pppd-2.2.0g.patch

uClinux上的ppp拨号驱动及测试程序

diff -ruN ppp-2.2.0g/pppd/main.c ppp-2.2.0g.tacacs/pppd/main.c
--- ppp-2.2.0g/pppd/main.c	Tue Nov 21 07:53:48 1995
+++ ppp-2.2.0g.tacacs/pppd/main.c	Sun Feb  1 12:39:32 1998
@@ -244,7 +244,13 @@
     }
     syslog(LOG_NOTICE, "pppd %s.%d started by %s, uid %d",
 	   VERSION, PATCHLEVEL, p, uid);
-  
+
+#ifdef USE_TACACS_PLUS
+    if(usetacacs)
+    syslog(LOG_NOTICE, "using TACACS+ driver v%d.%d", tac_ver_major,
+    	tac_ver_minor);
+#endif
+
     /*
      * Compute mask of all interesting signals and install signal handlers
      * for each.  Only one signal handler may be active at a time.  Therefore,
diff -ruN ppp-2.2.0g/pppd/options.c ppp-2.2.0g.tacacs/pppd/options.c
--- ppp-2.2.0g/pppd/options.c	Fri Nov 24 01:00:35 1995
+++ ppp-2.2.0g.tacacs/pppd/options.c	Sat Jan 31 22:07:14 1998
@@ -100,6 +100,18 @@
 char	*ipparam = NULL;	/* Extra parameter for ip up/down scripts */
 int	cryptpap;		/* Passwords in pap-secrets are encrypted */
 
+#ifdef USE_TACACS_PLUS
+#include "tacplus.h"
+#include "auth_tac.h"
+int usetacacs = 0;		/* Use TACACS+ authentication */
+u_long tac_server[TAC_PLUS_MAXSERVERS];	/* TACACS+ servers addresses */
+int tac_servers = 0;		/* number of configured servers */
+int tac_encryption = 1;         /* Encrypt TACACS+ packets */
+char *tac_secret;		/* Packets encryption key */
+int tac_authorize = 0;		/* Authorize user requesting service */
+int tac_accounting = 0;		/* Do TACACS+ accounting */
+#endif
+
 #ifdef _linux_
 int idle_time_limit = 0;
 static int setidle __P((char **));
@@ -203,6 +215,15 @@
 static int setdnsaddr __P((char **));
 #endif
 
+#ifdef USE_TACACS_PLUS
+static int settacacsserver __P((char **));
+static int settacacssecret __P((char **));
+static int setnotacacsencryption __P((void));
+static int settacacsauthorize __P((void));
+static int settacacsaccounting __P((void));
+static int setdotacacs __P((void));
+#endif
+
 static int number_option __P((char *, u_int32_t *, int));
 static int readable __P((int fd));
 
@@ -320,6 +341,15 @@
     {"dns-addr", 1, setdnsaddr}, /* DNS address(es) for the peer's use */
 #endif
 
+#ifdef USE_TACACS_PLUS
+    {"tacacs", 0, setdotacacs},
+    {"tacacs-server", 1, settacacsserver},
+    {"tacacs-secret", 1, settacacssecret},
+    {"-tacacs-encryption", 0, setnotacacsencryption},
+    {"tacacs-authorize", 0, settacacsauthorize},
+    {"tacacs-accounting", 0, settacacsaccounting},
+#endif
+
     {NULL, 0, NULL}
 };
 
