Add NAS-Identifier "npppd" for RADIUS requests. Also send Accouting-On

when RADIUS accounting is configured.

usr.sbin/npppd/npppd/npppd_auth.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: npppd_auth.c,v 1.22 2021/03/29 03:54:39 yasuoka Exp $ */
+/*	$OpenBSD: npppd_auth.c,v 1.23 2024/02/26 10:42:05 yasuoka Exp $ */
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -26,7 +26,7 @@
  * SUCH DAMAGE.
  */
 /**@file authentication realm */
-/* $Id: npppd_auth.c,v 1.22 2021/03/29 03:54:39 yasuoka Exp $ */
+/* $Id: npppd_auth.c,v 1.23 2024/02/26 10:42:05 yasuoka Exp $ */
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
@@ -49,6 +49,7 @@
 #include "net_utils.h"
 
 #include "npppd_auth_local.h"
+#include "npppd_radius.h"
 
 /**
  * Create a npppd_auth_base object.
@@ -597,6 +598,11 @@ npppd_auth_radius_reload(npppd_auth_base *base, struct authconf *auth)
 	    "server%s.",
 	    nauth, (nauth > 1)? "s" : "", nacct, (nacct > 1)? "s" : "");
 
+	if (nacct > 0 && _this->rad_acct_on == 0) {
+		radius_acct_on(base->npppd, _this->rad_acct_setting);
+		_this->rad_acct_on = 1;
+	}
+
 	return 0;
 }
 

usr.sbin/npppd/npppd/npppd_auth_local.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: npppd_auth_local.h,v 1.8 2017/08/11 16:41:47 goda Exp $ */
+/*	$OpenBSD: npppd_auth_local.h,v 1.9 2024/02/26 10:42:05 yasuoka Exp $ */
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -70,6 +70,9 @@ struct _npppd_auth_radius {
 
 	/** RADIUS accounting server setting */
 	radius_req_setting *rad_acct_setting;
+
+	/** Whether RADIUS accounting-on is noticed */
+	int rad_acct_on;
 };
 #endif
 

usr.sbin/npppd/npppd/npppd_radius.c

@@ -1,4 +1,4 @@
-/* $Id: npppd_radius.c,v 1.9 2024/02/26 08:47:28 yasuoka Exp $ */
+/* $Id: npppd_radius.c,v 1.10 2024/02/26 10:42:05 yasuoka Exp $ */
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
  * All rights reserved.
@@ -62,6 +62,7 @@
 static int l2tp_put_tunnel_attributes(RADIUS_PACKET *, void *);
 static int pptp_put_tunnel_attributes(RADIUS_PACKET *, void *);
 static int radius_acct_request(npppd *, npppd_ppp *, int );
+static void radius_acct_on_cb(void *, RADIUS_PACKET *, int, RADIUS_REQUEST_CTX);
 static void npppd_ppp_radius_acct_reqcb(void *, RADIUS_PACKET *, int, RADIUS_REQUEST_CTX);
 
 /***********************************************************************
@@ -217,6 +218,9 @@ radius_acct_request(npppd *pppd, npppd_ppp *ppp, int stop)
 	ATTR_INT32(RADIUS_TYPE_NAS_PORT, ppp->id);
 	    /* npppd has no physical / virtual ports in design. */
 
+	/* RFC 2865  5.32. NAS-Identifier */
+	ATTR_STR(RADIUS_TYPE_NAS_IDENTIFIER, "npppd");
+
 	/* RFC 2865 5.31. Calling-Station-Id */
 	if (ppp->calling_number[0] != '\0')
 		ATTR_STR(RADIUS_TYPE_CALLING_STATION_ID, ppp->calling_number);
@@ -317,6 +321,54 @@ fail:
 	return -1;
 }
 
