Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	usr.sbin/npppd/npppd/npppd_radius.c	Lines:	0	124	0.0 %
Date:	2017-11-07	Branches:	0	137	0.0 %


/* $Id: npppd_radius.c,v 1.8 2015/07/23 09:04:06 yasuoka Exp $ */
/*-
 * Copyright (c) 2009 Internet Initiative Japan Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE"AUTHOR" AND CONTRIBUTORS AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

/*
 *	RFC 2865 Remote Authentication Dial In User Service (RADIUS)
 *	RFC 2866 RADIUS Accounting
 *	RFC 2868 RADIUS Attributes for Tunnel Protocol Support
 *	RFC 2869 RADIUS Extensions
 */

#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/syslog.h>
#include <netinet/in.h>
#include <net/if_dl.h>
#include <stdio.h>
#include <netdb.h>
#include <stdint.h>
#include <string.h>
#include <stdbool.h>
#include <radius.h>

#include <event.h>

#include "radius_req.h"
#include "npppd_local.h"
#include "npppd_radius.h"

#ifdef NPPPD_RADIUS_DEBUG
#define NPPPD_RADIUS_DBG(x) 	ppp_log x
#define NPPPD_RADIUS_ASSERT(x)	ASSERT(x)
#else
#define NPPPD_RADIUS_DBG(x)
#define NPPPD_RADIUS_ASSERT(x)
#endif

static int l2tp_put_tunnel_attributes(RADIUS_PACKET *, void *);
static int pptp_put_tunnel_attributes(RADIUS_PACKET *, void *);
static int radius_acct_request(npppd *, npppd_ppp *, int );
static void npppd_ppp_radius_acct_reqcb(void *, RADIUS_PACKET *, int, RADIUS_REQUEST_CTX);

/***********************************************************************
 * RADIUS common functions
 ***********************************************************************/
/**
 * Retribute Framed-IP-Address and Framed-IP-Netmask attribute of from
 * the given RADIUS packet and set them as the fields of ppp context.
 */
void
ppp_proccess_radius_framed_ip(npppd_ppp *_this, RADIUS_PACKET *pkt)
{
	struct in_addr ip4;

	if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_FRAMED_IP_ADDRESS, &ip4)
	    == 0)
		_this->realm_framed_ip_address = ip4;

	_this->realm_framed_ip_netmask.s_addr = 0xffffffffL;
#ifndef	NPPPD_COMPAT_4_2
	if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_FRAMED_IP_NETMASK, &ip4)
	    == 0)
		_this->realm_framed_ip_netmask = ip4;
#endif
}

/***********************************************************************
 * RADIUS Accounting Events
 ***********************************************************************/

/** Called by PPP on start */
void
npppd_ppp_radius_acct_start(npppd *pppd, npppd_ppp *ppp)
{
	NPPPD_RADIUS_DBG((ppp, LOG_INFO, "%s()", __func__));

	if (ppp->realm == NULL || !npppd_ppp_is_realm_radius(pppd, ppp))
		return;
	radius_acct_request(pppd, ppp, 0);
}

/** Called by PPP on stop*/
void
npppd_ppp_radius_acct_stop(npppd *pppd, npppd_ppp *ppp)
{
	NPPPD_RADIUS_DBG((ppp, LOG_INFO, "%s()", __func__));

	if (ppp->realm == NULL || !npppd_ppp_is_realm_radius(pppd, ppp))
		return;
	radius_acct_request(pppd, ppp, 1);
}

/** Called by radius_req.c */
static void
npppd_ppp_radius_acct_reqcb(void *context, RADIUS_PACKET *pkt, int flags,
    RADIUS_REQUEST_CTX ctx)
{
	u_int ppp_id;

	ppp_id = (uintptr_t)context;
	if ((flags & RADIUS_REQUEST_TIMEOUT) != 0) {
		log_printf(LOG_WARNING, "ppp id=%u radius accounting request "
		    "failed: no response from the server.", ppp_id);
	}
	else if ((flags & RADIUS_REQUEST_ERROR) != 0)
		log_printf(LOG_WARNING, "ppp id=%u radius accounting request "
		    "failed: %m", ppp_id);
	else if ((flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_NO_CHECK) == 0 &&
	    (flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_OK) == 0)
		log_printf(LOG_WARNING, "ppp id=%d radius accounting request "
		    "failed: the server responses with bad authenticator",
		    ppp_id);
	else {
#ifdef NPPPD_RADIUS_DEBUG
		log_printf(LOG_DEBUG, "ppp id=%u radius accounting request "
		    "succeeded.", ppp_id);
#endif
		return;
		/* NOTREACHED */
	}
	if (radius_request_can_failover(ctx)) {
		if (radius_request_failover(ctx) == 0) {
			struct sockaddr *sa;
			char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];

			sa = radius_get_server_address(ctx);
			if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf),
			    sbuf, sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)
			    != 0) {
				strlcpy(hbuf, "unknown", sizeof(hbuf));
				strlcpy(sbuf, "", sizeof(sbuf));
			}
			log_printf(LOG_DEBUG, "ppp id=%u "
			    "fail over to %s:%s for radius accounting request",
			    ppp_id, hbuf, sbuf);
		} else {
			log_printf(LOG_WARNING, "ppp id=%u "
			    "failed to fail over for radius accounting request",
			    ppp_id);
		}
	}
}

/***********************************************************************
 * RADIUS attributes
 ***********************************************************************/
#define	ATTR_INT32(_a,_v)						\
	do {								\
		if (radius_put_uint32_attr(radpkt, (_a), (_v)) != 0)	\
			goto fail; 					\
	} while (0 /* CONSTCOND */)
#define	ATTR_STR(_a,_v)							\
	do {								\
		if (radius_put_string_attr(radpkt, (_a), (_v)) != 0)	\
		    goto fail; 					\
	} while (0 /* CONSTCOND */)

static int
radius_acct_request(npppd *pppd, npppd_ppp *ppp, int stop)
{
	RADIUS_PACKET *radpkt;
	RADIUS_REQUEST_CTX radctx;
	radius_req_setting *rad_setting;
	char buf[128];

	if (ppp->username[0] == '\0')
		return 0;

	radpkt = NULL;
	radctx = NULL;
	rad_setting = npppd_auth_radius_get_radius_acct_setting(ppp->realm);
	if (!radius_req_setting_has_server(rad_setting))
		return 0;
	if ((radpkt = radius_new_request_packet(RADIUS_CODE_ACCOUNTING_REQUEST))
	    == NULL)
		goto fail;

	if (radius_prepare(rad_setting, (void *)(uintptr_t)ppp->id, &radctx,
	    npppd_ppp_radius_acct_reqcb) != 0)
		goto fail;

    /* NAS Information */
	/*
	 * RFC 2865 "5.4.  NAS-IP-Address" or RFC 3162 "2.1. NAS-IPv6-Address"
	 */
	if (radius_prepare_nas_address(rad_setting, radpkt) != 0)
		goto fail;

	/* RFC 2865 "5.41. NAS-Port-Type" */
	ATTR_INT32(RADIUS_TYPE_NAS_PORT_TYPE, RADIUS_NAS_PORT_TYPE_VIRTUAL);

	/* RFC 2865 "5.5. NAS-Port" */
	ATTR_INT32(RADIUS_TYPE_NAS_PORT, ppp->id);
	    /* npppd has no physical / virtual ports in design. */

	/* RFC 2865 5.31. Calling-Station-Id */
	if (ppp->calling_number[0] != '\0')
		ATTR_STR(RADIUS_TYPE_CALLING_STATION_ID, ppp->calling_number);

    /* Tunnel Protocol Information */
	switch (ppp->tunnel_type) {
	case NPPPD_TUNNEL_L2TP:
		/* RFC 2868 3.1. Tunnel-Type */
		ATTR_INT32(RADIUS_TYPE_TUNNEL_TYPE, RADIUS_TUNNEL_TYPE_L2TP);
		if (l2tp_put_tunnel_attributes(radpkt, ppp->phy_context) != 0)
			goto fail;
		break;
	case NPPPD_TUNNEL_PPTP:
		/* RFC 2868 3.1. Tunnel-Type */
		ATTR_INT32(RADIUS_TYPE_TUNNEL_TYPE, RADIUS_TUNNEL_TYPE_PPTP);
		if (pptp_put_tunnel_attributes(radpkt, ppp->phy_context) != 0)
			goto fail;
		break;
	}

    /* Framed Protocol (PPP) Information */
	/* RFC 2865 5.1 User-Name */
	ATTR_STR(RADIUS_TYPE_USER_NAME, ppp->username);

	/* RFC 2865 "5.7. Service-Type" */
	ATTR_INT32(RADIUS_TYPE_SERVICE_TYPE, RADIUS_SERVICE_TYPE_FRAMED);

	/* RFC 2865 "5.8. Framed-Protocol" */
	ATTR_INT32(RADIUS_TYPE_FRAMED_PROTOCOL, RADIUS_FRAMED_PROTOCOL_PPP);

	/* RFC 2865 "5.8. Framed-IP-Address" */
	if (ppp->acct_framed_ip_address.s_addr != INADDR_ANY)
		ATTR_INT32(RADIUS_TYPE_FRAMED_IP_ADDRESS,
		    ntohl(ppp->acct_framed_ip_address.s_addr));

    /* Accounting */
	/* RFC 2866  5.1. Acct-Status-Type */
	ATTR_INT32(RADIUS_TYPE_ACCT_STATUS_TYPE, (stop)
	    ? RADIUS_ACCT_STATUS_TYPE_STOP : RADIUS_ACCT_STATUS_TYPE_START);

	/* RFC 2866  5.2.  Acct-Delay-Time */
	ATTR_INT32(RADIUS_TYPE_ACCT_DELAY_TIME, 0);

	if (stop) {
		/* RFC 2866  5.3 Acct-Input-Octets */
		ATTR_INT32(RADIUS_TYPE_ACCT_INPUT_OCTETS,
		    (uint32_t)(ppp->ibytes & 0xFFFFFFFFU));	/* LSB 32bit */

		/* RFC 2866  5.4 Acct-Output-Octets */
		ATTR_INT32(RADIUS_TYPE_ACCT_OUTPUT_OCTETS,
		    (uint32_t)(ppp->obytes & 0xFFFFFFFFU));	/* LSB 32bit */
	}

	/* RFC 2866  5.5 Acct-Session-Id */
	snprintf(buf, sizeof(buf), "%08X%08X", pppd->boot_id, ppp->id);
	ATTR_STR(RADIUS_TYPE_ACCT_SESSION_ID, buf);

	/* RFC 2866 5.6.  Acct-Authentic */
	ATTR_INT32(RADIUS_TYPE_ACCT_AUTHENTIC, RADIUS_ACCT_AUTHENTIC_RADIUS);

	if (stop) {
		/* RFC 2866 5.7. Acct-Session-Time */
		ATTR_INT32(RADIUS_TYPE_ACCT_SESSION_TIME,
		    ppp->end_monotime - ppp->start_monotime);

		/* RFC 2866  5.8 Acct-Input-Packets */
		ATTR_INT32(RADIUS_TYPE_ACCT_INPUT_PACKETS, ppp->ipackets);

		/* RFC 2866  5.9 Acct-Output-Packets */
		ATTR_INT32(RADIUS_TYPE_ACCT_OUTPUT_PACKETS, ppp->opackets);

		/* RFC 2866  5.10. Acct-Terminate-Cause */
		if (ppp->terminate_cause != 0)
			ATTR_INT32(RADIUS_TYPE_ACCT_TERMINATE_CAUSE,
			    ppp->terminate_cause);

		/* RFC 2869  5.1 Acct-Input-Gigawords */
		ATTR_INT32(RADIUS_TYPE_ACCT_INPUT_GIGAWORDS, ppp->ibytes >> 32);

		/* RFC 2869  5.2 Acct-Output-Gigawords */
		ATTR_INT32(RADIUS_TYPE_ACCT_OUTPUT_GIGAWORDS,
		    ppp->obytes >> 32);
	}

	radius_set_accounting_request_authenticator(radpkt,
	    radius_get_server_secret(radctx));

	/* Send the request */
	radius_request(radctx, radpkt);

	return 0;

fail:
	ppp_log(ppp, LOG_WARNING, "radius accounting request failed: %m");

	if (radctx != NULL)
		radius_cancel_request(radctx);
	if (radpkt != NULL)
		radius_delete_packet(radpkt);

	return -1;
}

#ifdef USE_NPPPD_PPTP
#include "pptp.h"
#endif

static int
pptp_put_tunnel_attributes(RADIUS_PACKET *radpkt, void *call0)
{
#ifdef USE_NPPPD_PPTP
	pptp_call *call = call0;
	pptp_ctrl *ctrl;
	char hbuf[NI_MAXHOST], buf[128];

	ctrl = call->ctrl;

	/* RFC 2868  3.2.  Tunnel-Medium-Type */
	switch (ctrl->peer.ss_family) {
	case AF_INET:
		ATTR_INT32(RADIUS_TYPE_TUNNEL_MEDIUM_TYPE,
		    RADIUS_TUNNEL_MEDIUM_TYPE_IPV4);
		break;

	case AF_INET6:
		ATTR_INT32(RADIUS_TYPE_TUNNEL_MEDIUM_TYPE,
		    RADIUS_TUNNEL_MEDIUM_TYPE_IPV6);
		break;

	default:
		return -1;
	}

	/* RFC 2868  3.3.  Tunnel-Client-Endpoint */
	if (getnameinfo((struct sockaddr *)&ctrl->peer, ctrl->peer.ss_len, hbuf,
	    sizeof(hbuf), NULL, 0, NI_NUMERICHOST))
		return 1;
	ATTR_STR(RADIUS_TYPE_TUNNEL_CLIENT_ENDPOINT, hbuf);

