From ad8a64712246694674bd892806ebd9e72e5341ea Mon Sep 17 00:00:00 2001 From: yasuoka Date: Mon, 26 Feb 2024 10:42:05 +0000 Subject: [PATCH] Add NAS-Identifier "npppd" for RADIUS requests. Also send Accouting-On when RADIUS accounting is configured. --- usr.sbin/npppd/npppd/npppd_auth.c | 10 ++++- usr.sbin/npppd/npppd/npppd_auth_local.h | 5 ++- usr.sbin/npppd/npppd/npppd_radius.c | 54 ++++++++++++++++++++++++- usr.sbin/npppd/npppd/npppd_radius.h | 1 + usr.sbin/npppd/npppd/ppp.c | 9 ++++- 5 files changed, 73 insertions(+), 6 deletions(-) diff --git a/usr.sbin/npppd/npppd/npppd_auth.c b/usr.sbin/npppd/npppd/npppd_auth.c index 6931257978c..3c6170e382d 100644 --- a/usr.sbin/npppd/npppd/npppd_auth.c +++ b/usr.sbin/npppd/npppd/npppd_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: npppd_auth.c,v 1.22 2021/03/29 03:54:39 yasuoka Exp $ */ +/* $OpenBSD: npppd_auth.c,v 1.23 2024/02/26 10:42:05 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -26,7 +26,7 @@ * SUCH DAMAGE. */ /**@file authentication realm */ -/* $Id: npppd_auth.c,v 1.22 2021/03/29 03:54:39 yasuoka Exp $ */ +/* $Id: npppd_auth.c,v 1.23 2024/02/26 10:42:05 yasuoka Exp $ */ #include #include #include @@ -49,6 +49,7 @@ #include "net_utils.h" #include "npppd_auth_local.h" +#include "npppd_radius.h" /** * Create a npppd_auth_base object. @@ -597,6 +598,11 @@ npppd_auth_radius_reload(npppd_auth_base *base, struct authconf *auth) "server%s.", nauth, (nauth > 1)? "s" : "", nacct, (nacct > 1)? "s" : ""); + if (nacct > 0 && _this->rad_acct_on == 0) { + radius_acct_on(base->npppd, _this->rad_acct_setting); + _this->rad_acct_on = 1; + } + return 0; } diff --git a/usr.sbin/npppd/npppd/npppd_auth_local.h b/usr.sbin/npppd/npppd/npppd_auth_local.h index 2ae55d2abc5..686333dc8bf 100644 --- a/usr.sbin/npppd/npppd/npppd_auth_local.h +++ b/usr.sbin/npppd/npppd/npppd_auth_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: npppd_auth_local.h,v 1.8 2017/08/11 16:41:47 goda Exp $ */ +/* $OpenBSD: npppd_auth_local.h,v 1.9 2024/02/26 10:42:05 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -70,6 +70,9 @@ struct _npppd_auth_radius { /** RADIUS accounting server setting */ radius_req_setting *rad_acct_setting; + + /** Whether RADIUS accounting-on is noticed */ + int rad_acct_on; }; #endif diff --git a/usr.sbin/npppd/npppd/npppd_radius.c b/usr.sbin/npppd/npppd/npppd_radius.c index d9d67893f27..2e0c4c75705 100644 --- a/usr.sbin/npppd/npppd/npppd_radius.c +++ b/usr.sbin/npppd/npppd/npppd_radius.c @@ -1,4 +1,4 @@ -/* $Id: npppd_radius.c,v 1.9 2024/02/26 08:47:28 yasuoka Exp $ */ +/* $Id: npppd_radius.c,v 1.10 2024/02/26 10:42:05 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. * All rights reserved. @@ -62,6 +62,7 @@ static int l2tp_put_tunnel_attributes(RADIUS_PACKET *, void *); static int pptp_put_tunnel_attributes(RADIUS_PACKET *, void *); static int radius_acct_request(npppd *, npppd_ppp *, int ); +static void radius_acct_on_cb(void *, RADIUS_PACKET *, int, RADIUS_REQUEST_CTX); static void npppd_ppp_radius_acct_reqcb(void *, RADIUS_PACKET *, int, RADIUS_REQUEST_CTX); /*********************************************************************** @@ -217,6 +218,9 @@ radius_acct_request(npppd *pppd, npppd_ppp *ppp, int stop) ATTR_INT32(RADIUS_TYPE_NAS_PORT, ppp->id); /* npppd