2 Copyright (c) 1995-1998 by Cisco systems, Inc.
4 Permission to use, copy, modify, and distribute this software for
5 any purpose and without fee is hereby granted, provided that this
6 copyright and permission notice appear on all copies of the
7 software and supporting documentation, the name of Cisco Systems,
8 Inc. not be used in advertising or publicity pertaining to
9 distribution of the program without specific prior permission, and
10 notice be given in supporting documentation that modification,
11 copying and distribution is by permission of Cisco Systems, Inc.
13 Cisco Systems, Inc. makes no representations about the suitability
14 of this software for any purpose. THIS SOFTWARE IS PROVIDED ``AS
15 IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
16 WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
17 FITNESS FOR A PARTICULAR PURPOSE.
24 #include <netinet/in.h> /* for ntohl() */
30 #include "do_author.h"
36 * Come here when we receive an authorization START packet
39 void author TAC_ARGS((u_char *pak));
47 struct identity identity;
48 struct author_data author_data;
55 if (debug & DEBUG_AUTHOR_FLAG)
56 report(LOG_DEBUG, "Start authorization request");
59 apak = (struct author *) (pak + TAC_PLUS_HDR_SIZE);
61 /* Do some sanity checks */
62 if (hdr->seq_no != 1) {
63 send_error_reply(TAC_PLUS_AUTHOR, NULL);
67 /* arg counts start here */
68 p = pak + TAC_PLUS_HDR_SIZE + TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE;
71 len = TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE;
72 len += apak->user_len + apak->port_len + apak->rem_addr_len + apak->arg_cnt;
73 for (i = 0; i < (int)apak->arg_cnt; i++) {
77 if (len != (unsigned long) ntohl(hdr->datalength)) {
78 send_error_reply(TAC_PLUS_AUTHOR, NULL);
82 /* start of variable length data is here */
83 p = pak + TAC_PLUS_HDR_SIZE + TAC_AUTHOR_REQ_FIXED_FIELDS_SIZE;
85 /* arg length data starts here */
90 bzero(&author_data, sizeof(struct author_data));
92 /* The identity structure */
94 /* zero out identity struct */
95 bzero(&identity, sizeof(struct identity));
96 identity.username = tac_make_string(p, (int) apak->user_len);
99 identity.NAS_name = tac_strdup(session.peer);
101 identity.NAS_port = tac_make_string(p, (int)apak->port_len);
103 if (apak->port_len <= 0) {
104 strcpy(session.port, "unknown-port");
106 strcpy(session.port, identity.NAS_port);
109 identity.NAC_address = tac_make_string(p, (int)apak->rem_addr_len);
110 p += apak->rem_addr_len;
112 identity.priv_lvl = apak->priv_lvl;
114 cfg_request_identity(&identity);
116 /* The author_data structure */
118 author_data.id = &identity; /* user id */
120 /* FIXME: validate these fields */
121 author_data.authen_method = apak->authen_method;
122 author_data.authen_type = apak->authen_type;
123 author_data.service = apak->service;
124 author_data.num_in_args = apak->arg_cnt;
126 /* Space for args + NULL */
127 cmd_argp = (char **) tac_malloc(apak->arg_cnt * sizeof(char *));
129 /* p points to the start of args. Step thru them making strings */
130 for (i = 0; i < (int)apak->arg_cnt; i++) {
131 cmd_argp[i] = tac_make_string(p, *argsizep);
135 author_data.input_args = cmd_argp; /* input command arguments */
137 if (do_author(&author_data)) {
138 report(LOG_ERR, "%s: do_author returned an error", session.peer);
139 send_author_reply(AUTHOR_STATUS_ERROR,
141 author_data.admin_msg,
142 author_data.num_out_args,
143 author_data.output_args);
147 /* Send a reply packet */
148 send_author_reply(author_data.status,
150 author_data.admin_msg,
151 author_data.num_out_args,
152 author_data.output_args);
155 report(LOG_INFO, "authorization query for '%s' %s from %s %s",
156 author_data.id->username && author_data.id->username[0] ?
157 author_data.id->username : "unknown",
158 author_data.id->NAS_port && author_data.id->NAS_port[0] ?
159 author_data.id->NAS_port : "unknown",
161 (author_data.status == AUTHOR_STATUS_PASS_ADD ||
162 author_data.status == AUTHOR_STATUS_PASS_REPL) ?
163 "accepted" : "rejected");
165 /* free the input args */
166 if (author_data.input_args) {
167 for (i = 0; i < author_data.num_in_args; i++)
168 free(author_data.input_args[i]);
170 free(author_data.input_args);
171 author_data.input_args = NULL;
174 /* free the output args */
175 if (author_data.output_args) {
176 for (i=0; i < author_data.num_out_args; i++)
177 free(author_data.output_args[i]);
179 free(author_data.output_args);
180 author_data.output_args = NULL;
184 free(author_data.msg);
186 if (author_data.admin_msg)
187 free(author_data.admin_msg);
189 free(identity.username);
190 free(identity.NAS_name);
191 free(identity.NAS_port);
192 free(identity.NAC_address);