From bamby@bamby.marka.net.ua Tue Jun 15 12:41:18 1999
Return-Path: <bamby@bamby.marka.net.ua>
Received: from bamby.marka.net.ua (office-bayda.marka.net.ua [193.193.219.245])
	by hub.freebsd.org (Postfix) with ESMTP id 6009B14ECA
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 15 Jun 1999 12:40:59 -0700 (PDT)
	(envelope-from bamby@bamby.marka.net.ua)
Received: (from bamby@localhost)
	by bamby.marka.net.ua (8.9.3/8.9.2) id WAA21466;
	Tue, 15 Jun 1999 22:38:27 +0300 (EEST)
	(envelope-from bamby)
Message-Id: <199906151938.WAA21466@bamby.marka.net.ua>
Date: Tue, 15 Jun 1999 22:38:27 +0300 (EEST)
From: bamby@marka.net.ua
Sender: bamby@bamby.marka.net.ua
Reply-To: bamby@marka.net.ua
To: FreeBSD-gnats-submit@freebsd.org
Subject: Incompletness of radius request in ppp
X-Send-Pr-Version: 3.2

>Number:         12225
>Category:       bin
>Synopsis:       incompletness of radius request in /usr/sbin/ppp
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    brian
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 15 12:50:00 PDT 1999
>Closed-Date:    Thu Sep 2 08:11:59 PDT 1999
>Last-Modified:  Thu Sep  2 08:13:17 PDT 1999
>Originator:     Andriy I Pilipenko
>Release:        FreeBSD 3.2-STABLE i386
>Organization:
Marka Ltd, Zaporizhia, Ukraine
>Environment:

/usr/sbin/ppp from FreeBSD 3.2-STABLE and Merit AAA Radius Server

>Description:

Current implementation of /usr/sbin/ppp creates malformed radius request 
with NAS identifier missing. Merit AAA Radius Server refuses to process
such a request. 

>How-To-Repeat:

Build radius package from /usr/ports/net/radius and try to run ppp with
radius authentication. ppp never receives reply and server will report
malformed request.

>Fix:

Following patch is made partially based on PAM radius module from 
FreeBSD 3.2-STABLE. Patch adds two attributes to radius request -
NAS-IP-Address (or NAS-Identifier if address is not available) and 
NAS-Port which is simply ttyslot() return value.


*** radius.c.orig	Wed May 26 21:15:40 1999
--- radius.c	Mon Jun  7 19:54:06 1999
***************
*** 41,46 ****
--- 41,48 ----
  #include <string.h>
  #include <sys/time.h>
  #include <termios.h>
+ #include <unistd.h>
+ #include <netdb.h>
  
  #include "defs.h"
  #include "log.h"
***************
*** 337,342 ****
--- 339,347 ----
  {
    struct timeval tv;
    int got;
+   char hostname[MAXHOSTNAMELEN];
+   struct hostent *hp;
+   struct in_addr hostaddr;
  
    if (!*r->cfg.file)
      return;
***************
*** 390,396 ****
--- 395,432 ----
      rad_close(r->cx.rad);
      return;
    }
+   
+   if (gethostname(hostname, sizeof hostname) != 0) {
+     log_Printf(LogERROR, "rad_put: cannot get own hostname\n");
+     rad_close(r->cx.rad);
+     return;
+   }
  
+   if ((hp = gethostbyname(hostname)) == (struct hostent *) NULL) {
+     if (rad_put_string(r->cx.rad, RAD_NAS_IDENTIFIER, hostname) != 0) {
+       log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
+                  rad_strerror(r->cx.rad));
+       rad_close(r->cx.rad);
+       return;
+     }
+   }
+   else {
+     hostaddr.s_addr = *(u_long *)hp->h_addr;
+     if (rad_put_addr(r->cx.rad, RAD_NAS_IP_ADDRESS, hostaddr) != 0) {
+       log_Printf(LogERROR, "rad_put: rad_put_string: %s\n", 
+ 		    rad_strerror(r->cx.rad));
+       rad_close(r->cx.rad);
+       return;
+     }
+   }
+   
+   if(rad_put_int(r->cx.rad, RAD_NAS_PORT, ttyslot()) != 0) {
+     log_Printf(LogERROR, "rad_put: rad_put_string: %s\n", 
+ 	    	rad_strerror(r->cx.rad));
+     rad_close(r->cx.rad);
+     return;
+   }
+   
    if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))
      radius_Process(r, got);
    else {