@@ -2037,3 +2067,70 @@
     return (1);
   }
 #endif /* USE_MS_DNS */
+
+
+#ifdef USE_TACACS_PLUS
+static int
+settacacsserver(argv)
+    char **argv;
+{
+    	if(tac_servers >= TAC_PLUS_MAXSERVERS) {
+    		fprintf(stderr, "Too many tacacs-server options, max is %d",
+			TAC_PLUS_MAXSERVERS);
+		return(0);
+    	}
+    
+    	tac_server[tac_servers] = inet_addr(*argv);
+
+    	if (tac_server[tac_servers] == -1) {
+		fprintf(stderr, "Invalid TACACS+ server address %s\n", *argv);
+		return 0;
+    	}
+
+	tac_servers++;
+    	return(1);
+}
+
+static int
+settacacssecret(argv)
+    char **argv;
+{
+    tac_secret=(char *) calloc(1, strlen(*argv));
+    strncpy(tac_secret, *argv, strlen(*argv));
+    if(*argv == NULL) {
+     fprintf(stderr, "TACACS+ secret is not specified or invalid: \"%s\" ", *argv);
+     return(0);
+    }
+    return(1);
+}
+
+static int
+setnotacacsencryption(void)
+{
+    tac_encryption=0;
+    return(1);
+      
+}
+
+static int
+setdotacacs(void)
+{
+    usetacacs=1;
+    return(1);
+}
+
+static int
+settacacsauthorize(void)
+{
+    tac_authorize=1;
+    return(1);
+}
+
+static int
+settacacsaccounting(void)
+{
+    tac_accounting=1;
+    return(1);
+}
+
+#endif /* USE_TACACS_PLUS */
diff -ruN ppp-2.2.0g/pppd/pppd.h ppp-2.2.0g.tacacs/pppd/pppd.h
--- ppp-2.2.0g/pppd/pppd.h	Wed Nov 22 14:48:54 1995
+++ ppp-2.2.0g.tacacs/pppd/pppd.h	Wed Feb 11 16:06:57 1998
@@ -86,6 +86,18 @@
 extern char	*ipparam;	/* Extra parameter for ip up/down scripts */
 extern int	cryptpap;	/* Others' PAP passwords are encrypted */
 
+#ifdef USE_TACACS_PLUS
+#include "tacplus.h"
+#include "auth_tac.h"
+extern int usetacacs;		/* Use TACACS+ authentication */
+extern u_long tac_server[TAC_PLUS_MAXSERVERS];	/* TACACS+ server */
+extern int tac_servers;
+extern int tac_encryption;         /* Encrypt TACACS+ packets */
+extern char *tac_secret;		/* Packets encryption key */
+extern int tac_authorize;		/* Authorize user requesting service */
+extern int tac_accounting;		/* Do TACACS+ accounting */
+#endif
+
 /*
  * Values for phase.
  */
@@ -190,6 +202,9 @@
 #define DEBUGIPXCP	1
 #define DEBUGUPAP	1
 #define DEBUGCHAP	1
+#ifdef USE_TACACS_PLUS
+#define	DEBUGTAC	1
+#endif
 #endif
 
 #ifndef LOG_PPP			/* we use LOG_LOCAL2 for syslog by default */
@@ -242,6 +257,12 @@
 #define CHAPDEBUG(x)	if (debug) syslog x
 #else
 #define CHAPDEBUG(x)
+#endif
+
+#ifdef DEBUGTAC
+#define TACDEBUG(x)	syslog x;
+#else
+#define TACDEBUG(x)
 #endif
 
 #ifndef SIGTYPE
diff -ruN ppp-2.2.0g/pppd/sys-linux.c ppp-2.2.0g.tacacs/pppd/sys-linux.c
--- ppp-2.2.0g/pppd/sys-linux.c	Thu Feb  5 13:33:51 1998
+++ ppp-2.2.0g.tacacs/pppd/sys-linux.c	Wed Jan 28 22:34:48 1998
@@ -72,6 +72,7 @@
 #include <net/route.h>
 #include <linux/if_ether.h>
 #include <netinet/in.h>
+#include <sys/utsname.h>
 
 #include "pppd.h"
 #include "fsm.h"
@@ -89,6 +90,7 @@
 
 int sockfd;			/* socket for doing interface ioctls */
 
+
 static char *lock_file;
 
