# RADIUS support

CFLAGS+=-DRADIUS

SRCS+=rad_dict.c rad_funcs.c rad_md5.c rad_regexp.c rad_sendserver.c rad_users.c rad_util.c pppradius.c

#ifdef RADIUS

#include "radius.h"

#endif

    if (reqradius)

	rad_acct_stop(RADIUS_name);

    syslog(LOG_DAEMON, "Authentication phase began");

	syslog(LOG_DAEMON, "Authentication with PAP");

	syslog(LOG_DAEMON, "Authntication finished");

    } else {

	syslog(LOG_DAEMON, "Stop network growth!");

    }

	syslog(LOG_DAEMON, "after path_authup");

    /* here will be radius login */

#ifdef RADIUS

    if (ret == UPAP_AUTHNAK && reqradius)

	if (rad_auth(user, passwd) == OK_RC)

		if (rad_acct_start(user) == OK_RC)

			ret = UPAP_AUTHACK;

#endif

#ifndef CONF_H

#define CONF_H

/*

 *

 *	RADIUS

 *	Remote Authentication Dial In User Service

 *

 *

 *	Livingston Enterprises, Inc.

 *	6920 Koll Center Parkway

 *	Pleasanton, CA   94566

 *

 *	Copyright 1992 Livingston Enterprises, Inc.

 *

 *	Permission to use, copy, modify, and distribute this software for any

 *	purpose and without fee is hereby granted, provided that this

 *	copyright and permission notice appear on all copies and supporting

 *	documentation, the name of Livingston Enterprises, Inc. not be used

 *	in advertising or publicity pertaining to distribution of the

 *	program without specific prior permission, and notice be given

 *	in supporting documentation that copying and distribution is by

 *	permission of Livingston Enterprises, Inc.

 *

 *	Livingston Enterprises, Inc. makes no representations about

 *	the suitability of this software for any purpose.  It is

 *	provided "as is" without express or implied warranty.

 *

 */

/*

 *	@(#)conf.h	0.1 10/11/94

 */

#define	RADIUS_VERSION		" 2.4.23C " /* MUST be surrounded by spaces */

#if defined(__alpha)

typedef unsigned int UINT4;

typedef int INT4;

#else	/* defined(alpha) */

typedef unsigned long UINT4;

typedef long INT4;

#endif	/* defined(alpha) */

#if defined(unixware) || defined(sys5) || defined(M_UNIX) || defined(sun)

#include	<string.h>

#else	/* unixware */

#include	<strings.h>

#endif	/* unixware */

#if defined(bsdi)

#include	<machine/inline.h>

#include	<machine/endian.h>

#else	/* bsdi */

#ifndef	__FreeBSD__

#include	<malloc.h>

#endif	/* __FreeBSD__ */

#endif	/* bsdi */

/* #ifdef SYSV this is needed even on SunOS 4.1.3 */

#include	<pwd.h>

/* #endif XXX SYSV */

#if defined(aix)

#include	<sys/select.h>

#endif	/* aix */

#if defined(__hpux)

#include	<unistd.h>

#endif	/* __hpux */

#ifdef	USE_NDBM

#include	<ndbm.h>

#include	<fcntl.h>

#endif	/* USE_NDBM */

#if defined(USE_DBM)

#include	<dbm.h>

#if defined(sun)

#define NULL 0

#endif	/* sun */

#if defined(__sgi)

#ifdef dbm_error64

#define store store64

#define dbminit dbminit64

#define dbmclose dbmclose64

#endif	/* dbm_error64 */

#endif	/* __sgi */

#endif	/* USE_DBM */

#if defined(linux)

#include	<unistd.h>

#define MIN(a, b)      ((a) < (b) ? (a) : (b))

#define MAX(a, b)      ((a) > (b) ? (a) : (b))