	/* RFC 2868  3.4.  Tunnel-Server-Endpoint */
	if (getnameinfo((struct sockaddr *)&ctrl->our, ctrl->our.ss_len, hbuf,
	    sizeof(hbuf), NULL, 0, NI_NUMERICHOST))
		return 1;
	ATTR_STR(RADIUS_TYPE_TUNNEL_SERVER_ENDPOINT, hbuf);

	/* RFC 2868  3.7.  Tunnel-Assignment-ID */
	snprintf(buf, sizeof(buf), "PPTP-CALL-%d", call->id);
	ATTR_STR(RADIUS_TYPE_TUNNEL_ASSIGNMENT_ID, buf);

	/* RFC 2867  4.1. Acct-Tunnel-Connection   */
	snprintf(buf, sizeof(buf), "PPTP-CTRL-%d", ctrl->id);
	ATTR_STR(RADIUS_TYPE_ACCT_TUNNEL_CONNECTION, buf);

	return 0;
fail:
#endif
	return 1;
}

#ifdef USE_NPPPD_L2TP
#include "l2tp.h"
#endif

static int
l2tp_put_tunnel_attributes(RADIUS_PACKET *radpkt, void *call0)
{
#ifdef USE_NPPPD_L2TP
	l2tp_call *call = call0;
	l2tp_ctrl *ctrl;
	char hbuf[NI_MAXHOST], buf[128];

	ctrl = call->ctrl;

	/* RFC 2868  3.2.  Tunnel-Medium-Type */
	switch (ctrl->peer.ss_family) {
	case AF_INET:
		ATTR_INT32(RADIUS_TYPE_TUNNEL_MEDIUM_TYPE,
		    RADIUS_TUNNEL_MEDIUM_TYPE_IPV4);
		break;

	case AF_INET6:
		ATTR_INT32(RADIUS_TYPE_TUNNEL_MEDIUM_TYPE,
		    RADIUS_TUNNEL_MEDIUM_TYPE_IPV6);
		break;

	default:
		return -1;
	}

	/* RFC 2868  3.3.  Tunnel-Client-Endpoint */
	if (getnameinfo((struct sockaddr *)&ctrl->peer, ctrl->peer.ss_len, hbuf,
	    sizeof(hbuf), NULL, 0, NI_NUMERICHOST))
		return 1;
	ATTR_STR(RADIUS_TYPE_TUNNEL_CLIENT_ENDPOINT, hbuf);

	/* RFC 2868  3.4.  Tunnel-Server-Endpoint */
	if (getnameinfo((struct sockaddr *)&ctrl->sock, ctrl->sock.ss_len, hbuf,
	    sizeof(hbuf), NULL, 0, NI_NUMERICHOST))
		return 1;
	ATTR_STR(RADIUS_TYPE_TUNNEL_SERVER_ENDPOINT, hbuf);

	/* RFC 2868  3.7.  Tunnel-Assignment-ID */
	snprintf(buf, sizeof(buf), "L2TP-CALL-%d", call->id);
	ATTR_STR(RADIUS_TYPE_TUNNEL_ASSIGNMENT_ID, buf);

	/* RFC 2867  4.1. Acct-Tunnel-Connection   */
	snprintf(buf, sizeof(buf), "L2TP-CTRL-%d", ctrl->id);
	ATTR_STR(RADIUS_TYPE_ACCT_TUNNEL_CONNECTION, buf);

