int rc_import_env(ENV *env, char **import)
{
char *es;
while (*import)
{
es = strchr(*import, '=');
if (!es)
{
import++;
continue;
}
/* ok, i grant thats not very clean... */
*es = '\0';
if (rc_add_env(env, *import, es+1) < 0)
{
*es = '=';
return (-1);
}
*es = '=';
import++;
}
return 0;
}
int
main (int argc, char **argv)
{
char username[128];
char passwd[AUTH_PASS_LEN + 1];
int tries, remaining, c;
UINT4 client_port;
void (*login_func)(char *);
FILE *fp;
char buf[4096];
char tty[1024], *p;
int noissue = 0;
int maxtries = 0;
char *ttyn = NULL;
char *path_radiusclient_conf = RC_CONFIG_FILE;
extern char *optarg;
extern int optind;
pname = (pname = strrchr(argv[0],'/'))?pname+1:argv[0];
rc_openlog(pname);
while ((c = getopt(argc,argv,"f:m:i:nhV")) > 0)
{
switch(c) {
case 'f':
path_radiusclient_conf = optarg;
break;
case 'i':
ttyn = optarg;
break;
case 'n':
noissue = 1;
break;
case 'm':
maxtries = atoi(optarg);
break;
case 'V':
version();
break;
case 'h':
usage();
break;
default:
exit(ERROR_RC);
break;
}
}
if (rc_read_config(path_radiusclient_conf) != 0)
exit(ERROR_RC);
if (rc_read_dictionary(rc_conf_str("dictionary")) != 0)
exit (ERROR_RC);
if (rc_read_mapfile(rc_conf_str("mapfile")) != 0)
exit (ERROR_RC);
if (ttyn != NULL)
{
client_port = rc_map2id(ttyn);
if ((p = strrchr(ttyn, '/')) == NULL)
strncpy(tty, ttyn, sizeof(tty));
else
strncpy(tty, p+1, sizeof(tty));
}
else
{
ttyn = ttyname(0);
if (ttyn)
{
if ((p = strrchr(ttyn, '/')) == NULL)
strncpy(tty, ttyn, sizeof(tty));
else
strncpy(tty, p+1, sizeof(tty));
client_port = rc_map2id(ttyn);
}
else
{
*tty = '\0';
client_port = 0;
}
}
#ifdef SETVBUF_REVERSED
setvbuf(stdout, _IONBF, NULL, 0);
#else
setvbuf(stdout, NULL, _IONBF, 0);
#endif
if ((argc - optind) == 1)
{
strncpy(username,argv[optind], sizeof(username));
}
else
{
*username = '******';
if (!noissue) {
if (rc_conf_str("issue") && ((fp = fopen(rc_conf_str("issue"), "r")) != NULL))
{
while (fgets(buf, sizeof(buf), fp) != NULL)
fputs(subst_placeholders(buf, tty), stdout);
fflush(stdout);
fclose(fp);
} else {
fputs(subst_placeholders(SC_DEFAULT_ISSUE, tty), stdout);
fflush(stdout);
}
}
}
if ((env = rc_new_env(ENV_SIZE)) == NULL)
{
rc_log(LOG_CRIT, "rc_new_env: FATAL: out of memory");
abort();
}
#ifdef SECURITY_DISABLED
if (rc_import_env(env,environ) < 0)
{
rc_log(LOG_CRIT, "rc_import_env: FATAL: not enough space for environment (increase ENV_SIZE)");
abort();
}
#else
rc_add_env(env, "IFS", " ");
rc_add_env(env, "PATH", RC_SECURE_PATH);
#endif
signal(SIGALRM, alarm_handler);
remaining = rc_conf_int("login_timeout");
if (!maxtries)
maxtries = rc_conf_int("login_tries");
tries = 1;
while (tries <= maxtries)
{
alarm(remaining);
while (!*username) {
p = rc_getstr (SC_LOGIN, 1);
if (p)
strncpy(username, p, sizeof(username));
else
exit (ERROR_RC);
}
p = rc_getstr(SC_PASSWORD,0);
if (p)
strncpy (passwd, p, sizeof (passwd));
else
exit (ERROR_RC);
remaining = alarm(0);
login_func = NULL;
if (rc_conf_int("auth_order") & AUTH_LOCAL_FST)
{
login_func = auth_local(username, passwd);
if (!login_func)
if (rc_conf_int("auth_order") & AUTH_RADIUS_SND)
login_func = auth_radius(client_port, username, passwd);
}
else
{
login_func = auth_radius(client_port, username, passwd);
if (!login_func)
if (rc_conf_int("auth_order") & AUTH_LOCAL_SND)
login_func = auth_local(username, passwd);
}
memset(passwd, '\0', sizeof(passwd));
if (login_func != NULL)
if (login_allowed(tty)) {
(*login_func)(username);
} else {
sleep(1);
exit (ERROR_RC);
}
*username = '******';
if ((++tries) <= maxtries) {
alarm(remaining);
sleep(tries * 2);
remaining = alarm(0);
}
}
fprintf(stderr, SC_EXCEEDED);
sleep(1);
exit (ERROR_RC);
}
LFUNC auth_radius(UINT4 client_port, char *username, char *passwd)
{
VALUE_PAIR *send, *received, *vp, *service_vp;
UINT4 service, ftype, ctype;
char msg[4096], *p, username_realm[256];
char name[2048], value[2048]; /* more than enough */
int result;
char *default_realm, *service_str, *ftype_str;
DICT_VALUE *dval;
send = received = NULL;
/*
* Determine and fill in Service-Type
*/
#ifdef SCP
/* determine based on the username what kind of service is requested.