#endif	/* linux */

#endif /* CONF_H */

/*

** ********************************************************************

** md4.c -- Implementation of MD4 Message Digest Algorithm           **

** Updated: 2/16/90 by Ronald L. Rivest                              **

** (C) 1990 RSA Data Security, Inc.                                  **

** ********************************************************************

*/

/*

** To use MD4:

**   -- Include md4.h in your program

**   -- Declare an MDstruct MD to hold the state of the digest

**          computation.

**   -- Initialize MD using MDbegin(&MD)

**   -- For each full block (64 bytes) X you wish to process, call

**          MD4Update(&MD,X,512)

**      (512 is the number of bits in a full block.)

**   -- For the last block (less than 64 bytes) you wish to process,

**          MD4Update(&MD,X,n)

**      where n is the number of bits in the partial block. A partial

**      block terminates the computation, so every MD computation

**      should terminate by processing a partial block, even if it

**      has n = 0.

**   -- The message digest is available in MD.buffer[0] ...

**      MD.buffer[3].  (Least-significant byte of each word

**      should be output first.)

**   -- You can print out the digest using MDprint(&MD)

*/

/* Implementation notes:

** This implementation assumes that ints are 32-bit quantities.

*/

#define TRUE  1

#define FALSE 0

/* Compile-time includes

*/

#include <stdio.h>

#include "md4.h"

#include "pppd.h"

/* Compile-time declarations of MD4 "magic constants".

*/

#define I0  0x67452301       /* Initial values for MD buffer */

#define I1  0xefcdab89

#define I2  0x98badcfe

#define I3  0x10325476

#define C2  013240474631     /* round 2 constant = sqrt(2) in octal */

#define C3  015666365641     /* round 3 constant = sqrt(3) in octal */

/* C2 and C3 are from Knuth, The Art of Programming, Volume 2

** (Seminumerical Algorithms), Second Edition (1981), Addison-Wesley.

** Table 2, page 660.

*/

#define fs1  3               /* round 1 shift amounts */

#define fs2  7

#define fs3 11

#define fs4 19

#define gs1  3               /* round 2 shift amounts */

#define gs2  5

#define gs3  9

#define gs4 13

#define hs1  3               /* round 3 shift amounts */

#define hs2  9

#define hs3 11

#define hs4 15

/* Compile-time macro declarations for MD4.

** Note: The "rot" operator uses the variable "tmp".

** It assumes tmp is declared as unsigned int, so that the >>

** operator will shift in zeros rather than extending the sign bit.

*/

#define f(X,Y,Z)             ((X&Y) | ((~X)&Z))

#define g(X,Y,Z)             ((X&Y) | (X&Z) | (Y&Z))

#define h(X,Y,Z)             (X^Y^Z)

#define rot(X,S)             (tmp=X,(tmp<<S) | (tmp>>(32-S)))

#define ff(A,B,C,D,i,s)      A = rot((A + f(B,C,D) + X[i]),s)

#define gg(A,B,C,D,i,s)      A = rot((A + g(B,C,D) + X[i] + C2),s)

#define hh(A,B,C,D,i,s)      A = rot((A + h(B,C,D) + X[i] + C3),s)

/* MD4print(MDp)

** Print message digest buffer MDp as 32 hexadecimal digits.

** Order is from low-order byte of buffer[0] to high-order byte of

** buffer[3].

** Each byte is printed with high-order hexadecimal digit first.

** This is a user-callable routine.

*/

void

MD4Print(MDp)

MD4_CTX *MDp;

{

  int i,j;

  for (i=0;i<4;i++)

    for (j=0;j<32;j=j+8)

      printf("%02x",(MDp->buffer[i]>>j) & 0xFF);

}

/* MD4Init(MDp)

** Initialize message digest buffer MDp.

** This is a user-callable routine.

*/

void

MD4Init(MDp)

MD4_CTX *MDp;

{

  int i;

  MDp->buffer[0] = I0;

  MDp->buffer[1] = I1;

  MDp->buffer[2] = I2;

  MDp->buffer[3] = I3;

  for (i=0;i<8;i++) MDp->count[i] = 0;

  MDp->done = 0;

}

/* MDblock(MDp,X)

** Update message digest buffer MDp->buffer using 16-word data block X.

** Assumes all 16 words of X are full of data.

** Does not update MDp->count.

** This routine is not user-callable.

*/

static void

MDblock(MDp,Xb)

MD4_CTX *MDp;

unsigned char *Xb;

{

  register unsigned int tmp, A, B, C, D;

  unsigned int X[16];

  int i;

  for (i = 0; i < 16; ++i) {

    X[i] = Xb[0] + (Xb[1] << 8) + (Xb[2] << 16) + (Xb[3] << 24);

    Xb += 4;