	return 0;
fail:
#endif
	return 1;
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $Id: npppd_radius.c,v 1.8 2015/07/23 09:04:06 yasuoka Exp $ */
2			/*-
3			* Copyright (c) 2009 Internet Initiative Japan Inc.
4			* All rights reserved.
5			*
6			* Redistribution and use in source and binary forms, with or without
7			* modification, are permitted provided that the following conditions
8			* are met:
9			* 1. Redistributions of source code must retain the above copyright
10			* notice, this list of conditions and the following disclaimer.
11			* 2. Redistributions in binary form must reproduce the above copyright
12			* notice, this list of conditions and the following disclaimer in the
13			* documentation and/or other materials provided with the distribution.
14			*
15			* THIS SOFTWARE IS PROVIDED BY THE"AUTHOR" AND CONTRIBUTORS AS IS'' AND
16			* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18			* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19			* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20			* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21			* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23			* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24			* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25			* SUCH DAMAGE.
26			*/
27
28			/*
29			* RFC 2865 Remote Authentication Dial In User Service (RADIUS)
30			* RFC 2866 RADIUS Accounting
31			* RFC 2868 RADIUS Attributes for Tunnel Protocol Support
32			* RFC 2869 RADIUS Extensions
33			*/
34
35			#include <sys/types.h>
36			#include <sys/socket.h>
37			#include <sys/time.h>
38			#include <sys/syslog.h>
39			#include <netinet/in.h>
40			#include <net/if_dl.h>
41			#include <stdio.h>
42			#include <netdb.h>
43			#include <stdint.h>
44			#include <string.h>
45			#include <stdbool.h>
46			#include <radius.h>
47
48			#include <event.h>
49
50			#include "radius_req.h"
51			#include "npppd_local.h"
52			#include "npppd_radius.h"
53
54			#ifdef NPPPD_RADIUS_DEBUG
55			#define NPPPD_RADIUS_DBG(x) ppp_log x
56			#define NPPPD_RADIUS_ASSERT(x) ASSERT(x)
57			#else
58			#define NPPPD_RADIUS_DBG(x)
59			#define NPPPD_RADIUS_ASSERT(x)
60			#endif
61
62			static int l2tp_put_tunnel_attributes(RADIUS_PACKET , void );
63			static int pptp_put_tunnel_attributes(RADIUS_PACKET , void );
64			static int radius_acct_request(npppd , npppd_ppp , int );
65			static void npppd_ppp_radius_acct_reqcb(void , RADIUS_PACKET , int, RADIUS_REQUEST_CTX);
66
67			/***********************************************************************
68			* RADIUS common functions
69			***********************************************************************/
70			/**
71			* Retribute Framed-IP-Address and Framed-IP-Netmask attribute of from
72			* the given RADIUS packet and set them as the fields of ppp context.
73			*/
74			void
75			ppp_proccess_radius_framed_ip(npppd_ppp _this, RADIUS_PACKET pkt)
76			{
77			struct in_addr ip4;
78
79			if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_FRAMED_IP_ADDRESS, &ip4)
80			== 0)
81			_this->realm_framed_ip_address = ip4;
82
83			_this->realm_framed_ip_netmask.s_addr = 0xffffffffL;
84			#ifndef NPPPD_COMPAT_4_2
85			if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_FRAMED_IP_NETMASK, &ip4)
86			== 0)
87			_this->realm_framed_ip_netmask = ip4;
88			#endif
89			}
90
91			/***********************************************************************
92			* RADIUS Accounting Events
93			***********************************************************************/
94
95			/** Called by PPP on start */
96			void