+void
+radius_acct_on(npppd *pppd, radius_req_setting *rad_setting)
+{
+	RADIUS_REQUEST_CTX radctx = NULL;
+	RADIUS_PACKET *radpkt = NULL;
+
+	if (!radius_req_setting_has_server(rad_setting))
+		return;
+	if ((radpkt = radius_new_request_packet(RADIUS_CODE_ACCOUNTING_REQUEST))
+	    == NULL)
+		goto fail;
+
+	if (radius_prepare(rad_setting, NULL, &radctx, radius_acct_on_cb) != 0)
+		goto fail;
+
+	/*
+	 * RFC 2865 "5.4.  NAS-IP-Address" or RFC 3162 "2.1. NAS-IPv6-Address"
+	 */
+	if (radius_prepare_nas_address(rad_setting, radpkt) != 0)
+		goto fail;
+
+	/* RFC 2865 "5.41. NAS-Port-Type" */
+	ATTR_INT32(RADIUS_TYPE_NAS_PORT_TYPE, RADIUS_NAS_PORT_TYPE_VIRTUAL);
+
+	/* RFC 2866  5.1. Acct-Status-Type */
+	ATTR_INT32(RADIUS_TYPE_ACCT_STATUS_TYPE, RADIUS_ACCT_STATUS_TYPE_ACCT_ON);
+	/* RFC 2865  5.32. NAS-Identifier */
+	ATTR_STR(RADIUS_TYPE_NAS_IDENTIFIER, "npppd");
+
+	/* Send the request */
+	radius_request(radctx, radpkt);
+
+	return;
+ fail:
+	if (radctx != NULL)
+		radius_cancel_request(radctx);
+	if (radpkt != NULL)
+		radius_delete_packet(radpkt);
+}
+
+static void
+radius_acct_on_cb(void *context, RADIUS_PACKET *pkt, int flags,
+    RADIUS_REQUEST_CTX ctx)
+{
+	if ((flags & (RADIUS_REQUEST_TIMEOUT | RADIUS_REQUEST_ERROR)) != 0)
+		radius_request_failover(ctx);
+}
+
 #ifdef USE_NPPPD_PPTP
 #include "pptp.h"
 #endif

usr.sbin/npppd/npppd/npppd_radius.h

@@ -9,6 +9,7 @@ void  ppp_proccess_radius_framed_ip (npppd_ppp *, RADIUS_PACKET *);
 int   ppp_set_radius_attrs_for_authreq (npppd_ppp *, radius_req_setting *, RADIUS_PACKET *);
 void  npppd_ppp_radius_acct_start (npppd *, npppd_ppp *);
 void  npppd_ppp_radius_acct_stop (npppd *, npppd_ppp *);
+void  radius_acct_on(npppd *, radius_req_setting *);
 
 #ifdef __cplusplus
 }

usr.sbin/npppd/npppd/ppp.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ppp.c,v 1.30 2021/03/29 03:54:39 yasuoka Exp $ */
+/*	$OpenBSD: ppp.c,v 1.31 2024/02/26 10:42:05 yasuoka Exp $ */
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
-/* $Id: ppp.c,v 1.30 2021/03/29 03:54:39 yasuoka Exp $ */
+/* $Id: ppp.c,v 1.31 2024/02/26 10:42:05 yasuoka Exp $ */
 /**@file
  * This file provides PPP(Point-to-Point Protocol, RFC 1661) and
  * {@link :: _npppd_ppp PPP instance} related functions.
@@ -1094,6 +1094,11 @@ ppp_set_radius_attrs_for_authreq(npppd_ppp *_this,
 	if (radius_prepare_nas_address(rad_setting, radpkt) != 0)
 		goto fail;
 
+	/* RFC 2865  5.32. NAS-Identifier */
+	if (radius_put_string_attr(radpkt, RADIUS_TYPE_NAS_IDENTIFIER, "npppd")
+	    != 0)
+		goto fail;
+
 	/* RFC 2865 "5.6. Service-Type" */
 	if (radius_put_uint32_attr(radpkt, RADIUS_TYPE_SERVICE_TYPE,
 	    RADIUS_SERVICE_TYPE_FRAMED) != 0)