pppd-2.3.4.patch

pppd unix下使用的 pppd拨号程序源码

+		/* this is needed both by acct and author */
+		tty=devnam;
+		if(strncmp(tty, "/dev/", 5) == 0) tty+=5;	
+	}
+
+	if(tac_authorize && usetacacs) {
+		/* ask for authorization to provide IP to the peer */
+		int tac_fd;
+		struct areply *arep;
+
+		TACDEBUG((LOG_DEBUG, "ipcp_up: sending author request for %s", \
+						ip_ntoa(ho->hisaddr)))
+		attr=(struct tac_attrib *)xcalloc(1, sizeof(struct tac_attrib));
+		tac_add_attrib(attr, "service", "ppp");
+		tac_add_attrib(attr, "protocol", "ip"); /* ask for IPCP */
+		tac_add_attrib(attr, "addr", ip_ntoa(ho->hisaddr));
+
+		tac_fd=tac_connect(tac_server, tac_servers);
+
+		if(tac_author_send(tac_fd, tac_username, tty, attr) < 0) {
+			ipcp_close(f->unit, "Authorization error");
+			TACDEBUG((LOG_DEBUG, "ipcp_up: error sending request"))
+			return;
+		}
+
+		arep = tac_author_read(tac_fd);
+
+		if(arep->status != AUTHOR_STATUS_PASS_ADD &&
+						arep->status != AUTHOR_STATUS_PASS_REPL) {
+			syslog(LOG_ERR, "IPCP authorization failure: %s", arep->msg);
+			ipcp_close(f->unit, "Authorization failed");
+			return;
+		}
+		TACDEBUG((LOG_DEBUG, "ipcp_up: successful authorization: %s", \
+						arep->msg));
+
+		/* TODO: check arep->attrib and add to
+		 * ipcp_wantoptions[f->unit].hisaddr 
+		 */
+
+		close(tac_fd);
+		tac_free_attrib(attr);
+	}
+#endif
+
     /* set tcp compression */
     sifvjcomp(f->unit, ho->neg_vj, ho->cflag, ho->maxslotindex);
 
@@ -1252,6 +1333,40 @@
 
 	syslog(LOG_NOTICE, "local  IP address %s", ip_ntoa(go->ouraddr));
 	syslog(LOG_NOTICE, "remote IP address %s", ip_ntoa(ho->hisaddr));
+
+#ifdef USE_TACACS_PLUS
+	if(tac_accounting && usetacacs) {
+		char buf[40];	
+		int tac_fd;
+
+		TACDEBUG((LOG_NOTICE, "ipcp_up: start accounting"));
+		attr=(struct tac_attrib *)xcalloc(1, sizeof(struct tac_attrib));
+		sprintf(buf, "%lu", time(0));
+  		tac_add_attrib(attr, "start_time", buf);
+		task_id=(short int) magic();
+		sprintf(buf, "%u", task_id);
+		tac_add_attrib(attr, "task_id", buf);
+		tac_add_attrib(attr, "service", "ppp");
+		tac_add_attrib(attr, "protocol", "ip");
+		tac_add_attrib(attr, "addr", ip_ntoa(ho->hisaddr));
+		
+ 		tac_fd=tac_connect(tac_server, tac_servers);
+
+		if(tac_fd) {
+			tac_account_send(tac_fd, TAC_PLUS_ACCT_FLAG_START,
+					 	tac_username, tty, attr);
+	
+			tac_free_attrib(attr);
+
+			if(tac_account_read(tac_fd) != NULL) 
+				syslog(LOG_WARNING,
+					"TACACS+ accounting start failed");
+
+			close(tac_fd);	
+		}
+		TACDEBUG((LOG_NOTICE, "ipcp_up: start accounting done"));
+	}
+#endif
     }
 
     /*
@@ -1274,6 +1389,89 @@
     fsm *f;
 {
     IPCPDEBUG((LOG_INFO, "ipcp: down"));
+	
+#ifdef USE_TACACS_PLUS
+    /* get interface statistics for accounting */
+
+    if(tac_accounting && usetacacs) {
+    	char buf[40];
+    	int tac_fd, reqfd;
+    	struct tac_attrib *attr;
+		char *tty;
+
+		tty=devnam;
+		if(strncmp(tty, "/dev/", 5) == 0) tty+=5;	
+
+    	bzero(&treq, sizeof(treq));
+
+    	/* get interface statistics for accounting */
+    	reqfd = socket(AF_INET, SOCK_DGRAM, 0);
+
+#ifdef _linux_
+	treq.stats_ptr = (caddr_t) &treq.stats;
+#endif
+
+    	if(reqfd < 0)
+		syslog(LOG_DEBUG,
+		 "cannot get PPP statistics for %s (socket): %m", ifname);
+    	else {
+		sprintf(treq.ifr__name, "%s", ifname);
+		if(ioctl(reqfd, SIOCGPPPSTATS, &treq) < 0)
+		    syslog(LOG_DEBUG,
+		 	"cannot get PPP statistics for %s (ioctl): %m", ifname);
+		}
+
+     /* send stop accounting packet */
+
+		TACDEBUG((LOG_DEBUG, "ipcp_down: stop accounting"))
+		attr=(struct tac_attrib *) xcalloc(1, sizeof(struct tac_attrib));
+
+		sprintf(buf, "%lu", time(0));
+  		tac_add_attrib(attr, "stop_time", buf);
+		sprintf(buf, "%u", task_id);
+		tac_add_attrib(attr, "task_id", buf);
+		tac_add_attrib(attr, "service", "ppp");
+		tac_add_attrib(attr, "protocol", "ip");
+
+		if(((treq.stats).p).ppp_obytes) {
+			sprintf(buf, "%u", ((treq.stats).p).ppp_obytes);
+			tac_add_attrib(attr, "bytes_out", buf);
+			sprintf(buf, "%u", ((treq.stats).p).ppp_ibytes);
+			tac_add_attrib(attr, "bytes_in", buf);
+			sprintf(buf, "%u", ((treq.stats).p).ppp_opackets);
+			tac_add_attrib(attr, "paks_out", buf);
+			sprintf(buf, "%u", ((treq.stats).p).ppp_ipackets);
+			tac_add_attrib(attr, "paks_in", buf);
+		}
+
+		/* protect from SIGHUP, SIGALRM and SIGCHLD when remote
+		   modem disconnects at this stage */
+		signal(SIGALRM, SIG_IGN);
+		signal(SIGCHLD, SIG_IGN);
+		signal(SIGHUP, SIG_IGN);
+
+		tac_fd=tac_connect(tac_server, tac_servers);
+
+		if(tac_fd > 0) {
+			tac_account_send(tac_fd, TAC_PLUS_ACCT_FLAG_STOP, 
+					tac_username, tty, attr);
+
+			tac_free_attrib(attr);
+
+			if(tac_account_read(tac_fd) != NULL) 
+				syslog(LOG_DEBUG, "TACACS+ accounting stop failed");
+
+			close(tac_fd);
+		}
+		TACDEBUG((LOG_DEBUG, "ipcp_down: stop accounting done"))
+
+		/* reset signals to their default behaviour */
+		signal(SIGALRM, SIG_DFL);
+		signal(SIGCHLD, SIG_DFL);
+		signal(SIGHUP, SIG_DFL);
+    }
+#endif
+	
     np_down(f->unit, PPP_IP);
     sifvjcomp(f->unit, 0, 0, 0);
 
diff -ruN ppp-2.3.4/pppd/main.c ppp-2.3.4.tacacs/pppd/main.c
--- ppp-2.3.4/pppd/main.c	Mon Mar 30 08:25:34 1998
+++ ppp-2.3.4.tacacs/pppd/main.c	Mon Apr 20 17:40:44 1998
@@ -285,6 +285,12 @@
     syslog(LOG_NOTICE, "pppd %s.%d%s started by %s, uid %d",
 	   VERSION, PATCHLEVEL, IMPLEMENTATION, p, uid);
   
+#ifdef USE_TACACS_PLUS
+	if(usetacacs)
+			syslog(LOG_NOTICE, "using TACACS+ driver v%d.%d", tac_ver_major,
+							tac_ver_minor);
+#endif
+	
     /*
      * Compute mask of all interesting signals and install signal handlers
      * for each.  Only one signal handler may be active at a time.  Therefore,
@@ -417,7 +423,10 @@
 	 */
 	if (lockflag && !default_device) {
 	    if (lock(devnam) < 0)
+		die(1);
+/*
 		goto fail;
+*/
 	    locked = 1;
 	}
 
diff -ruN ppp-2.3.4/pppd/options.c ppp-2.3.4.tacacs/pppd/options.c
--- ppp-2.3.4/pppd/options.c	Thu Mar 26 05:46:07 1998
+++ ppp-2.3.4.tacacs/pppd/options.c	Tue May  5 13:57:03 1998
@@ -113,6 +113,17 @@
 int	refuse_pap = 0;		/* Set to say we won't do PAP */
 int	refuse_chap = 0;	/* Set to say we won't do CHAP */
 
+#ifdef USE_TACACS_PLUS
+#include "tacplus.h"
+#include "libtac.h"
+int usetacacs = 0;						/* Use TACACS+ AAA */
+u_long tac_server[TAC_PLUS_MAXSERVERS];	/* TACACS+ server addresses */
+int tac_servers = 0;					/* How many servers are defined */
+int tac_encryption = 1;					/* Do we encrypt packets */
+char *tac_secret;						/* Encryption shared secret */
+int tac_authorize = 0;					/* Authorize services */
+int tac_accounting = 0;					/* Send accounting information */
+#endif
 #ifdef MSLANMAN
 int	ms_lanman = 0;    	/* Nonzero if use LanMan password instead of NT */
 			  	/* Has meaning only with MS-CHAP challenges */
@@ -255,6 +266,15 @@
 static int setmslanman __P((char **));
 #endif
 
+#ifdef USE_TACACS_PLUS
+static int settacacsserver __P((char **));
+static int settacacssecret __P((char **));
+static int setnotacacsencryption __P((void));
+static int settacacsauthorize __P((void));
+static int settacacsaccounting __P((void));
+static int setdotacacs __P((void));
+#endif
+
 static int number_option __P((char *, u_int32_t *, int));
 static int int_option __P((char *, int *));
 static int readable __P((int fd));
@@ -416,6 +436,17 @@
     {"ms-lanman", 0, setmslanman},	/* Use LanMan psswd when using MS-CHAP */
 #endif
 
+#ifdef USE_TACACS_PLUS
+    {"tacacs", 0, setdotacacs},
+    {"tacacs-server", 1, settacacsserver},
+    {"tacacs-secret", 1, settacacssecret},
+    {"-tacacs-encryption", 0, setnotacacsencryption},
+    {"notacacs-encryption", 0, setnotacacsencryption},
+    {"tacacs-authorize", 0, settacacsauthorize},
+    {"tacacs-authorization", 0, settacacsauthorize},
+    {"tacacs-accounting", 0, settacacsaccounting},
+#endif
+
     {NULL, 0, NULL}
 };
 
@@ -2084,6 +2115,72 @@
 {
     return int_option(*argv, &lcp_fsm[0].maxconfreqtransmits);
 }
+
+#ifdef USE_TACACS_PLUS
+static int
+settacacsserver(argv)
+    char **argv;
+{
+    	if(tac_servers >= TAC_PLUS_MAXSERVERS) {
+    		fprintf(stderr, "Too many tacacs-server options, max is %d",
+			TAC_PLUS_MAXSERVERS);
+		return(0);
+    	}
+    
+    	tac_server[tac_servers] = inet_addr(*argv);
+
+    	if (tac_server[tac_servers] == -1) {
+		fprintf(stderr, "Invalid TACACS+ server address %s\n", *argv);
+		return 0;
+    	}
+
+	tac_servers++;
+    	return(1);
+}
+
+static int
+settacacssecret(argv)
+    char **argv;
+{
+    tac_secret=(char *) calloc(1, strlen(*argv)+1);
+    strncpy(tac_secret, *argv, strlen(*argv));
+    if(*argv == NULL) {
+     fprintf(stderr, "TACACS+ secret is not specified or invalid: \"%s\" ", *argv);
+     return(0);
+    }
+    return(1);
+}
+
+static int
+setnotacacsencryption(void)
+{
+    tac_encryption=0;
+    return(1);
+      
+}
+
+static int
+setdotacacs(void)
+{
+    usetacacs=1;
+    return(1);
+}
+
+static int
+settacacsauthorize(void)
+{
+    tac_authorize=1;
+    return(1);
+}
+
+static int
+settacacsaccounting(void)
+{
+    tac_accounting=1;
+    return(1);
+}
+
+#endif /* USE_TACACS_PLUS */
 