 #define MAX_IFS		5000
@@ -927,8 +929,16 @@
 
     if (ioctl(sockfd, SIOCADDRT, &rt) < 0)
       {
-        syslog (LOG_ERR, "ioctl(SIOCADDRT) device route: %m");
-        return (0);
+#if 1
+	struct utsname u;
+
+	uname(&u);
+	/* 2.1 kernels (and probably above) */
+	if(strncpy(u.release, "2.1", 3) != 0) {
+          syslog (LOG_ERR, "ioctl(SIOCADDRT) device route: %m");
+          return (0);
+	}
+#endif
       }
     return 1;
   }
diff -ruN ppp-2.2.0g/pppd/tacplus.h ppp-2.2.0g.tacacs/pppd/tacplus.h
--- ppp-2.2.0g/pppd/tacplus.h	Thu Jan  1 01:00:00 1970
+++ ppp-2.2.0g.tacacs/pppd/tacplus.h	Mon Feb  9 12:52:10 1998
@@ -0,0 +1,257 @@
+/* 
+   Copyright (c) 1995-1998 by Cisco systems, Inc.
+   Portions copyright 1997-98 by Pawel Krawczyk <kravietz@ceti.com.pl>
+
+   Permission to use, copy, modify, and distribute this software for
+   any purpose and without fee is hereby granted, provided that this
+   copyright and permission notice appear on all copies of the
+   software and supporting documentation, the name of Cisco Systems,
+   Inc. not be used in advertising or publicity pertaining to
+   distribution of the program without specific prior permission, and
+   notice be given in supporting documentation that modification,
+   copying and distribution is by permission of Cisco Systems, Inc.
+
+   Cisco Systems, Inc. makes no representations about the suitability
+   of this software for any purpose.  THIS SOFTWARE IS PROVIDED ``AS
+   IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
+   WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+   FITNESS FOR A PARTICULAR PURPOSE.
+*/
+
+#ifndef _TACPLUS_H
+#define _TACPLUS_H
+
+struct tac_attrib {
+	char *attr;
+	u_char attr_len;
+	struct tac_attrib *next;
+};
+
+struct areply {
+	struct tac_attrib *attr;
+	char *msg;
+	int status;
+};
+
+#ifndef TAC_PLUS_MAXSERVERS		
+#define TAC_PLUS_MAXSERVERS		4
+#endif
+
+#ifndef TAC_PLUS_PORT
+#define	TAC_PLUS_PORT			49
+#endif
+
+#define TAC_PLUS_READ_TIMEOUT		180	/* seconds */
+#define TAC_PLUS_WRITE_TIMEOUT		180	/* seconds */
+
+/* All tacacs+ packets have the same header format */
+
+struct tac_plus_pak_hdr {
+    u_char version;
+
+#define TAC_PLUS_MAJOR_VER_MASK 0xf0
+#define TAC_PLUS_MAJOR_VER      0xc0
+
+#define TAC_PLUS_MINOR_VER_0    0x0
+#define TAC_PLUS_VER_0  (TAC_PLUS_MAJOR_VER | TAC_PLUS_MINOR_VER_0)
+
+#define TAC_PLUS_MINOR_VER_1    0x01
+#define TAC_PLUS_VER_1  (TAC_PLUS_MAJOR_VER | TAC_PLUS_MINOR_VER_1)
+
+    u_char type;
+
+#define TAC_PLUS_AUTHEN			1
+#define TAC_PLUS_AUTHOR			2
+#define TAC_PLUS_ACCT			3
+
+    u_char seq_no;		/* packet sequence number */
+    u_char encryption;		/* packet is encrypted or cleartext */
+
+#define TAC_PLUS_ENCRYPTED 0x0		/* packet is encrypted */
+#define TAC_PLUS_CLEAR     0x1		/* packet is not encrypted */
+
+    int session_id;		/* session identifier FIXME: Is this needed? */
+    int datalength;		/* length of encrypted data following this
