From owner-portmaster-users@garnet.msen.com Mon Aug  8 15:23:06 1994
To: portmaster-users@msen.com
From: Bruce.Jorgens@on-ramp.ior.com (Bruce T. Jorgens)
Subject: diff for radiusd.c to implement simple slip/cslip and ppp accounts
Date: Mon, 8 Aug 1994 13:51:42 
Message-ID: <Bruce.Jorgens.471.152C52AC@on-ramp.ior.com>

Hi folks,

I taunted some of you earlier with a snippet about a simple change to 
radiusd.c that allows the creation of simple basic,slip,cslip and ppp 
accounts.

At Internet On-Ramp, Inc., we create our accounts with a leading capital 
letter to signify the communications type.  'name' is the normal user 
login account for an async or telnet account.  'Sname' is a SLIP account.  
'Cname' is a compressed SLIP account.  'Pname' is a PPP account.  

We made a simple change to radiusd.c that strips off the communications mode 
specifier and pass just the username to unix for authentication.  You still 
need to add 'Sname', 'Cname', and 'Pname' to the radius users file, but now 
the user is in control of his/her password.  

This diff is for radius 1.12.  I have not looked at the newer versions of 
Radius, mostly because Livingston keeps promising to revamp authentication 
logging, but so far has not done so.  The change should migrate to newer 
versions easily enough.  

In the context of radiusd.c, the change occurs in the 'rad_authenticate' 
function just after determining that the 'users' file wishes the account to 
use 'UNIX' to validate the password.  Find the section by looking for the 
occurance of UNIX surrounded by double quotes.

704,705c704,713
< 					if(unix_pass(namepair->strvalue,
< 								string) != 0) {
---
> 					ptr = namepair->strvalue;
> 					switch(*ptr)
> 					{
> 						case 'S': /* SLIP account */
> 						case 'P': /* PPP account */
> 						case 'C': /* CSLIP account */
> 							ptr++;
> 							break;
> 					}
> 					if(unix_pass(ptr,string) != 0) {

Of course you may all make use of this if you wish.  Don't try the 
modification if you are not wanting to fully accept the responsibility of 
breaking your system.  In other words, don't blame me if your system stops 
working.  It has worked well for us, your mileage may vary.


#####  ###   ####   Bruce T. Jorgens            brucej@on-ramp.ior.com
  #   #   #  #   #  Internet On-Ramp Inc.       (509) 927-RAMP
  #   #   #  ####   E. 3724 11th
#####  ###   #   #  Spokane, WA 99202