 static int
 setlcpfails(argv)
diff -ruN ppp-2.3.4/pppd/pppd.h ppp-2.3.4.tacacs/pppd/pppd.h
--- ppp-2.3.4/pppd/pppd.h	Thu Mar 26 05:46:07 1998
+++ ppp-2.3.4.tacacs/pppd/pppd.h	Sun Apr 19 09:34:06 1998
@@ -71,6 +71,18 @@
 extern char	**script_env;	/* Environment variables for scripts */
 extern int	detached;	/* Have detached from controlling tty */
 
+#ifdef USE_TACACS_PLUS
+#include "tacplus.h"
+#include "libtac.h"
+extern int usetacacs;		/* Use TACACS+ authentication */
+extern u_long tac_server[TAC_PLUS_MAXSERVERS];	/* TACACS+ server */
+extern int tac_servers;
+extern int tac_encryption;         /* Encrypt TACACS+ packets */
+extern char *tac_secret;		/* Packets encryption key */
+extern int tac_authorize;		/* Authorize user requesting service */
+extern int tac_accounting;		/* Do TACACS+ accounting */
+#endif
+
 /*
  * Variables set by command-line options.
  */
@@ -412,6 +424,9 @@
 #define DEBUGIPCP	1
 #define DEBUGUPAP	1
 #define DEBUGCHAP	1
+#ifdef USE_TACACS_PLUS
+#define	DEBUGTAC	1
+#endif
 #endif
 
 #ifndef LOG_PPP			/* we use LOG_LOCAL2 for syslog by default */
@@ -464,6 +479,12 @@
 #define CHAPDEBUG(x)	if (debug) syslog x
 #else
 #define CHAPDEBUG(x)
+#endif
+
+#ifdef DEBUGTAC
+#define TACDEBUG(x)	syslog x;
+#else
+#define TACDEBUG(x)
 #endif
 
 #ifdef DEBUGIPXCP
diff -ruN ppp-2.3.4/pppd/upap.c ppp-2.3.4.tacacs/pppd/upap.c
--- ppp-2.3.4/pppd/upap.c	Wed Apr 30 07:59:56 1997
+++ ppp-2.3.4.tacacs/pppd/upap.c	Sun Apr 19 09:34:06 1998
@@ -73,6 +73,11 @@
 static void upap_sauthreq __P((upap_state *));
 static void upap_sresp __P((upap_state *, int, int, char *, int));
 
+#ifdef USE_TACACS_PLUS
+extern int usetacacs;
+extern int tac_login(char *user, char *passwd, int userlen, int passlen, 
+					char **msg, int *msglen);
+#endif
 
 /*
  * upap_init - Initialize a UPAP unit.
@@ -380,7 +385,13 @@
     /*
      * Check the username and password given.
      */
-    retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd,
+    retcode = 
+#ifdef USE_TACACS_PLUS
+			usetacacs ? 
+			tac_login(ruser, rpasswd, ruserlen, rpasswdlen,
+							&msg, &msglen) :
+#endif
+			check_passwd(u->us_unit, ruser, ruserlen, rpasswd,
 			   rpasswdlen, &msg, &msglen);
     BZERO(rpasswd, rpasswdlen);