97			npppd_ppp_radius_acct_start(npppd pppd, npppd_ppp ppp)
98			{
99			NPPPD_RADIUS_DBG((ppp, LOG_INFO, "%s()", __func__));
100
101			if (ppp->realm == NULL \|\| !npppd_ppp_is_realm_radius(pppd, ppp))
102			return;
103			radius_acct_request(pppd, ppp, 0);
104			}
105
106			/** Called by PPP on stop*/
107			void
108			npppd_ppp_radius_acct_stop(npppd pppd, npppd_ppp ppp)
109			{
110			NPPPD_RADIUS_DBG((ppp, LOG_INFO, "%s()", __func__));
111
112			if (ppp->realm == NULL \|\| !npppd_ppp_is_realm_radius(pppd, ppp))
113			return;
114			radius_acct_request(pppd, ppp, 1);
115			}
116
117			/** Called by radius_req.c */
118			static void
119			npppd_ppp_radius_acct_reqcb(void context, RADIUS_PACKET pkt, int flags,
120			RADIUS_REQUEST_CTX ctx)
121			{
122			u_int ppp_id;
123
124			ppp_id = (uintptr_t)context;
125			if ((flags & RADIUS_REQUEST_TIMEOUT) != 0) {
126			log_printf(LOG_WARNING, "ppp id=%u radius accounting request "
127			"failed: no response from the server.", ppp_id);
128			}
129			else if ((flags & RADIUS_REQUEST_ERROR) != 0)
130			log_printf(LOG_WARNING, "ppp id=%u radius accounting request "
131			"failed: %m", ppp_id);
132			else if ((flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_NO_CHECK) == 0 &&
133			(flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_OK) == 0)
134			log_printf(LOG_WARNING, "ppp id=%d radius accounting request "
135			"failed: the server responses with bad authenticator",
136			ppp_id);
137			else {
138			#ifdef NPPPD_RADIUS_DEBUG
139			log_printf(LOG_DEBUG, "ppp id=%u radius accounting request "
140			"succeeded.", ppp_id);
141			#endif
142			return;
143			/* NOTREACHED */
144			}
145			if (radius_request_can_failover(ctx)) {
146			if (radius_request_failover(ctx) == 0) {
147			struct sockaddr *sa;
148			char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
149
150			sa = radius_get_server_address(ctx);
151			if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf),
152			sbuf, sizeof(sbuf), NI_NUMERICHOST \| NI_NUMERICSERV)
153			!= 0) {
154			strlcpy(hbuf, "unknown", sizeof(hbuf));
155			strlcpy(sbuf, "", sizeof(sbuf));
156			}
157			log_printf(LOG_DEBUG, "ppp id=%u "
158			"fail over to %s:%s for radius accounting request",
159			ppp_id, hbuf, sbuf);
160			} else {
161			log_printf(LOG_WARNING, "ppp id=%u "
162			"failed to fail over for radius accounting request",
163			ppp_id);
164			}
165			}
166			}
167
168			/***********************************************************************
169			* RADIUS attributes
170			***********************************************************************/
171			#define ATTR_INT32(_a,_v) \
172			do { \
173			if (radius_put_uint32_attr(radpkt, (_a), (_v)) != 0) \
174			goto fail; \
175			} while (0 /* CONSTCOND */)
176			#define ATTR_STR(_a,_v) \
177			do { \
178			if (radius_put_string_attr(radpkt, (_a), (_v)) != 0) \
179			goto fail; \
180			} while (0 /* CONSTCOND */)
181
182			static int
183			radius_acct_request(npppd pppd, npppd_ppp ppp, int stop)
184			{
185			RADIUS_PACKET *radpkt;
186			RADIUS_REQUEST_CTX radctx;
187			radius_req_setting *rad_setting;
188			char buf[128];
189
190			if (ppp->username[0] == '\0')
191			return 0;
192
193			radpkt = NULL;
194			radctx = NULL;
195			rad_setting = npppd_auth_radius_get_radius_acct_setting(ppp->realm);
196			if (!radius_req_setting_has_server(rad_setting))
197			return 0;
198			if ((radpkt = radius_new_request_packet(RADIUS_CODE_ACCOUNTING_REQUEST))
199			== NULL)
200			goto fail;
201
202			if (radius_prepare(rad_setting, (void *)(uintptr_t)ppp->id, &radctx,
203			npppd_ppp_radius_acct_reqcb) != 0)