>Release-Note:
>Audit-Trail:

From: Brian Somers <brian@Awfulhak.org>
To: bamby@marka.net.ua
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/12225: Incompletness of radius request in ppp 
Date: Fri, 18 Jun 1999 00:30:27 +0100

 > 
 > >Number:         12225
 > >Category:       bin
 > >Synopsis:       incompletness of radius request in /usr/sbin/ppp
 [.....]
 > Current implementation of /usr/sbin/ppp creates malformed radius request 
 > with NAS identifier missing. Merit AAA Radius Server refuses to process
 > such a request. 
 
 The Merit AAA Radius Server is broken.  Ppps requests are not 
 malformed.
 
 From the rfc:
 
       An Access-Request MUST contain a User-Name attribute.  It SHOULD
       contain either a NAS-IP-Address attribute or NAS-Identifier
       attribute (or both, although that is not recommended).  It MUST
       contain either a User-Password attribute or CHAP-Password
       attribute.  It SHOULD contain a NAS-Port or NAS-Port-Type
       attribute or both unless the type of access being requested does
       not involve a port or the NAS does not distinguish among its
       ports.
 
 While I have no problem supplying the id or address, the port is a 
 bit more of a problem.  I don't really think ttyslot() is always 
 appropriate.  Ppp may not be in -direct mode, or it may have been 
 passed a link and dropped the original one (see bundle_setsid()).
 
 Maybe the best way is to add a field to ``struct device'' and have 
 tty_Create() assign that field (if p->fd == 0) while other devices 
 leave it at -1.  When it's time to send a request, ppp can pass this 
 field as the NAS-Port only if there's only one link and the field 
 != -1.
 
 Of course the ``Merit AAA Radius Server'' should be fixed, or 
 alternatively, you could use the Cistron server ;^P
 -- 
 Brian <brian@Awfulhak.org>                        <brian@FreeBSD.org>
       <http://www.Awfulhak.org>                   <brian@OpenBSD.org>
 Don't _EVER_ lose your sense of humour !          <brian@FreeBSD.org.uk>
 
 
 
Responsible-Changed-From-To: freebsd-bugs->brian 
Responsible-Changed-By: brian 
Responsible-Changed-When: Fri Jun 18 12:29:33 PDT 1999 
Responsible-Changed-Why:  
ppp's mine 

From: Andriy I Pilipenko <bamby@marka.net.ua>
To: Brian Somers <brian@Awfulhak.org>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/12225: incompletness of radius request in /usr/sbin/ppp
Date: Thu, 01 Jul 1999 21:30:28 +0300

 > From: Brian Somers <brian@Awfulhak.org>
 > To: bamby@marka.net.ua
 > Cc: FreeBSD-gnats-submit@FreeBSD.ORG
 > Subject: Re: bin/12225: Incompletness of radius request in ppp 
 > Date: Fri, 18 Jun 1999 00:30:27 +0100
 
