diff options
-rw-r--r-- | usr.sbin/ppp/ipv6cp.c | 2 | ||||
-rw-r--r-- | usr.sbin/ppp/radius.c | 66 | ||||
-rw-r--r-- | usr.sbin/ppp/radius.h | 4 |
3 files changed, 71 insertions, 1 deletions
diff --git a/usr.sbin/ppp/ipv6cp.c b/usr.sbin/ppp/ipv6cp.c index bc76091bb9bd..8f7ed61b56b2 100644 --- a/usr.sbin/ppp/ipv6cp.c +++ b/usr.sbin/ppp/ipv6cp.c @@ -253,7 +253,7 @@ ipcp_SetIPv6address(struct ipv6cp *ipv6cp, u_char *myifid, u_char *hisifid) #ifndef NORADIUS if (bundle->radius.valid) - route_Change(bundle, bundle->radius.routes, &ipv6cp->myaddr, + route_Change(bundle, bundle->radius.ipv6routes, &ipv6cp->myaddr, &ipv6cp->hisaddr); #endif diff --git a/usr.sbin/ppp/radius.c b/usr.sbin/ppp/radius.c index d0890e8e1a45..0f5502f3c1da 100644 --- a/usr.sbin/ppp/radius.c +++ b/usr.sbin/ppp/radius.c @@ -232,6 +232,9 @@ radius_Process(struct radius *r, int got) const char *stype; u_int32_t ipaddr, vendor; struct in_addr ip; +#ifndef NOINET6 + struct in6_addr ip6; +#endif r->cx.fd = -1; /* Stop select()ing */ stype = r->cx.auth ? "auth" : "acct"; @@ -353,6 +356,7 @@ radius_Process(struct radius *r, int got) log_Printf(LogPHASE, " Route: %s\n", nuke); bundle = r->cx.auth->physical->dl->bundle; ip.s_addr = INADDR_ANY; + ncpaddr_setip4(&gw, ip); ncprange_setip4host(&dest, ip); argc = command_Interpret(nuke, strlen(nuke), argv); if (argc < 0) @@ -402,6 +406,58 @@ radius_Process(struct radius *r, int got) log_Printf(LogPHASE, " Reply-Message \"%s\"\n", r->repstr); break; +#ifndef NOINET6 + case RAD_FRAMED_IPV6_ROUTE: + /* + * We expect a string of the format ``dest[/bits] gw [metrics]'' + * Any specified metrics are ignored. MYADDR6 and HISADDR6 are + * understood for ``dest'' and ``gw'' and ``::'' is the same + * as ``HISADDR6''. + */ + + if ((nuke = rad_cvt_string(data, len)) == NULL) { + log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad)); + auth_Failure(r->cx.auth); + rad_close(r->cx.rad); + return; + } + + log_Printf(LogPHASE, " IPv6 Route: %s\n", nuke); + bundle = r->cx.auth->physical->dl->bundle; + ncpaddr_setip6(&gw, &in6addr_any); + ncprange_set(&dest, &gw, 0); + argc = command_Interpret(nuke, strlen(nuke), argv); + if (argc < 0) + log_Printf(LogWARN, "radius: %s: Syntax error\n", + argc == 1 ? argv[0] : "\"\""); + else if (argc < 2) + log_Printf(LogWARN, "radius: %s: Invalid route\n", + argc == 1 ? argv[0] : "\"\""); + else if ((strcasecmp(argv[0], "default") != 0 && + !ncprange_aton(&dest, &bundle->ncp, argv[0])) || + !ncpaddr_aton(&gw, &bundle->ncp, argv[1])) + log_Printf(LogWARN, "radius: %s %s: Invalid route\n", + argv[0], argv[1]); + else { + addrs = 0; + + if (!strncasecmp(argv[0], "HISADDR6", 8)) + addrs = ROUTE_DSTHISADDR6; + else if (!strncasecmp(argv[0], "MYADDR6", 7)) + addrs = ROUTE_DSTMYADDR6; + + if (ncpaddr_getip6(&gw, &ip6) && IN6_IS_ADDR_UNSPECIFIED(&ip6)) { + addrs |= ROUTE_GWHISADDR6; + ncpaddr_copy(&gw, &bundle->ncp.ipv6cp.hisaddr); + } else if (strcasecmp(argv[1], "HISADDR6") == 0) + addrs |= ROUTE_GWHISADDR6; + + route_Add(&r->ipv6routes, addrs, &dest, &gw); + } + free(nuke); + break; +#endif + case RAD_VENDOR_SPECIFIC: if ((res = rad_get_vendor_attr(&vendor, &data, &len)) <= 0) { log_Printf(LogERROR, "rad_get_vendor_attr: %s (failing!)\n", @@ -629,6 +685,9 @@ radius_Init(struct radius *r) r->mtu = DEF_MTU; r->msrepstr = NULL; r->repstr = NULL; +#ifndef NOINET6 + r->ipv6routes = NULL; +#endif r->errstr = NULL; r->mppe.policy = 0; r->mppe.types = 0; @@ -650,6 +709,9 @@ radius_Destroy(struct radius *r) log_Printf(LogDEBUG, "Radius: radius_Destroy\n"); timer_Stop(&r->cx.timer); route_DeleteAll(&r->routes); +#ifndef NOINET6 + route_DeleteAll(&r->ipv6routes); +#endif free(r->filterid); r->filterid = NULL; free(r->msrepstr); @@ -1052,6 +1114,10 @@ radius_Show(struct radius *r, struct prompt *p) prompt_Printf(p, " Error Message: %s\n", r->errstr ? r->errstr : ""); if (r->routes) route_ShowSticky(p, r->routes, " Routes", 16); +#ifndef NOINET6 + if (r->ipv6routes) + route_ShowSticky(p, r->ipv6routes, " IPv6 Routes", 16); +#endif } else prompt_Printf(p, " (not authenticated)\n"); } diff --git a/usr.sbin/ppp/radius.h b/usr.sbin/ppp/radius.h index 5e9586dc3d1a..b0a7ed1fca68 100644 --- a/usr.sbin/ppp/radius.h +++ b/usr.sbin/ppp/radius.h @@ -51,6 +51,10 @@ struct radius { char *msrepstr; /* MS-CHAP2-Response */ char *repstr; /* Reply-Message */ char *errstr; /* Error-Message */ +#ifndef NOINET6 + uint8_t *ipv6prefix; /* FRAMED IPv6 Prefix */ + struct sticky_route *ipv6routes; /* FRAMED IPv6 Routes */ +#endif struct { int policy; /* MPPE_POLICY_* */ int types; /* MPPE_TYPE_*BIT bitmask */ |