)hp->h_addr;
848 if (rad_put_addr(r->cx.rad, RAD_NAS_IP_ADDRESS, hostaddr) != 0) {
849 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
850 rad_strerror(r->cx.rad));
851 rad_close(r->cx.rad);
852 return 0;
853 }
854 }
855 #endif
856 if (rad_put_string(r->cx.rad, RAD_NAS_IDENTIFIER, hostname) != 0) {
857 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
858 rad_strerror(r->cx.rad));
859 rad_close(r->cx.rad);
860 return 0;
861 }
862 }
863
864 radius_put_physical_details(r->cx.rad, authp->physical);
865
866 r->cx.auth = authp;
867 if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))
868 radius_Process(r, got);
869 else {
870 log_Printf(LogPHASE, "Radius: Request sent\n");
871 log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout);
872 r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
873 r->cx.timer.func = radius_Timeout;
874 r->cx.timer.name = "radius auth";
875 r->cx.timer.arg = r;
876 timer_Start(&r->cx.timer);
877 }
878
879 return 1;
880 }
881
882 /*
883 * Send an accounting request to the RADIUS server
884 */
885 void
radius_Account(struct radius * r,struct radacct * ac,struct datalink * dl,int acct_type,struct in_addr * peer_ip,struct in_addr * netmask,struct pppThroughput * stats)886 radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl,
887 int acct_type, struct in_addr *peer_ip, struct in_addr *netmask,
888 struct pppThroughput *stats)
889 {
890 struct timeval tv;
891 int got;
892 char hostname[MAXHOSTNAMELEN];
893 #if 0
894 struct hostent *hp;
895 struct in_addr hostaddr;
896 #endif
897
898 if (!*r->cfg.file)
899 return;
900
901 if (r->cx.fd != -1)
902 /*
903 * We assume that our name/key/challenge is the same as last time,
904 * and just continue to wait for the RADIUS server(s).
905 */
906 return;
907
908 timer_Stop(&r->cx.timer);
909
910 if ((r->cx.rad = rad_acct_open()) == NULL) {
911 log_Printf(LogERROR, "rad_auth_open: %s\n", strerror(errno));
912 return;
913 }
914
915 if (rad_config(r->cx.rad, r->cfg.file) != 0) {
916 log_Printf(LogERROR, "rad_config: %s\n", rad_strerror(r->cx.rad));
917 rad_close(r->cx.rad);
918 return;
919 }
920
921 if (rad_create_request(r->cx.rad, RAD_ACCOUNTING_REQUEST) != 0) {
922 log_Printf(LogERROR, "rad_create_request: %s\n", rad_strerror(r->cx.rad));
923 rad_close(r->cx.rad);
924 return;
925 }
926
927 /* Grab some accounting data and initialize structure */
928 if (acct_type == RAD_START) {
929 ac->rad_parent = r;
930 /* Fetch username from datalink */
931 strncpy(ac->user_name, dl->peer.authname, sizeof ac->user_name);
932 ac->user_name[AUTHLEN-1] = '\0';
933
934 ac->authentic = 2; /* Assume RADIUS verified auth data */
935
936 /* Generate a session ID */
937 snprintf(ac->session_id, sizeof ac->session_id, "%s%ld-%s%lu",
938 dl->bundle->cfg.auth.name, (long)getpid(),
939 dl->peer.authname, (unsigned long)stats->uptime);
940
941 /* And grab our MP socket name */
942 snprintf(ac->multi_session_id, sizeof ac->multi_session_id, "%s",
943 dl->bundle->ncp.mp.active ?
