radius related functions from ppp.c to npppd_radius.c.
-/* $OpenBSD: chap.c,v 1.18 2024/02/26 08:47:28 yasuoka Exp $ */
+/* $OpenBSD: chap.c,v 1.19 2024/07/01 07:09:07 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
* </ul></p>
*/
/* RFC 1994, 2433 */
-/* $Id: chap.c,v 1.18 2024/02/26 08:47:28 yasuoka Exp $ */
+/* $Id: chap.c,v 1.19 2024/07/01 07:09:07 yasuoka Exp $ */
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
break;
}
}
- ppp_process_radius_framed_ip(_this->ppp, pkt);
+ ppp_process_radius_attrs(_this->ppp, pkt);
return;
auth_failed:
-.\" $OpenBSD: npppd.conf.5,v 1.32 2023/03/02 17:09:53 jmc Exp $
+.\" $OpenBSD: npppd.conf.5,v 1.33 2024/07/01 07:09:07 yasuoka Exp $
.\"
.\" Copyright (c) 2012 YASUOKA Masahiko <yasuoka@openbsd.org>
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: March 2 2023 $
+.Dd $Mdocdate: July 1 2024 $
.Dt NPPPD.CONF 5
.Os
.Sh NAME
This option can be used multiple times.
.It Ic dns-servers Ar primary-server-address Op Ar secondary-server-address
Specify the DNS servers' IP addresses.
+When this option is not specified and the authenticated realm
+.Pq eq. the RADIUS server
+specifies the DNS server addresses,
+they are used as the default.
+To stop using them any case,
+configure
+.Qq 0.0.0.0 .
.It Ic nbns-servers Ar primary-server-address Op Ar secondary-server-address
Specify the NetBIOS name servers' IP addresses.
+When this option is not specified and the authenticated realm
+.Pq eq. the RADIUS server
+specifies the NetBIOS server addresses,
+they are used as the default.
+To stop using them any case,
+configure
+.Qq 0.0.0.0 .
.It Ic allow-user-selected-address Ar yes | no
Specify whether
.Xr npppd 8
-/* $OpenBSD: npppd.h,v 1.19 2017/08/12 11:20:34 goda Exp $ */
+/* $OpenBSD: npppd.h,v 1.20 2024/07/01 07:09:07 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
TAILQ_ENTRY(ipcpconf) entry;
char name[NPPPD_GENERIC_NAME_LEN];
bool dns_use_resolver;
+ bool dns_configured;
struct in_addr dns_servers[2];
+ bool nbns_configured;
struct in_addr nbns_servers[2];
bool allow_user_select;
struct in_addr_range *dynamic_pool;
-/* $Id: npppd_radius.c,v 1.10 2024/02/26 10:42:05 yasuoka Exp $ */
+/* $Id: npppd_radius.c,v 1.11 2024/07/01 07:09:07 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
* All rights reserved.
#include <sys/syslog.h>
#include <netinet/in.h>
#include <net/if_dl.h>
+#include <arpa/inet.h>
#include <stdio.h>
#include <netdb.h>
#include <stdint.h>
* the given RADIUS packet and set them as the fields of ppp context.
*/
void
-ppp_proccess_radius_framed_ip(npppd_ppp *_this, RADIUS_PACKET *pkt)
+ppp_process_radius_attrs(npppd_ppp *_this, RADIUS_PACKET *pkt)
{
- struct in_addr ip4;
+ struct in_addr ip4;
+ int got_pri, got_sec;
+ char buf0[40], buf1[40];
if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_FRAMED_IP_ADDRESS, &ip4)
== 0)
== 0)
_this->realm_framed_ip_netmask = ip4;
#endif
+
+ if (!ppp_ipcp(_this)->dns_configured) {