+				 * header */
+    /* datalength bytes of encrypted data */
+};
+
+#define TAC_PLUS_HDR_SIZE 12
+
+typedef struct tac_plus_pak_hdr HDR;
+
+/* Authentication packet NAS sends to us */ 
+
+struct authen_start {
+    u_char action;
+
+#define TAC_PLUS_AUTHEN_LOGIN    0x1
+#define TAC_PLUS_AUTHEN_CHPASS   0x2
+#define TAC_PLUS_AUTHEN_SENDPASS 0x3 /* deprecated */
+#define TAC_PLUS_AUTHEN_SENDAUTH 0x4
+
+    u_char priv_lvl;
+
+#define TAC_PLUS_PRIV_LVL_MIN 0x0
+#define TAC_PLUS_PRIV_LVL_MAX 0xf
+
+    u_char authen_type;
+
+#define TAC_PLUS_AUTHEN_TYPE_ASCII  1
+#define TAC_PLUS_AUTHEN_TYPE_PAP    2
+#define TAC_PLUS_AUTHEN_TYPE_CHAP   3
+#define TAC_PLUS_AUTHEN_TYPE_ARAP   4
+
+    u_char service;
+
+#define TAC_PLUS_AUTHEN_SVC_LOGIN  1
+#define TAC_PLUS_AUTHEN_SVC_ENABLE 2
+#define TAC_PLUS_AUTHEN_SVC_PPP    3
+#define TAC_PLUS_AUTHEN_SVC_ARAP   4
+#define TAC_PLUS_AUTHEN_SVC_PT     5
+#define TAC_PLUS_AUTHEN_SVC_RCMD   6
+#define TAC_PLUS_AUTHEN_SVC_X25    7
+#define TAC_PLUS_AUTHEN_SVC_NASI   8
+
+    u_char user_len;
+    u_char port_len;
+    u_char rem_addr_len;
+    u_char data_len;
+    /* <user_len bytes of char data> */
+    /* <port_len bytes of char data> */
+    /* <rem_addr_len bytes of u_char data> */
+    /* <data_len bytes of u_char data> */
+};
+
+#define TAC_AUTHEN_START_FIXED_FIELDS_SIZE 8
+
+/* Authentication continue packet NAS sends to us */ 
+struct authen_cont {
+    u_short user_msg_len;
+    u_short user_data_len;
+    u_char flags;
+
+#define TAC_PLUS_CONTINUE_FLAG_ABORT 0x1
+
+    /* <user_msg_len bytes of u_char data> */
+    /* <user_data_len bytes of u_char data> */
+};
+
+#define TAC_AUTHEN_CONT_FIXED_FIELDS_SIZE 5
+
+/* Authentication reply packet we send to NAS */ 
+struct authen_reply {
+    u_char status;
+
+#define TAC_PLUS_AUTHEN_STATUS_PASS     1
+#define TAC_PLUS_AUTHEN_STATUS_FAIL     2
+#define TAC_PLUS_AUTHEN_STATUS_GETDATA  3
+#define TAC_PLUS_AUTHEN_STATUS_GETUSER  4
+#define TAC_PLUS_AUTHEN_STATUS_GETPASS  5
+#define TAC_PLUS_AUTHEN_STATUS_RESTART  6
+#define TAC_PLUS_AUTHEN_STATUS_ERROR    7 
+#define TAC_PLUS_AUTHEN_STATUS_FOLLOW   0x21
+
+    u_char flags;
+
+#define TAC_PLUS_AUTHEN_FLAG_NOECHO     0x1
+
+    u_short msg_len;
+    u_short data_len;
+
+    /* <msg_len bytes of char data> */
+    /* <data_len bytes of u_char data> */
+};
+
+#define TAC_AUTHEN_REPLY_FIXED_FIELDS_SIZE 6
+
+#define AUTHEN_METH_NONE             0x01
+#define AUTHEN_METH_KRB5             0x02
+#define AUTHEN_METH_LINE             0x03
+#define AUTHEN_METH_ENABLE           0x04
+#define AUTHEN_METH_LOCAL            0x05
+#define AUTHEN_METH_TACACSPLUS       0x06
+#define AUTHEN_METH_RCMD             0x20
+
+struct acct {
+    u_char flags;
+
+#define TAC_PLUS_ACCT_FLAG_MORE     0x1
+#define TAC_PLUS_ACCT_FLAG_START    0x2
+#define TAC_PLUS_ACCT_FLAG_STOP     0x4
+#define TAC_PLUS_ACCT_FLAG_WATCHDOG 0x8
+	    
