static int
tacacs_check(void)
{
int tac_fd;
int ret;
if (prev_pap_check_hook) {
ret = prev_pap_check_hook();
if (ret >= 0) {
return ret;
}
}
if (!use_tacacs)
return -1;
if (tac_server == -1)
return 0;
tac_fd = tac_connect(&tac_server, 1);
if (tac_fd < 0)
return 0;
close(tac_fd);
return 1;
}
int tac_connect_single(struct addrinfo *server, char *key) {
struct addrinfo *tmpaddr[1];
tmpaddr[0] = server;
char *tmpkey[1];
tmpkey[0] = key;
return(tac_connect(tmpaddr, tmpkey, 1));
} /* tac_connect_single */
static void
accounting_start(void)
{
int tac_fd;
char *phone;
char *msg;
struct tac_attrib *attr;
struct in_addr peer_addr;
char buf[40];
if (prev_ip_up_hook) {
prev_ip_up_hook();
}
if (use_tacacs && use_account && authorized) {
authorized = 0;
logged_in = 1;
if (tac_server == -1)
return;
tac_fd = tac_connect(&tac_server, 1);
if (tac_fd < 0)
return;
/* start accounting */
attr = NULL;
sprintf(buf, "%lu", time(0));
tac_add_attrib(&attr, "start_time", buf);
sprintf(buf, "%hu", task_id);
tac_add_attrib(&attr, "task_id", buf);
phone = getenv("CALLER_ID");
if (!phone)
phone = "Unknow";
tac_add_attrib(&attr, "phone_#", phone);
tac_add_attrib(&attr, "service", "ppp");
tac_add_attrib(&attr, "protocol", "ip");
peer_addr.s_addr = ipcp_hisoptions[0].hisaddr;
sprintf(buf, "%s", inet_ntoa(peer_addr));
tac_account_send(tac_fd, TAC_PLUS_ACCT_FLAG_START, peer_authname, tty, buf, attr);
msg = tac_account_read(tac_fd);
if (msg != NULL)
syslog(LOG_ERR,"TACACS+ start accounting failed: %s", msg);
close(tac_fd);
tac_free_attrib(&attr);
}
}
static void
accounting_stop(void)
{
int tac_fd;
char *msg;
struct tac_attrib *attr;
struct in_addr peer_addr;
char buf[40];
if (prev_ip_down_hook) {
prev_ip_down_hook();
}
if (use_tacacs && use_account && logged_in) {
logged_in = 0;
if (tac_server == -1)
return;
tac_fd = tac_connect(&tac_server, 1);
if (tac_fd < 0)
return;
/* stop accounting */
attr = NULL;
sprintf(buf, "%lu", time(0));
tac_add_attrib(&attr, "stop_time", buf);
sprintf(buf, "%hu", task_id);
tac_add_attrib(&attr, "task_id", buf);
if (link_stats_valid) {
sprintf(buf, "%d", link_stats.bytes_out);
tac_add_attrib(&attr, "bytes_out", buf);
sprintf(buf, "%d", link_stats.bytes_in);
tac_add_attrib(&attr, "bytes_in", buf);
sprintf(buf, "%d", link_connect_time);
tac_add_attrib(&attr, "elapsed_time", buf);
peer_addr.s_addr = ipcp_hisoptions[0].hisaddr;
sprintf(buf, "%s", inet_ntoa(peer_addr));
}
tac_account_send(tac_fd, TAC_PLUS_ACCT_FLAG_STOP, peer_authname, tty, buf, attr);
msg = tac_account_read(tac_fd);
if (msg != NULL)
syslog(LOG_ERR,"TACACS+ stop accounting failed: %s\n", msg);
close(tac_fd);
tac_free_attrib(&attr);
}
}
static int
tacacs_auth(char *t_user, char *t_passwd, char**t_msgp,
struct wordlist **t_paddrs, struct wordlist **t_popts)
{
int tac_fd;
char *msg;
struct areply arep;
struct tac_attrib *attr;
struct tac_attrib *attrentry;
struct wordlist **pnextaddr;
struct wordlist *addr;
int addrlen;
int ret;
if (prev_pap_auth_hook) {
ret = prev_pap_auth_hook(t_user, t_passwd, t_msgp, t_paddrs, t_popts);
if (ret >= 0) {
return ret;
}
}
if (!use_tacacs) return -1;
*t_msgp = "TACACS+ server failed";
*t_popts = NULL;
/* start authentication */
if (tac_server == -1)
return 0;
tac_fd = tac_connect(&tac_server, 1);
if (tac_fd < 0)
return 0;
if (tac_authen_pap_send(tac_fd, t_user, t_passwd, tty) < 0)
return 0;
msg = tac_authen_pap_read(tac_fd);
if (msg != NULL) {
*t_msgp = msg;
return 0;
}
close(tac_fd);
/* user/password is valid, now check authorization */
if (use_authorize) {
tac_fd = tac_connect(&tac_server, 1);
if (tac_fd < 0)
return 0;
attr = NULL;
tac_add_attrib(&attr, "service", "ppp");
tac_add_attrib(&attr, "protocol", "ip");
if (tac_author_send(tac_fd, t_user, tty, attr) < 0)
return 0;
tac_author_read(tac_fd, &arep);
if (arep.status != AUTHOR_STATUS_PASS_ADD
&& arep.status != AUTHOR_STATUS_PASS_REPL) {
*t_msgp = arep.msg;
return 0;
}
tac_free_attrib(&attr);
close(tac_fd);
/* Build up list of allowable addresses */
*t_paddrs = NULL; /* Default to allow all */
pnextaddr = t_paddrs;
for (attrentry=arep.attr; attrentry!=NULL; attrentry=attrentry->next) {
if (strncmp(attrentry->attr, "addr=", 5) == 0) {
addrlen = attrentry->attr_len - 5;
/* Allocate a buffer for both the structure and the address */
addr = (struct wordlist*)malloc(sizeof(struct wordlist)
+ addrlen + 1);
if (addr == NULL)
novm("TACACS+ address");
addr->word = (char*)(addr+1);
strncpy(addr->word, attrentry->attr+5, addrlen);
addr->word[addrlen] = '\0';
addr->next = NULL;
*pnextaddr = addr;
pnextaddr = &addr->next;
}
}
tac_free_attrib(&arep.attr);
}
*t_msgp = "Login succeeded";
syslog(LOG_INFO,"TACACS+ login succeeded for %s", t_user);
authorized = 1;
return 1;
}
int tac_connect_single(u_long server) {
return(tac_connect(&server, 1));
} /* tac_connect_single */