+ got_pri = got_sec = 0;
+ if (radius_get_vs_ipv4_attr(pkt, RADIUS_VENDOR_MICROSOFT,
+ RADIUS_VTYPE_MS_PRIMARY_DNS_SERVER, &ip4) == 0) {
+ got_pri = 1;
+ _this->ipcp.dns_pri = ip4;
+ }
+ if (radius_get_vs_ipv4_attr(pkt, RADIUS_VENDOR_MICROSOFT,
+ RADIUS_VTYPE_MS_SECONDARY_DNS_SERVER, &ip4) == 0) {
+ got_sec = 1;
+ _this->ipcp.dns_sec = ip4;
+ }
+ if (got_pri || got_sec)
+ ppp_log(_this, LOG_INFO, "DNS server address%s "
+ "(%s%s%s) %s configured by RADIUS server",
+ ((got_pri + got_sec) > 1)? "es" : "",
+ (got_pri)? inet_ntop(AF_INET, &_this->ipcp.dns_pri,
+ buf0, sizeof(buf0)) : "",
+ (got_pri != 0 && got_sec != 0)? "," : "",
+ (got_sec)? inet_ntop(AF_INET, &_this->ipcp.dns_sec,
+ buf1, sizeof(buf1)) : "",
+ ((got_pri + got_sec) > 1)? "are" : "is");
+ }
+ if (!ppp_ipcp(_this)->nbns_configured) {
+ got_pri = got_sec = 0;
+ if (radius_get_vs_ipv4_attr(pkt, RADIUS_VENDOR_MICROSOFT,
+ RADIUS_VTYPE_MS_PRIMARY_NBNS_SERVER, &ip4) == 0) {
+ got_pri = 1;
+ _this->ipcp.nbns_pri = ip4;
+ }
+ if (radius_get_vs_ipv4_attr(pkt, RADIUS_VENDOR_MICROSOFT,
+ RADIUS_VTYPE_MS_SECONDARY_NBNS_SERVER, &ip4) == 0) {
+ got_sec = 1;
+ _this->ipcp.nbns_sec = ip4;
+ }
+ if (got_pri || got_sec)
+ ppp_log(_this, LOG_INFO, "NBNS server address%s "
+ "(%s%s%s) %s configured by RADIUS server",
+ ((got_pri + got_sec) > 1)? "es" : "",
+ (got_pri)? inet_ntop(AF_INET, &_this->ipcp.nbns_pri,
+ buf0, sizeof(buf0)) : "",
+ (got_pri != 0 && got_sec != 0)? "," : "",
+ (got_sec)? inet_ntop(AF_INET, &_this->ipcp.nbns_sec,
+ buf1, sizeof(buf1)) : "",
+ ((got_pri + got_sec) > 1)? "are" : "is");
+ }
}
/***********************************************************************
#endif
return 1;
}
+
+/**
+ * Set RADIUS attributes for RADIUS authentication request.
+ * Return 0 on success.
+ */
+int
+ppp_set_radius_attrs_for_authreq(npppd_ppp *_this,
+ radius_req_setting *rad_setting, RADIUS_PACKET *radpkt)
+{
+ /* RFC 2865 "5.4 NAS-IP-Address" or RFC3162 "2.1. NAS-IPv6-Address" */
+ if (radius_prepare_nas_address(rad_setting, radpkt) != 0)
+ goto fail;
+
+ /* RFC 2865 "5.6. Service-Type" */
+ if (radius_put_uint32_attr(radpkt, RADIUS_TYPE_SERVICE_TYPE,
+ RADIUS_SERVICE_TYPE_FRAMED) != 0)
+ goto fail;
+
+ /* RFC 2865 "5.7. Framed-Protocol" */
+ if (radius_put_uint32_attr(radpkt, RADIUS_TYPE_FRAMED_PROTOCOL,
+ RADIUS_FRAMED_PROTOCOL_PPP) != 0)
+ goto fail;
+
+ if (_this->calling_number[0] != '\0') {
+ if (radius_put_string_attr(radpkt,
+ RADIUS_TYPE_CALLING_STATION_ID, _this->calling_number) != 0)
+ return 1;
+ }
+ return 0;
+fail:
+ return 1;
+}
-/* $OpenBSD: pap.c,v 1.13 2024/02/26 08:47:28 yasuoka Exp $ */
+/* $OpenBSD: pap.c,v 1.14 2024/07/01 07:09:07 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* $Id: pap.c,v 1.13 2024/02/26 08:47:28 yasuoka Exp $ */
+/* $Id: pap.c,v 1.14 2024/07/01 07:09:07 yasuoka Exp $ */
/**@file
* This file provides Password Authentication Protocol (PAP) handlers.