944 dl->bundle->ncp.mp.server.socket.sun_path : "");
945
946 /* Fetch IP, netmask from IPCP */
947 memcpy(&ac->ip, peer_ip, sizeof(ac->ip));
948 memcpy(&ac->mask, netmask, sizeof(ac->mask));
949 }
950
951 if (rad_put_string(r->cx.rad, RAD_USER_NAME, ac->user_name) != 0 ||
952 rad_put_int(r->cx.rad, RAD_SERVICE_TYPE, RAD_FRAMED) != 0 ||
953 rad_put_int(r->cx.rad, RAD_FRAMED_PROTOCOL, RAD_PPP) != 0 ||
954 rad_put_addr(r->cx.rad, RAD_FRAMED_IP_ADDRESS, ac->ip) != 0 ||
955 rad_put_addr(r->cx.rad, RAD_FRAMED_IP_NETMASK, ac->mask) != 0) {
956 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
957 rad_close(r->cx.rad);
958 return;
959 }
960
961 if (gethostname(hostname, sizeof hostname) != 0)
962 log_Printf(LogERROR, "rad_put: gethostname(): %s\n", strerror(errno));
963 else {
964 #if 0
965 if ((hp = gethostbyname(hostname)) != NULL) {
966 hostaddr.s_addr = *(u_long *)hp->h_addr;
967 if (rad_put_addr(r->cx.rad, RAD_NAS_IP_ADDRESS, hostaddr) != 0) {
968 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
969 rad_strerror(r->cx.rad));
970 rad_close(r->cx.rad);
971 return;
972 }
973 }
974 #endif
975 if (rad_put_string(r->cx.rad, RAD_NAS_IDENTIFIER, hostname) != 0) {
976 log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
977 rad_strerror(r->cx.rad));
978 rad_close(r->cx.rad);
979 return;
980 }
981 }
982
983 radius_put_physical_details(r->cx.rad, dl->physical);
984
985 if (rad_put_int(r->cx.rad, RAD_ACCT_STATUS_TYPE, acct_type) != 0 ||
986 rad_put_string(r->cx.rad, RAD_ACCT_SESSION_ID, ac->session_id) != 0 ||
987 rad_put_string(r->cx.rad, RAD_ACCT_MULTI_SESSION_ID,
988 ac->multi_session_id) != 0 ||
989 rad_put_int(r->cx.rad, RAD_ACCT_DELAY_TIME, 0) != 0) {
990 /* XXX ACCT_DELAY_TIME should be increased each time a packet is waiting */
991 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
992 rad_close(r->cx.rad);
993 return;
994 }
995
996 if (acct_type == RAD_STOP)
997 /* Show some statistics */
998 if (rad_put_int(r->cx.rad, RAD_ACCT_INPUT_OCTETS, stats->OctetsIn) != 0 ||
999 rad_put_int(r->cx.rad, RAD_ACCT_INPUT_PACKETS, stats->PacketsIn) != 0 ||
1000 rad_put_int(r->cx.rad, RAD_ACCT_OUTPUT_OCTETS, stats->OctetsOut) != 0 ||
1001 rad_put_int(r->cx.rad, RAD_ACCT_OUTPUT_PACKETS, stats->PacketsOut)
1002 != 0 ||
1003 rad_put_int(r->cx.rad, RAD_ACCT_SESSION_TIME, throughput_uptime(stats))
1004 != 0) {
1005 log_Printf(LogERROR, "rad_put: %s\n", rad_strerror(r->cx.rad));
1006 rad_close(r->cx.rad);
1007 return;
1008 }
1009
1010 r->cx.auth = NULL; /* Not valid for accounting requests */
1011 if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))
1012 radius_Process(r, got);
1013 else {
1014 log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout);
1015 r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
1016 r->cx.timer.func = radius_Timeout;
1017 r->cx.timer.name = "radius acct";
1018 r->cx.timer.arg = r;
1019 timer_Start(&r->cx.timer);
1020 }
1021 }
1022
1023 /*
1024 * How do things look at the moment ?
1025 */
1026 void
radius_Show(struct radius * r,struct prompt * p)1027 radius_Show(struct radius *r, struct prompt *p)
1028 {
1029 prompt_Printf(p, " Radius config: %s",
1030 *r->cfg.file ? r->cfg.file : "none");
1031 if (r->valid) {
1032 prompt_Printf(p, "\n IP: %s\n", inet_ntoa(r->ip));
1033 prompt_Printf(p, " Netmask: %s\n", inet_ntoa(r->mask));
1034 prompt_Printf(p, " MTU: %lu\n", r->mtu);
1035 prompt_Printf(p, " VJ: %sabled\n", r->vj ? "en" : "dis");
1036 prompt_Printf(p, " Message: %s\n", r->repstr ? r->repstr : "");
1037 prompt_Printf(p, " MPPE Enc Policy: %s\n",
1038 radius_policyname(r->mppe.policy));
1039 prompt_Printf(p, " MPPE Enc Types: %s\n",
1040 radius_typesname(r->mppe.types));
1041 prompt_Printf(p, " MPPE Recv Key: %seceived\n",
1042 r->mppe.recvkey ? "R" : "Not r");
1043 prompt_Printf(p, " MPPE Send Key: %seceived\n",
1044 r->mppe.sendkey ? "R" : "Not r");
1045 prompt_Printf(p, " MS-CHAP2-Response: %s\n",
1046 r->msrepstr ? r->msrepstr : "");
1047 prompt_Printf(p, " Error Message: %s\n", r->errstr ? r->errstr : "");
1048 if (r->routes)
1049 route_ShowSticky(p, r->routes, " Routes", 16);
1050 } else
1051 prompt_Printf(p, " (not authenticated)\n");
1052 }
1053