204			goto fail;
205
206			/* NAS Information */
207			/*
208			* RFC 2865 "5.4. NAS-IP-Address" or RFC 3162 "2.1. NAS-IPv6-Address"
209			*/
210			if (radius_prepare_nas_address(rad_setting, radpkt) != 0)
211			goto fail;
212
213			/* RFC 2865 "5.41. NAS-Port-Type" */
214			ATTR_INT32(RADIUS_TYPE_NAS_PORT_TYPE, RADIUS_NAS_PORT_TYPE_VIRTUAL);
215
216			/* RFC 2865 "5.5. NAS-Port" */
217			ATTR_INT32(RADIUS_TYPE_NAS_PORT, ppp->id);
218			/* npppd has no physical / virtual ports in design. */
219
220			/* RFC 2865 5.31. Calling-Station-Id */
221			if (ppp->calling_number[0] != '\0')
222			ATTR_STR(RADIUS_TYPE_CALLING_STATION_ID, ppp->calling_number);
223
224			/* Tunnel Protocol Information */
225			switch (ppp->tunnel_type) {
226			case NPPPD_TUNNEL_L2TP:
227			/* RFC 2868 3.1. Tunnel-Type */
228			ATTR_INT32(RADIUS_TYPE_TUNNEL_TYPE, RADIUS_TUNNEL_TYPE_L2TP);
229			if (l2tp_put_tunnel_attributes(radpkt, ppp->phy_context) != 0)
230			goto fail;
231			break;
232			case NPPPD_TUNNEL_PPTP:
233			/* RFC 2868 3.1. Tunnel-Type */
234			ATTR_INT32(RADIUS_TYPE_TUNNEL_TYPE, RADIUS_TUNNEL_TYPE_PPTP);
235			if (pptp_put_tunnel_attributes(radpkt, ppp->phy_context) != 0)
236			goto fail;
237			break;
238			}
239
240			/* Framed Protocol (PPP) Information */
241			/* RFC 2865 5.1 User-Name */
242			ATTR_STR(RADIUS_TYPE_USER_NAME, ppp->username);
243
244			/* RFC 2865 "5.7. Service-Type" */
245			ATTR_INT32(RADIUS_TYPE_SERVICE_TYPE, RADIUS_SERVICE_TYPE_FRAMED);
246
247			/* RFC 2865 "5.8. Framed-Protocol" */
248			ATTR_INT32(RADIUS_TYPE_FRAMED_PROTOCOL, RADIUS_FRAMED_PROTOCOL_PPP);
249
250			/* RFC 2865 "5.8. Framed-IP-Address" */
251			if (ppp->acct_framed_ip_address.s_addr != INADDR_ANY)
252			ATTR_INT32(RADIUS_TYPE_FRAMED_IP_ADDRESS,
253			ntohl(ppp->acct_framed_ip_address.s_addr));
254
255			/* Accounting */
256			/* RFC 2866 5.1. Acct-Status-Type */
257			ATTR_INT32(RADIUS_TYPE_ACCT_STATUS_TYPE, (stop)
258			? RADIUS_ACCT_STATUS_TYPE_STOP : RADIUS_ACCT_STATUS_TYPE_START);
259
260			/* RFC 2866 5.2. Acct-Delay-Time */
261			ATTR_INT32(RADIUS_TYPE_ACCT_DELAY_TIME, 0);
262
263			if (stop) {
264			/* RFC 2866 5.3 Acct-Input-Octets */
265			ATTR_INT32(RADIUS_TYPE_ACCT_INPUT_OCTETS,
266			(uint32_t)(ppp->ibytes & 0xFFFFFFFFU)); /* LSB 32bit */
267
268			/* RFC 2866 5.4 Acct-Output-Octets */
269			ATTR_INT32(RADIUS_TYPE_ACCT_OUTPUT_OCTETS,
270			(uint32_t)(ppp->obytes & 0xFFFFFFFFU)); /* LSB 32bit */
271			}
272
273			/* RFC 2866 5.5 Acct-Session-Id */
274			snprintf(buf, sizeof(buf), "%08X%08X", pppd->boot_id, ppp->id);
275			ATTR_STR(RADIUS_TYPE_ACCT_SESSION_ID, buf);
276
277			/* RFC 2866 5.6. Acct-Authentic */
278			ATTR_INT32(RADIUS_TYPE_ACCT_AUTHENTIC, RADIUS_ACCT_AUTHENTIC_RADIUS);
279
280			if (stop) {
281			/* RFC 2866 5.7. Acct-Session-Time */
282			ATTR_INT32(RADIUS_TYPE_ACCT_SESSION_TIME,
283			ppp->end_monotime - ppp->start_monotime);
284
285			/* RFC 2866 5.8 Acct-Input-Packets */
286			ATTR_INT32(RADIUS_TYPE_ACCT_INPUT_PACKETS, ppp->ipackets);
287
288			/* RFC 2866 5.9 Acct-Output-Packets */
289			ATTR_INT32(RADIUS_TYPE_ACCT_OUTPUT_PACKETS, ppp->opackets);
290
291			/* RFC 2866 5.10. Acct-Terminate-Cause */
292			if (ppp->terminate_cause != 0)
293			ATTR_INT32(RADIUS_TYPE_ACCT_TERMINATE_CAUSE,
294			ppp->terminate_cause);
295
296			/* RFC 2869 5.1 Acct-Input-Gigawords */
297			ATTR_INT32(RADIUS_TYPE_ACCT_INPUT_GIGAWORDS, ppp->ibytes >> 32);
298
299			/* RFC 2869 5.2 Acct-Output-Gigawords */
300			ATTR_INT32(RADIUS_TYPE_ACCT_OUTPUT_GIGAWORDS,
301			ppp->obytes >> 32);
302			}
303
304			radius_set_accounting_request_authenticator(radpkt,