* @author Yasuoka Masahiko
}
/* Authentication succeeded */
pap_response(_this, 1, DEFAULT_SUCCESS_MESSAGE);
- ppp_process_radius_framed_ip(_this->ppp, pkt);
+ ppp_process_radius_attrs(_this->ppp, pkt);
return;
auth_failed:
-/* $OpenBSD: parse.y,v 1.27 2023/04/19 13:33:37 jsg Exp $ */
+/* $OpenBSD: parse.y,v 1.28 2024/07/01 07:09:07 yasuoka Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
}
| DNS_SERVERS in4_addr in4_addr {
curr_ipcpconf->dns_use_resolver = false;
+ curr_ipcpconf->dns_configured = true;
curr_ipcpconf->dns_servers[0] = $2;
curr_ipcpconf->dns_servers[1] = $3;
}
| DNS_SERVERS in4_addr {
curr_ipcpconf->dns_use_resolver = false;
+ curr_ipcpconf->dns_configured = true;
curr_ipcpconf->dns_servers[0] = $2;
curr_ipcpconf->dns_servers[1].s_addr = 0;
}
| NBNS_SERVERS in4_addr in4_addr {
+ curr_ipcpconf->nbns_configured = true;
curr_ipcpconf->nbns_servers[0] = $2;
curr_ipcpconf->nbns_servers[1] = $3;
}
| NBNS_SERVERS in4_addr {
+ curr_ipcpconf->nbns_configured = true;
curr_ipcpconf->nbns_servers[0] = $2;
curr_ipcpconf->nbns_servers[1].s_addr = 0;
}
-/* $OpenBSD: ppp.c,v 1.31 2024/02/26 10:42:05 yasuoka Exp $ */
+/* $OpenBSD: ppp.c,v 1.32 2024/07/01 07:09:07 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/* $Id: ppp.c,v 1.31 2024/02/26 10:42:05 yasuoka Exp $ */
+/* $Id: ppp.c,v 1.32 2024/07/01 07:09:07 yasuoka Exp $ */
/**@file
* This file provides PPP(Point-to-Point Protocol, RFC 1661) and
* {@link :: _npppd_ppp PPP instance} related functions.
return status;
}
-#ifdef USE_NPPPD_RADIUS
-#define UCHAR_BUFSIZ 255
-/**
- * Process the Framed-IP-Address attribute and the Framed-IP-Netmask
- * attribute of given RADIUS packet.
- */
-void
-ppp_process_radius_framed_ip(npppd_ppp *_this, RADIUS_PACKET *pkt)
-{
- struct in_addr ip4;
-
- if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_FRAMED_IP_ADDRESS, &ip4)
- == 0)
- _this->realm_framed_ip_address = ip4;
-
- _this->realm_framed_ip_netmask.s_addr = 0xffffffffL;
- if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_FRAMED_IP_NETMASK, &ip4)
- == 0)
- _this->realm_framed_ip_netmask = ip4;
-}
-
-/**
- * Set RADIUS attributes for RADIUS authentication request.
- * Return 0 on success.
- */
-int
-ppp_set_radius_attrs_for_authreq(npppd_ppp *_this,
- radius_req_setting *rad_setting, RADIUS_PACKET *radpkt)
-{
- /* RFC 2865 "5.4 NAS-IP-Address" or RFC3162 "2.1. NAS-IPv6-Address" */
- if (radius_prepare_nas_address(rad_setting, radpkt) != 0)
- goto fail;
-
- /* RFC 2865 5.32. NAS-Identifier */
- if (radius_put_string_attr(radpkt, RADIUS_TYPE_NAS_IDENTIFIER, "npppd")
- != 0)
- goto fail;
-
- /* RFC 2865 "5.6. Service-Type" */
- if (radius_put_uint32_attr(radpkt, RADIUS_TYPE_SERVICE_TYPE,
- RADIUS_SERVICE_TYPE_FRAMED) != 0)
- goto fail;
-
- /* RFC 2865 "5.7. Framed-Protocol" */
- if (radius_put_uint32_attr(radpkt, RADIUS_TYPE_FRAMED_PROTOCOL,
- RADIUS_FRAMED_PROTOCOL_PPP) != 0)
- goto fail;
-
- if (_this->calling_number[0] != '\0') {
- if (radius_put_string_attr(radpkt,
- RADIUS_TYPE_CALLING_STATION_ID, _this->calling_number) != 0)
- return 1;
- }
- return 0;
-fail:
- return 1;
-}
-#endif
-
#ifdef USE_NPPPD_PIPEX
/** The callback function on network is available for pipex */
static void
-/* $OpenBSD: ppp.h,v 1.24 2022/12/28 21:30:17 jmc Exp $ */
+/* $OpenBSD: ppp.h,v 1.25 2024/07/01 07:09:07 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
int ppp_log (npppd_ppp *, int, const char *, ...) __printflike(3,4);
void ppp_reset_idle_timeout(npppd_ppp *);
#ifdef USE_NPPPD_RADIUS
-void ppp_process_radius_framed_ip (npppd_ppp *, RADIUS_PACKET *);
+void ppp_process_radius_attrs (npppd_ppp *, RADIUS_PACKET *);
int ppp_set_radius_attrs_for_authreq (npppd_ppp *, radius_req_setting *, RADIUS_PACKET *);
#endif
struct tunnconf *ppp_get_tunnconf(npppd_ppp *);
projects / openbsd / commitdiff