SEO

If you use userland PPP in server mode with RADIUS please
test the following diff. This does not change the existing
behavior unless the new rad_port_id option is used.


Add a new option for ppp.conf: rad_port_id. It allows to
change the way of what ppp submits to the RADIUS server
as NAS-Port-Id. Possible options are: the PID of the process
owning the corresponding interface, tun(4) interface number,
interface index (as it would get returned by if_nametoindex(3)),
or it's possible to keep the default behavior. Check the ppp(8)
manual page for details.

From novel@FreeBSD


Index: command.c
================================================== =================
RCS file: /cvs/src/usr.sbin/ppp/ppp/command.c,v
retrieving revision 1.91
diff -u -p -r1.91 command.c
--- command.c 21 Sep 2005 16:28:47 -0000 1.91
+++ command.c 6 Sep 2007 00:37:14 -0000
@@ -143,6 +143,7 @@
#define VAR_MPPE 36
#define VAR_IPV6CPRETRY 37
#define VAR_RAD_ALIVE 38
+#define VAR_PORT_ID 39

/* ``accept|deny|disable|enable'' masks */
#define NEG_HISMASK (1)
@@ -2295,6 +2296,30 @@ SetVariable(struct cmdargs const *arg)
}
}
break;
+
+#ifndef NORADIUS
+ case VAR_PORT_ID:
+ if (strcasecmp(argp, "default") == 0)
+ arg->bundle->radius.port_id_type = RPI_DEFAULT;
+ else if (strcasecmp(argp, "pid") == 0)
+ arg->bundle->radius.port_id_type = RPI_PID;
+ else if (strcasecmp(argp, "ifnum") == 0)
+ arg->bundle->radius.port_id_type = RPI_IFNUM;
+ else if (strcasecmp(argp, "tunnum") == 0)
+ arg->bundle->radius.port_id_type = RPI_TUNNUM;
+ else {
+ log_Printf(LogWARN,
+ "RADIUS port id must be one of \"default\", \"pid\", \"ifnum\" or
\"tunnum\"\n");
+ res = 1;
+ }
+
+ if (arg->bundle->radius.port_id_type && !arg->bundle->radius.cfg.file) {
+ log_Printf(LogWARN, "rad_port_id requires radius to be configured\n");
+ res = 1;
+ }
+
+ break;
+#endif
}

return res;
@@ -2399,7 +2424,10 @@ static struct cmdtab const SetCommands[]
"RADIUS Config", "set radius cfgfile", (const void *)VAR_RADIUS},
{"rad_alive", NULL, SetVariable, LOCAL_AUTH,
"Raduis alive interval", "set rad_alive value",
- (const void *)VAR_RAD_ALIVE},
+ (const void *)VAR_RAD_ALIVE},
+ {"rad_port_id", NULL, SetVariable, LOCAL_AUTH,
+ "NAS-Port-Id", "set rad_port_id [default|pid|ifnum|tunnum]",
+ (const void *)VAR_PORT_ID},
#endif
{"reconnect", NULL, datalink_SetReconnect, LOCAL_AUTH | LOCAL_CX,
"Reconnect timeout", "set reconnect value ntries"},
Index: ppp.8.m4
================================================== =================
RCS file: /cvs/src/usr.sbin/ppp/ppp/ppp.8.m4,v
retrieving revision 1.38
diff -u -p -r1.38 ppp.8.m4
--- ppp.8.m4 31 May 2007 19:20:27 -0000 1.38
+++ ppp.8.m4 6 Sep 2007 00:33:48 -0000
@@ -5568,6 +5568,27 @@ value will tell
to sent RADIUS accounting information to the RADIUS server every
.Ar timeout
seconds.
+.It Ic set rad_port_id Ar option
+When RADIUS is configured, setting the
+.Dq rad_port_id
+value allows to specify what should be sent to the RADIUS server as
+NAS-Port-Id.
+The
+.Ar option Ns No s
+are as follows:
+.Pp
+.Bl -tag -width Ds
+.It pid
+PID of the corresponding tunnel.
+.It tunnum
+.Xr tun 4
+interface number.
+.It ifnum
+index of the interface as returned by
+.Xr if_nametoindex 3 .
+.It default
+keeps the default behavior.
+.El
.It Ic set reconnect Ar timeout ntries
Should the line drop unexpectedly (due to loss of CD or LQR
failure), a connection will be re-established after the given
Index: radius.c
================================================== =================
RCS file: /cvs/src/usr.sbin/ppp/ppp/radius.c,v
retrieving revision 1.36
diff -u -p -r1.36 radius.c
--- radius.c 21 Sep 2005 16:58:34 -0000 1.36
+++ radius.c 6 Sep 2007 00:20:34 -0000
@@ -93,6 +93,7 @@
#include "ncp.h"
#include "bundle.h"
#include "proto.h"
+#include "iface.h"