has no physical / virtual ports in design. */ + /* RFC 2865 5.32. NAS-Identifier */ + ATTR_STR(RADIUS_TYPE_NAS_IDENTIFIER, "npppd"); + /* RFC 2865 5.31. Calling-Station-Id */ if (ppp->calling_number[0] != '\0') ATTR_STR(RADIUS_TYPE_CALLING_STATION_ID, ppp->calling_number); @@ -317,6 +321,54 @@ fail: return -1; } +void +radius_acct_on(npppd *pppd, radius_req_setting *rad_setting) +{ + RADIUS_REQUEST_CTX radctx = NULL; + RADIUS_PACKET *radpkt = NULL; + + if (!radius_req_setting_has_server(rad_setting)) + return; + if ((radpkt = radius_new_request_packet(RADIUS_CODE_ACCOUNTING_REQUEST)) + == NULL) + goto fail; + + if (radius_prepare(rad_setting, NULL, &radctx, radius_acct_on_cb) != 0) + goto fail; + + /* + * RFC 2865 "5.4. NAS-IP-Address" or RFC 3162 "2.1. NAS-IPv6-Address" + */ + if (radius_prepare_nas_address(rad_setting, radpkt) != 0) + goto fail; + + /* RFC 2865 "5.41. NAS-Port-Type" */ + ATTR_INT32(RADIUS_TYPE_NAS_PORT_TYPE, RADIUS_NAS_PORT_TYPE_VIRTUAL); + + /* RFC 2866 5.1. Acct-Status-Type */ + ATTR_INT32(RADIUS_TYPE_ACCT_STATUS_TYPE, RADIUS_ACCT_STATUS_TYPE_ACCT_ON); + /* RFC 2865 5.32. NAS-Identifier */ + ATTR_STR(RADIUS_TYPE_NAS_IDENTIFIER, "npppd"); + + /* Send the request */ + radius_request(radctx, radpkt); + + return; + fail: + if (radctx != NULL) + radius_cancel_request(radctx); + if (radpkt != NULL) + radius_delete_packet(radpkt); +} + +static void +radius_acct_on_cb(void *context, RADIUS_PACKET *pkt, int flags, + RADIUS_REQUEST_CTX ctx) +{ + if ((flags & (RADIUS_REQUEST_TIMEOUT | RADIUS_REQUEST_ERROR)) != 0) + radius_request_failover(ctx); +} + #ifdef USE_NPPPD_PPTP #include "pptp.h" #endif diff --git a/usr.sbin/npppd/npppd/npppd_radius.h b/usr.sbin/npppd/npppd/npppd_radius.h index e9b7d743681..a1334545e2b 100644 --- a/usr.sbin/npppd/npppd/npppd_radius.h +++ b/usr.sbin/npppd/npppd/npppd_radius.h @@ -9,6 +9,7 @@ void ppp_proccess_radius_framed_ip (npppd_ppp *, RADIUS_PACKET *); int ppp_set_radius_attrs_for_authreq (npppd_ppp *, radius_req_setting *, RADIUS_PACKET *); void npppd_ppp_radius_acct_start (npppd *, npppd_ppp *); void npppd_ppp_radius_acct_stop (npppd *, npppd_ppp *); +void radius_acct_on(npppd *, radius_req_setting *); #ifdef __cplusplus } diff --git a/usr.sbin/npppd/npppd/ppp.c b/usr.sbin/npppd/npppd/ppp.c index 7fedb53acf2..64716acc9ef 100644 --- a/usr.sbin/npppd/npppd/ppp.c +++ b/usr.sbin/npppd/npppd/ppp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ppp.c,v 1.30 2021/03/29 03:54:39 yasuoka Exp $ */ +/* $OpenBSD: ppp.c,v 1.31 2024/02/26 10:42:05 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ -/* $Id: ppp.c,v 1.30 2021/03/29 03:54:39 yasuoka Exp $ */ +/* $Id: ppp.c,v 1.31 2024/02/26 10:42:05 yasuoka Exp $ */ /**@file * This file provides PPP(Point-to-Point Protocol, RFC 1661) and * {@link :: _npppd_ppp PPP instance} related functions. @@ -1094,6 +1094,11 @@ ppp_set_radius_attrs_for_authreq(npppd_ppp *_this, if (radius_prepare_nas_address(rad_setting, radpkt) != 0) goto fail; + /* RFC 2865 5.32. NAS-Identifier */ + if (radius_put_string_attr(radpkt, RADIUS_TYPE_NAS_IDENTIFIER, "npppd") + != 0) + goto fail; + /* RFC 2865 "5.6. Service-Type" */ if (radius_put_uint32_attr(radpkt, RADIUS_TYPE_SERVICE_TYPE, RADIUS_SERVICE_TYPE_FRAMED) != 0) -- 2.20.1