 > > 
 > > >Number:         12225
 > > >Category:       bin
 > > >Synopsis:       incompletness of radius request in /usr/sbin/ppp
 > [.....]
 > > Current implementation of /usr/sbin/ppp creates malformed radius request 
 > > with NAS identifier missing. Merit AAA Radius Server refuses to process
 > > such a request. 
 >     
 > The Merit AAA Radius Server is broken.  Ppps requests are not 
 > malformed.
 >     
 > From the rfc:
 >      
 >       An Access-Request MUST contain a User-Name attribute.  It SHOULD
 >       contain either a NAS-IP-Address attribute or NAS-Identifier
 >       attribute (or both, although that is not recommended).  It MUST
 >       contain either a User-Password attribute or CHAP-Password
 >       attribute.  It SHOULD contain a NAS-Port or NAS-Port-Type
 >       attribute or both unless the type of access being requested does
 >       not involve a port or the NAS does not distinguish among its
 >       ports.
 >     
 > While I have no problem supplying the id or address, the port is a 
 > bit more of a problem.  I don't really think ttyslot() is always 
 > appropriate.  Ppp may not be in -direct mode, or it may have been 
 > passed a link and dropped the original one (see bundle_setsid()).
 >     
 > Maybe the best way is to add a field to ``struct device'' and have 
 > tty_Create() assign that field (if p->fd == 0) while other devices 
 > leave it at -1.  When it's time to send a request, ppp can pass this 
 > field as the NAS-Port only if there's only one link and the field 
 > != -1.
 >  
 > Of course the ``Merit AAA Radius Server'' should be fixed, or 
 > alternatively, you could use the Cistron server ;^P
 
 You are right about Merit Radius :-) But information about NAS
 and port is essential in making decision against allocating
 IP address.
 
 Here is updated patch made according to your recommendations. 
 Additional field in ``struct physical'' is not nessesary, as
 radius_Authenticate() receives struct authinfo, which contains 
 struct physical. 
 
 -- 
   Andriy I Pilipenko
   PAI1-RIPE
 
 
 *** radius.c    1999/05/02 08:59:52     1.4.2.4
 --- radius.c    1999/07/01 16:46:54
 ***************
 *** 41,46 ****
 --- 41,48 ----
   #include <string.h>
   #include <sys/time.h>
   #include <termios.h>
 + #include <unistd.h>
 + #include <netdb.h>
 
   #include "defs.h"
   #include "log.h"
 ***************
 *** 337,342 ****
 --- 339,347 ----
   {
     struct timeval tv;
     int got;
 +   char hostname[MAXHOSTNAMELEN];
 +   struct hostent *hp;
 +   struct in_addr hostaddr;
 
     if (!*r->cfg.file)
       return;
 ***************
 *** 390,396 ****
 --- 395,434 ----
       rad_close(r->cx.rad);
       return;
     }
 +
 +   if (gethostname(hostname, sizeof hostname) != 0) {
 +     log_Printf(LogERROR, "rad_put: cannot get own hostname\n");
 +     rad_close(r->cx.rad);
 +     return;
 +   }
 
 +   if ((hp = gethostbyname(hostname)) == (struct hostent *) NULL) {
 +     if (rad_put_string(r->cx.rad, RAD_NAS_IDENTIFIER, hostname) != 0)
 {
 +       log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
 +                  rad_strerror(r->cx.rad));
 +       rad_close(r->cx.rad);
 +       return;
 +     }
 +   }
 +   else {
 +     hostaddr.s_addr = *(u_long *)hp->h_addr;
 +     if (rad_put_addr(r->cx.rad, RAD_NAS_IP_ADDRESS, hostaddr) != 0) {
 +       log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
 +                   rad_strerror(r->cx.rad));
 +       rad_close(r->cx.rad);
 +       return;
 +     }
 +   }
 +
 +   if (authp->physical->fd == 0 && authp->physical->cfg.ndev ==
 NMODEMS) {
 +     if(rad_put_int(r->cx.rad, RAD_NAS_PORT, ttyslot()) != 0) {
 +       log_Printf(LogERROR, "rad_put: rad_put_string: %s\n",
 +                   rad_strerror(r->cx.rad));
 +       rad_close(r->cx.rad);
 +       return;
 +     }
 +   }
 +
     if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))
       radius_Process(r, got);
     else {
 
State-Changed-From-To: open->closed 
State-Changed-By: brian 
State-Changed-When: Thu Sep 2 08:11:59 PDT 1999 
State-Changed-Why:  
A fix has been applied to -current.  Could the originator confirm with 
silence or complain with email (I don't use the Merit server) please ? 
>Unformatted:
