int rc_import_env(ENV *env, char **import) { char *es; while (*import) { es = strchr(*import, '='); if (!es) { import++; continue; } /* ok, i grant thats not very clean... */ *es = '\0'; if (rc_add_env(env, *import, es+1) < 0) { *es = '='; return (-1); } *es = '='; import++; } return 0; }
int main (int argc, char **argv) { char username[128]; char passwd[AUTH_PASS_LEN + 1]; int tries, remaining, c; UINT4 client_port; void (*login_func)(char *); FILE *fp; char buf[4096]; char tty[1024], *p; int noissue = 0; int maxtries = 0; char *ttyn = NULL; char *path_radiusclient_conf = RC_CONFIG_FILE; extern char *optarg; extern int optind; pname = (pname = strrchr(argv[0],'/'))?pname+1:argv[0]; rc_openlog(pname); while ((c = getopt(argc,argv,"f:m:i:nhV")) > 0) { switch(c) { case 'f': path_radiusclient_conf = optarg; break; case 'i': ttyn = optarg; break; case 'n': noissue = 1; break; case 'm': maxtries = atoi(optarg); break; case 'V': version(); break; case 'h': usage(); break; default: exit(ERROR_RC); break; } } if (rc_read_config(path_radiusclient_conf) != 0) exit(ERROR_RC); if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) exit (ERROR_RC); if (rc_read_mapfile(rc_conf_str("mapfile")) != 0) exit (ERROR_RC); if (ttyn != NULL) { client_port = rc_map2id(ttyn); if ((p = strrchr(ttyn, '/')) == NULL) strncpy(tty, ttyn, sizeof(tty)); else strncpy(tty, p+1, sizeof(tty)); } else { ttyn = ttyname(0); if (ttyn) { if ((p = strrchr(ttyn, '/')) == NULL) strncpy(tty, ttyn, sizeof(tty)); else strncpy(tty, p+1, sizeof(tty)); client_port = rc_map2id(ttyn); } else { *tty = '\0'; client_port = 0; } } #ifdef SETVBUF_REVERSED setvbuf(stdout, _IONBF, NULL, 0); #else setvbuf(stdout, NULL, _IONBF, 0); #endif if ((argc - optind) == 1) { strncpy(username,argv[optind], sizeof(username)); } else { *username = '******'; if (!noissue) { if (rc_conf_str("issue") && ((fp = fopen(rc_conf_str("issue"), "r")) != NULL)) { while (fgets(buf, sizeof(buf), fp) != NULL) fputs(subst_placeholders(buf, tty), stdout); fflush(stdout); fclose(fp); } else { fputs(subst_placeholders(SC_DEFAULT_ISSUE, tty), stdout); fflush(stdout); } } } if ((env = rc_new_env(ENV_SIZE)) == NULL) { rc_log(LOG_CRIT, "rc_new_env: FATAL: out of memory"); abort(); } #ifdef SECURITY_DISABLED if (rc_import_env(env,environ) < 0) { rc_log(LOG_CRIT, "rc_import_env: FATAL: not enough space for environment (increase ENV_SIZE)"); abort(); } #else rc_add_env(env, "IFS", " "); rc_add_env(env, "PATH", RC_SECURE_PATH); #endif signal(SIGALRM, alarm_handler); remaining = rc_conf_int("login_timeout"); if (!maxtries) maxtries = rc_conf_int("login_tries"); tries = 1; while (tries <= maxtries) { alarm(remaining); while (!*username) { p = rc_getstr (SC_LOGIN, 1); if (p) strncpy(username, p, sizeof(username)); else exit (ERROR_RC); } p = rc_getstr(SC_PASSWORD,0); if (p) strncpy (passwd, p, sizeof (passwd)); else exit (ERROR_RC); remaining = alarm(0); login_func = NULL; if (rc_conf_int("auth_order") & AUTH_LOCAL_FST) { login_func = auth_local(username, passwd); if (!login_func) if (rc_conf_int("auth_order") & AUTH_RADIUS_SND) login_func = auth_radius(client_port, username, passwd); } else { login_func = auth_radius(client_port, username, passwd); if (!login_func) if (rc_conf_int("auth_order") & AUTH_LOCAL_SND) login_func = auth_local(username, passwd); } memset(passwd, '\0', sizeof(passwd)); if (login_func != NULL) if (login_allowed(tty)) { (*login_func)(username); } else { sleep(1); exit (ERROR_RC); } *username = '******'; if ((++tries) <= maxtries) { alarm(remaining); sleep(tries * 2); remaining = alarm(0); } } fprintf(stderr, SC_EXCEEDED); sleep(1); exit (ERROR_RC); }