305			radius_get_server_secret(radctx));
306
307			/* Send the request */
308			radius_request(radctx, radpkt);
309
310			return 0;
311
312			fail:
313			ppp_log(ppp, LOG_WARNING, "radius accounting request failed: %m");
314
315			if (radctx != NULL)
316			radius_cancel_request(radctx);
317			if (radpkt != NULL)
318			radius_delete_packet(radpkt);
319
320			return -1;
321			}
322
323			#ifdef USE_NPPPD_PPTP
324			#include "pptp.h"
325			#endif
326
327			static int
328			pptp_put_tunnel_attributes(RADIUS_PACKET radpkt, void call0)
329			{
330			#ifdef USE_NPPPD_PPTP
331			pptp_call *call = call0;
332			pptp_ctrl *ctrl;
333			char hbuf[NI_MAXHOST], buf[128];
334
335			ctrl = call->ctrl;
336
337			/* RFC 2868 3.2. Tunnel-Medium-Type */
338			switch (ctrl->peer.ss_family) {
339			case AF_INET:
340			ATTR_INT32(RADIUS_TYPE_TUNNEL_MEDIUM_TYPE,
341			RADIUS_TUNNEL_MEDIUM_TYPE_IPV4);
342			break;
343
344			case AF_INET6:
345			ATTR_INT32(RADIUS_TYPE_TUNNEL_MEDIUM_TYPE,
346			RADIUS_TUNNEL_MEDIUM_TYPE_IPV6);
347			break;
348
349			default:
350			return -1;
351			}
352
353			/* RFC 2868 3.3. Tunnel-Client-Endpoint */
354			if (getnameinfo((struct sockaddr *)&ctrl->peer, ctrl->peer.ss_len, hbuf,
355			sizeof(hbuf), NULL, 0, NI_NUMERICHOST))
356			return 1;
357			ATTR_STR(RADIUS_TYPE_TUNNEL_CLIENT_ENDPOINT, hbuf);
358
359			/* RFC 2868 3.4. Tunnel-Server-Endpoint */
360			if (getnameinfo((struct sockaddr *)&ctrl->our, ctrl->our.ss_len, hbuf,
361			sizeof(hbuf), NULL, 0, NI_NUMERICHOST))
362			return 1;
363			ATTR_STR(RADIUS_TYPE_TUNNEL_SERVER_ENDPOINT, hbuf);
364
365			/* RFC 2868 3.7. Tunnel-Assignment-ID */
366			snprintf(buf, sizeof(buf), "PPTP-CALL-%d", call->id);
367			ATTR_STR(RADIUS_TYPE_TUNNEL_ASSIGNMENT_ID, buf);
368
369			/* RFC 2867 4.1. Acct-Tunnel-Connection */
370			snprintf(buf, sizeof(buf), "PPTP-CTRL-%d", ctrl->id);
371			ATTR_STR(RADIUS_TYPE_ACCT_TUNNEL_CONNECTION, buf);
372
373			return 0;
374			fail:
375			#endif
376			return 1;
377			}
378
379			#ifdef USE_NPPPD_L2TP
380			#include "l2tp.h"
381			#endif
382
383			static int
384			l2tp_put_tunnel_attributes(RADIUS_PACKET radpkt, void call0)
385			{
386			#ifdef USE_NPPPD_L2TP
387			l2tp_call *call = call0;
388			l2tp_ctrl *ctrl;
389			char hbuf[NI_MAXHOST], buf[128];
390
391			ctrl = call->ctrl;
392
393			/* RFC 2868 3.2. Tunnel-Medium-Type */
394			switch (ctrl->peer.ss_family) {
395			case AF_INET:
396			ATTR_INT32(RADIUS_TYPE_TUNNEL_MEDIUM_TYPE,
397			RADIUS_TUNNEL_MEDIUM_TYPE_IPV4);
398			break;
399
400			case AF_INET6:
401			ATTR_INT32(RADIUS_TYPE_TUNNEL_MEDIUM_TYPE,
402			RADIUS_TUNNEL_MEDIUM_TYPE_IPV6);
403			break;
404
405			default:
406			return -1;
407			}
408
409			/* RFC 2868 3.3. Tunnel-Client-Endpoint */
410			if (getnameinfo((struct sockaddr *)&ctrl->peer, ctrl->peer.ss_len, hbuf,
411			sizeof(hbuf), NULL, 0, NI_NUMERICHOST))
412			return 1;
413			ATTR_STR(RADIUS_TYPE_TUNNEL_CLIENT_ENDPOINT, hbuf);
414
415			/* RFC 2868 3.4. Tunnel-Server-Endpoint */
416			if (getnameinfo((struct sockaddr *)&ctrl->sock, ctrl->sock.ss_len, hbuf,
417			sizeof(hbuf), NULL, 0, NI_NUMERICHOST))
418			return 1;
419			ATTR_STR(RADIUS_TYPE_TUNNEL_SERVER_ENDPOINT, hbuf);
420
421			/* RFC 2868 3.7. Tunnel-Assignment-ID */
422			snprintf(buf, sizeof(buf), "L2TP-CALL-%d", call->id);
423			ATTR_STR(RADIUS_TYPE_TUNNEL_ASSIGNMENT_ID, buf);
424
425			/* RFC 2867 4.1. Acct-Tunnel-Connection */
426			snprintf(buf, sizeof(buf), "L2TP-CTRL-%d", ctrl->id);
427			ATTR_STR(RADIUS_TYPE_ACCT_TUNNEL_CONNECTION, buf);
428
429			return 0;
430			fail:
431			#endif
432			return 1;
433			}