+    u_char authen_method;
+    u_char priv_lvl;
+    u_char authen_type;
+    u_char authen_service;
+    u_char user_len;
+    u_char port_len;
+    u_char rem_addr_len;
+    u_char arg_cnt; /* the number of cmd args */
+    /* one u_char containing size for each arg */
+    /* <user_len bytes of char data> */
+    /* <port_len bytes of char data> */
+    /* <rem_addr_len bytes of u_char data> */
+    /* char data for args 1 ... n */
+};
+
+#define TAC_ACCT_REQ_FIXED_FIELDS_SIZE 9
+
+struct acct_reply {
+    u_short msg_len;
+    u_short data_len;
+    u_char status;
+
+#define TAC_PLUS_ACCT_STATUS_SUCCESS 0x1
+#define TAC_PLUS_ACCT_STATUS_ERROR   0x2
+#define TAC_PLUS_ACCT_STATUS_FOLLOW  0x21
+
+};
+
+#define TAC_ACCT_REPLY_FIXED_FIELDS_SIZE 5
+
+/* An authorization request packet */
+struct author {
+    u_char authen_method;
+    u_char priv_lvl;
+    u_char authen_type;
+    u_char service;
+
+    u_char user_len;
+    u_char port_len;
+    u_char rem_addr_len;
+    u_char arg_cnt;		/* the number of args */
+
+    /* <arg_cnt u_chars containing the lengths of args 1 to arg n> */
+    /* <user_len bytes of char data> */
+    /* <port_len bytes of char data> */
+    /* <rem_addr_len bytes of u_char data> */
+    /* <char data for each arg> */
+};
+
+#define TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE 8
+
+/* An authorization reply packet */
+struct author_reply {
+    u_char status;
+    u_char arg_cnt;
+    u_short msg_len;
+    u_short data_len;
+
+#define AUTHOR_STATUS_PASS_ADD       0x01
+#define AUTHOR_STATUS_PASS_REPL      0x02
+#define AUTHOR_STATUS_FAIL           0x10
+#define AUTHOR_STATUS_ERROR          0x11
+#define AUTHOR_STATUS_FOLLOW	     0x21
+
+    /* <arg_cnt u_chars containing the lengths of arg 1 to arg n> */
+    /* <msg_len bytes of char data> */
+    /* <data_len bytes of char data> */
+    /* <char data for each arg> */
+};
+
+#define TAC_AUTHOR_REPLY_FIXED_FIELDS_SIZE 6
+
+
+#endif
diff -ruN ppp-2.2.0g/pppd/upap.c ppp-2.2.0g.tacacs/pppd/upap.c
--- ppp-2.2.0g/pppd/upap.c	Mon Jun 12 14:03:25 1995
+++ ppp-2.2.0g.tacacs/pppd/upap.c	Sun Feb  1 16:52:54 1998
@@ -34,6 +34,11 @@
 #include "pppd.h"
 #include "upap.h"
 
+#ifdef USE_TACACS_PLUS
+extern int usetacacs;
+extern int tac_login(char *user, char *passwd, int userlen, int passlen, 
+					char **msg, int *msglen);
+#endif
 
 upap_state upap[NUM_PPP];		/* UPAP state; one for each unit */
 
@@ -353,8 +358,15 @@
     /*
      * Check the username and password given.
      */
-    retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd,
-			   rpasswdlen, &msg, &msglen);
+
+    retcode = 
+#ifdef USE_TACACS_PLUS
+	    usetacacs ? 
+		tac_login(ruser, rpasswd, ruserlen, rpasswdlen, 
+				     &msg, &msglen) : /* use TACACS+ */
+#endif
+		check_passwd(u->us_unit, ruser, ruserlen, rpasswd,
+			  rpasswdlen, &msg, &msglen); /* use local files */
 
     upap_sresp(u, retcode, id, msg, msglen);