2 Copyright (c) 1995-1998 by Cisco systems, Inc.
4 Permission to use, copy, modify, and distribute this software for
5 any purpose and without fee is hereby granted, provided that this
6 copyright and permission notice appear on all copies of the
7 software and supporting documentation, the name of Cisco Systems,
8 Inc. not be used in advertising or publicity pertaining to
9 distribution of the program without specific prior permission, and
10 notice be given in supporting documentation that modification,
11 copying and distribution is by permission of Cisco Systems, Inc.
13 Cisco Systems, Inc. makes no representations about the suitability
14 of this software for any purpose. THIS SOFTWARE IS PROVIDED ``AS
15 IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
16 WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
17 FITNESS FOR A PARTICULAR PURPOSE.
23 * Come here when we receive an authorization START packet
32 struct identity identity;
33 struct author_data author_data;
39 if (debug & DEBUG_AUTHOR_FLAG)
40 report(LOG_DEBUG, "Start authorization request");
43 apak = (struct author *) (pak + TAC_PLUS_HDR_SIZE);
45 /* Do some sanity checks */
46 if (hdr->seq_no != 1) {
47 send_error_reply(TAC_PLUS_AUTHOR, NULL);
51 /* arg counts start here */
52 p = pak + TAC_PLUS_HDR_SIZE + TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE;
55 len = TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE;
56 len += apak->user_len + apak->port_len + apak->rem_addr_len + apak->arg_cnt;
57 for (i = 0; i < (int)apak->arg_cnt; i++) {
61 if (len != ntohl(hdr->datalength)) {
62 send_error_reply(TAC_PLUS_AUTHOR, NULL);
66 /* start of variable length data is here */
67 p = pak + TAC_PLUS_HDR_SIZE + TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE;
69 /* arg length data starts here */
74 bzero(&author_data, sizeof(struct author_data));
76 /* The identity structure */
78 /* zero out identity struct */
79 bzero(&identity, sizeof(struct identity));
80 identity.username = tac_make_string(p, (int) apak->user_len);
83 identity.NAS_name = tac_strdup(session.peer);
85 identity.NAS_port = tac_make_string(p, (int)apak->port_len);
87 if (apak->port_len <= 0) {
88 strcpy(session.port, "unknown-port");
90 strcpy(session.port, identity.NAS_port);
93 identity.NAC_address = tac_make_string(p, (int)apak->rem_addr_len);
94 p += apak->rem_addr_len;
96 identity.priv_lvl = apak->priv_lvl;
98 /* The author_data structure */
100 author_data.id = &identity; /* user id */
102 /* FIXME: validate these fields */
103 author_data.authen_method = apak->authen_method;
104 author_data.authen_type = apak->authen_type;
105 author_data.service = apak->service;
106 author_data.num_in_args = apak->arg_cnt;
108 /* Space for args + NULL */
109 cmd_argp = (char **) tac_malloc(apak->arg_cnt * sizeof(char *));
111 /* p points to the start of args. Step thru them making strings */
112 for (i = 0; i < (int)apak->arg_cnt; i++) {
113 cmd_argp[i] = tac_make_string(p, *argsizep);
117 author_data.input_args = cmd_argp; /* input command arguments */
119 if (do_author(&author_data)) {
120 report(LOG_ERR, "%s: do_author returned an error", session.peer);
121 send_author_reply(AUTHOR_STATUS_ERROR,
123 author_data.admin_msg,
124 author_data.num_out_args,
125 author_data.output_args);
129 /* Send a reply packet */
130 send_author_reply(author_data.status,
132 author_data.admin_msg,
133 author_data.num_out_args,
134 author_data.output_args);
137 report(LOG_INFO, "authorization query for '%s' %s from %s %s",
138 author_data.id->username && author_data.id->username[0] ?
139 author_data.id->username : "unknown",
140 author_data.id->NAS_port && author_data.id->NAS_port[0] ?
141 author_data.id->NAS_port : "unknown",
143 (author_data.status == AUTHOR_STATUS_PASS_ADD ||
144 author_data.status == AUTHOR_STATUS_PASS_REPL) ?
145 "accepted" : "rejected");
147 /* free the input args */
148 if (author_data.input_args) {
149 for (i = 0; i < author_data.num_in_args; i++)
150 free(author_data.input_args[i]);
152 free(author_data.input_args);
153 author_data.input_args = NULL;
156 /* free the output args */
157 if (author_data.output_args) {
158 for (i=0; i < author_data.num_out_args; i++)
159 free(author_data.output_args[i]);
161 free(author_data.output_args);
162 author_data.output_args = NULL;
166 free(author_data.msg);
168 if (author_data.admin_msg)
169 free(author_data.admin_msg);
171 free(identity.username);
172 free(identity.NAS_name);
173 free(identity.NAS_port);
174 free(identity.NAC_address);