#if !defined(UINT32_MAX)
#define UINT32_MAX 0xffffffffU
@@ -818,7 +819,7 @@ radius_Destroy(struct radius *r)
}

static int
-radius_put_physical_details(struct rad_handle *rad, struct physical *p)
+radius_put_physical_details(struct radius *rad, struct physical *p)
{
int slot, type;

@@ -846,16 +847,32 @@ radius_put_physical_details(struct rad_h
break;
}

- if (rad_put_int(rad, RAD_NAS_PORT_TYPE, type) != 0) {
- log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad));
- rad_close(rad);
+ if (rad_put_int(rad->cx.rad, RAD_NAS_PORT_TYPE, type) != 0) {
+ log_Printf(LogERROR, "rad_put: rad_put_int: %s\n",
rad_strerror(rad->cx.rad));
+ rad_close(rad->cx.rad);
return 0;
}

- if ((slot = physical_Slot(p)) >= 0)
- if (rad_put_int(rad, RAD_NAS_PORT, slot) != 0) {
- log_Printf(LogERROR, "rad_put: rad_put_int: %s\n", rad_strerror(rad));
- rad_close(rad);
+ switch (rad->port_id_type) {
+ case RPI_PID:
+ slot = (int)getpid();
+ break;
+ case RPI_IFNUM:
+ slot = p->dl->bundle->iface->index;
+ break;
+ case RPI_TUNNUM:
+ slot = p->dl->bundle->unit;
+ break;
+ case RPI_DEFAULT:
+ default:
+ slot = physical_Slot(p);
+ break;
+ }
+
+ if (slot >= 0)
+ if (rad_put_int(rad->cx.rad, RAD_NAS_PORT, slot) != 0) {
+ log_Printf(LogERROR, "rad_put: rad_put_int: %s\n",
rad_strerror(rad->cx.rad));
+ rad_close(rad->cx.rad);
return 0;
}

@@ -1023,7 +1040,7 @@ radius_Authenticate(struct radius *r, st
return 0;
}

- radius_put_physical_details(r->cx.rad, authp->physical);
+ radius_put_physical_details(r, authp->physical);

log_Printf(LogRADIUS, "Radius(auth): %s data sent for %s\n", what, name);

@@ -1201,7 +1218,7 @@ radius_Account(struct radius *r, struct
}
}

- radius_put_physical_details(r->cx.rad, dl->physical);
+ radius_put_physical_details(r, dl->physical);

if (rad_put_int(r->cx.rad, RAD_ACCT_STATUS_TYPE, acct_type) != 0 ||
rad_put_string(r->cx.rad, RAD_ACCT_SESSION_ID, ac->session_id) != 0 ||
Index: radius.h
================================================== =================
RCS file: /cvs/src/usr.sbin/ppp/ppp/radius.h,v
retrieving revision 1.16
diff -u -p -r1.16 radius.h
--- radius.h 21 Sep 2005 16:58:34 -0000 1.16
+++ radius.h 6 Sep 2007 00:16:06 -0000
@@ -32,6 +32,11 @@
#define MPPE_TYPE_40BIT 2
#define MPPE_TYPE_128BIT 4

+#define RPI_DEFAULT 1
+#define RPI_PID 2
+#define RPI_IFNUM 3
+#define RPI_TUNNUM 4
+
struct radius {
struct fdescriptor desc; /* We're a sort of (selectable) fdescriptor */
struct {
@@ -70,6 +75,7 @@ struct radius {
struct pppTimer timer; /* for this long */
int interval;
} alive;
+ short unsigned int port_id_type;
};

struct radacct {

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.