LFUNC auth_radius(UINT4 client_port, char *username, char *passwd) { VALUE_PAIR *send, *received, *vp, *service_vp; UINT4 service, ftype, ctype; char msg[4096], *p, username_realm[256]; char name[2048], value[2048]; /* more than enough */ int result; char *default_realm, *service_str, *ftype_str; DICT_VALUE *dval; send = received = NULL; /* * Determine and fill in Service-Type */ #ifdef SCP /* determine based on the username what kind of service is requested. this allows you to use one password for all accounts, but the Merit radiusd supplies you just with the right information you need for the specified service type -lf, 03/15/96 */ switch (*username) { case 'S': service = PW_FRAMED; ftype = PW_SLIP; ctype = 0; username++; break; case 'C': service = PW_FRAMED; ftype = PW_SLIP; ctype = PW_VAN_JACOBSON_TCP_IP; username++; break; case 'P': service = PW_FRAMED; ftype = PW_PPP; ctype = 0; username++; break; default: service = PW_LOGIN; ftype = 0; ctype = 0; break; } #else service = PW_LOGIN; ftype = 0; ctype = 0; #endif if (rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0, VENDOR_NONE) == NULL) return (LFUNC) NULL; /* Fill in Framed-Protocol, if neccessary */ if (ftype != 0) { if (rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &ftype, 0, VENDOR_NONE) == NULL) return (LFUNC) NULL; } /* Fill in Framed-Compression, if neccessary */ if (ctype != 0) { if (rc_avpair_add(&send, PW_FRAMED_COMPRESSION, &ctype, 0, VENDOR_NONE) == NULL) return (LFUNC) NULL; } /* * Fill in User-Name */ strncpy(username_realm, username, sizeof(username_realm)); /* Append default realm */ default_realm = rc_conf_str("default_realm"); if ((strchr(username_realm, '@') == NULL) && default_realm && ((*default_realm) != '\0')) { strncat(username_realm, "@", sizeof(username_realm)); strncat(username_realm, default_realm, sizeof(username_realm)); } if (rc_avpair_add(&send, PW_USER_NAME, username_realm, 0, VENDOR_NONE) == NULL) return (LFUNC) NULL; /* * Fill in User-Password */ if (rc_avpair_add(&send, PW_USER_PASSWORD, passwd, 0, VENDOR_NONE) == NULL) return (LFUNC) NULL; result = rc_auth(client_port, send, &received, msg, NULL); if (result == OK_RC) { /* Set up a running count of attributes saved. */ int acount[256], attr; memset(acount, 0, sizeof(acount)); rc_add_env(env, "RADIUS_USER_NAME", username); vp = received; /* map-- keep track of the attributes so that we know when to add the delimiters. Note that we can only handle attributes < 256, which is the standard anyway. */ while (vp) { strcpy(name, "RADIUS_"); if (rc_avpair_tostr(vp, name+7, sizeof(name)-7, value, sizeof(value)) < 0) { rc_avpair_free(send); rc_avpair_free(received); return (LFUNC) NULL; } /* Translate "-" => "_" and uppercase*/ for(p = name; *p; p++) { *p = toupper(*p); if (*p == '-') *p = '_'; } /* Add to the attribute count and append the var if necessary. */ if ((attr = vp->attribute) < 256) { int count; if ((count = acount[attr]++) > 0) { char buf[10]; sprintf(buf, "_%d", count); strcat(name,buf); } } if (rc_add_env(env, name, value) < 0) { rc_avpair_free(send); rc_avpair_free(received); return (LFUNC) NULL; } vp = vp->next; } service_str = "(unknown)"; ftype_str = NULL; if ((service_vp = rc_avpair_get(received, PW_SERVICE_TYPE)) != NULL) if ((dval = rc_dict_getval(service_vp->lvalue, service_vp->name)) != NULL) { service_str = dval->name; } if (service_vp && (service_vp->lvalue == PW_FRAMED) && ((vp = rc_avpair_get(received, PW_FRAMED_PROTOCOL)) != NULL)) if ((dval = rc_dict_getval(vp->lvalue, vp->name)) != NULL) { ftype_str = dval->name; } rc_log(LOG_NOTICE, "authentication OK, username %s, service %s%s%s", username, service_str,(ftype_str)?"/":"", (ftype_str)?ftype_str:""); if (msg && (*msg != '\0')) printf(SC_SERVER_REPLY, msg); else printf(SC_RADIUS_OK); rc_avpair_free(send); rc_avpair_free(received); return radius_login; } else { rc_log(LOG_NOTICE, "authentication FAILED, type RADIUS, username %s", username_realm); if (msg && (*msg != '\0')) printf(SC_SERVER_REPLY, msg); else printf(SC_RADIUS_FAILED); } rc_avpair_free(send); if (received) rc_avpair_free(received); return (LFUNC) NULL; }