this allows you to use one password for all accounts, but the
Merit radiusd supplies you just with the right information you
need for the specified service type -lf, 03/15/96 */
switch (*username)
{
case 'S':
service = PW_FRAMED;
ftype = PW_SLIP;
ctype = 0;
username++;
break;
case 'C':
service = PW_FRAMED;
ftype = PW_SLIP;
ctype = PW_VAN_JACOBSON_TCP_IP;
username++;
break;
case 'P':
service = PW_FRAMED;
ftype = PW_PPP;
ctype = 0;
username++;
break;
default:
service = PW_LOGIN;
ftype = 0;
ctype = 0;
break;
}
#else
service = PW_LOGIN;
ftype = 0;
ctype = 0;
#endif
if (rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
/* Fill in Framed-Protocol, if neccessary */
if (ftype != 0)
{
if (rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &ftype, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
}
/* Fill in Framed-Compression, if neccessary */
if (ctype != 0)
{
if (rc_avpair_add(&send, PW_FRAMED_COMPRESSION, &ctype, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
}
/*
* Fill in User-Name
*/
strncpy(username_realm, username, sizeof(username_realm));
/* Append default realm */
default_realm = rc_conf_str("default_realm");
if ((strchr(username_realm, '@') == NULL) && default_realm &&
((*default_realm) != '\0'))
{
strncat(username_realm, "@", sizeof(username_realm));
strncat(username_realm, default_realm, sizeof(username_realm));
}
if (rc_avpair_add(&send, PW_USER_NAME, username_realm, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
/*
* Fill in User-Password
*/
if (rc_avpair_add(&send, PW_USER_PASSWORD, passwd, 0, VENDOR_NONE) == NULL)
return (LFUNC) NULL;
result = rc_auth(client_port, send, &received, msg, NULL);
if (result == OK_RC)
{
/* Set up a running count of attributes saved. */
int acount[256], attr;
memset(acount, 0, sizeof(acount));
rc_add_env(env, "RADIUS_USER_NAME", username);
vp = received;
/* map-- keep track of the attributes so that we know
when to add the delimiters. Note that we can only
handle attributes < 256, which is the standard anyway. */
while (vp)
{
strcpy(name, "RADIUS_");
if (rc_avpair_tostr(vp, name+7, sizeof(name)-7, value, sizeof(value)) < 0) {
rc_avpair_free(send);
rc_avpair_free(received);
return (LFUNC) NULL;
}
/* Translate "-" => "_" and uppercase*/
for(p = name; *p; p++) {
*p = toupper(*p);
if (*p == '-') *p = '_';
}
/* Add to the attribute count and append the var
if necessary. */
if ((attr = vp->attribute) < 256)
{
int count;
if ((count = acount[attr]++) > 0) {
char buf[10];
sprintf(buf, "_%d", count);
strcat(name,buf);
}
}
if (rc_add_env(env, name, value) < 0)
{
rc_avpair_free(send);
rc_avpair_free(received);
return (LFUNC) NULL;
}
vp = vp->next;
}
service_str = "(unknown)";
ftype_str = NULL;
if ((service_vp = rc_avpair_get(received, PW_SERVICE_TYPE)) != NULL)
if ((dval = rc_dict_getval(service_vp->lvalue, service_vp->name)) != NULL) {
service_str = dval->name;
}
if (service_vp && (service_vp->lvalue == PW_FRAMED) &&
((vp = rc_avpair_get(received, PW_FRAMED_PROTOCOL)) != NULL))
if ((dval = rc_dict_getval(vp->lvalue, vp->name)) != NULL) {
ftype_str = dval->name;
}
rc_log(LOG_NOTICE, "authentication OK, username %s, service %s%s%s",
username, service_str,(ftype_str)?"/":"", (ftype_str)?ftype_str:"");
if (msg && (*msg != '\0'))
printf(SC_SERVER_REPLY, msg);
else
printf(SC_RADIUS_OK);
rc_avpair_free(send);
rc_avpair_free(received);
return radius_login;
}
else
{
rc_log(LOG_NOTICE, "authentication FAILED, type RADIUS, username %s",
username_realm);
if (msg && (*msg != '\0'))
printf(SC_SERVER_REPLY, msg);
else
printf(SC_RADIUS_FAILED);
}
rc_avpair_free(send);
if (received)
rc_avpair_free(received);
return (LFUNC) NULL;
}