  }

  A = MDp->buffer[0];

  B = MDp->buffer[1];

  C = MDp->buffer[2];

  D = MDp->buffer[3];

  /* Update the message digest buffer */

  ff(A , B , C , D ,  0 , fs1); /* Round 1 */

  ff(D , A , B , C ,  1 , fs2);

  ff(C , D , A , B ,  2 , fs3);

  ff(B , C , D , A ,  3 , fs4);

  ff(A , B , C , D ,  4 , fs1);

  ff(D , A , B , C ,  5 , fs2);

  ff(C , D , A , B ,  6 , fs3);

  ff(B , C , D , A ,  7 , fs4);

  ff(A , B , C , D ,  8 , fs1);

  ff(D , A , B , C ,  9 , fs2);

  ff(C , D , A , B , 10 , fs3);

  ff(B , C , D , A , 11 , fs4);

  ff(A , B , C , D , 12 , fs1);

  ff(D , A , B , C , 13 , fs2);

  ff(C , D , A , B , 14 , fs3);

  ff(B , C , D , A , 15 , fs4);

  gg(A , B , C , D ,  0 , gs1); /* Round 2 */

  gg(D , A , B , C ,  4 , gs2);

  gg(C , D , A , B ,  8 , gs3);

  gg(B , C , D , A , 12 , gs4);

  gg(A , B , C , D ,  1 , gs1);

  gg(D , A , B , C ,  5 , gs2);

  gg(C , D , A , B ,  9 , gs3);

  gg(B , C , D , A , 13 , gs4);

  gg(A , B , C , D ,  2 , gs1);

  gg(D , A , B , C ,  6 , gs2);

  gg(C , D , A , B , 10 , gs3);

  gg(B , C , D , A , 14 , gs4);

  gg(A , B , C , D ,  3 , gs1);

  gg(D , A , B , C ,  7 , gs2);

  gg(C , D , A , B , 11 , gs3);

  gg(B , C , D , A , 15 , gs4);

  hh(A , B , C , D ,  0 , hs1); /* Round 3 */

  hh(D , A , B , C ,  8 , hs2);

  hh(C , D , A , B ,  4 , hs3);

  hh(B , C , D , A , 12 , hs4);

  hh(A , B , C , D ,  2 , hs1);

  hh(D , A , B , C , 10 , hs2);

  hh(C , D , A , B ,  6 , hs3);

  hh(B , C , D , A , 14 , hs4);

  hh(A , B , C , D ,  1 , hs1);

  hh(D , A , B , C ,  9 , hs2);

  hh(C , D , A , B ,  5 , hs3);

  hh(B , C , D , A , 13 , hs4);

  hh(A , B , C , D ,  3 , hs1);

  hh(D , A , B , C , 11 , hs2);

  hh(C , D , A , B ,  7 , hs3);

  hh(B , C , D , A , 15 , hs4);

  MDp->buffer[0] += A;

  MDp->buffer[1] += B;

  MDp->buffer[2] += C;

  MDp->buffer[3] += D;

}

/* MD4Update(MDp,X,count)

** Input: X -- a pointer to an array of unsigned characters.

**        count -- the number of bits of X to use.

**          (if not a multiple of 8, uses high bits of last byte.)

** Update MDp using the number of bits of X given by count.

** This is the basic input routine for an MD4 user.

** The routine completes the MD computation when count < 512, so

** every MD computation should end with one call to MD4Update with a

** count less than 512.  A call with count 0 will be ignored if the

** MD has already been terminated (done != 0), so an extra call with

** count 0 can be given as a "courtesy close" to force termination

** if desired.

*/

void

MD4Update(MDp,X,count)

MD4_CTX *MDp;

unsigned char *X;

unsigned int count;

{

  unsigned int i, tmp, bit, byte, mask;

  unsigned char XX[64];

  unsigned char *p;

  /* return with no error if this is a courtesy close with count

  ** zero and MDp->done is true.

  */

  if (count == 0 && MDp->done) return;

  /* check to see if MD is already done and report error */

  if (MDp->done)

  { printf("\nError: MD4Update MD already done."); return; }

  /* Add count to MDp->count */

  tmp = count;

  p = MDp->count;

  while (tmp)

  { tmp += *p;

  *p++ = tmp;

  tmp = tmp >> 8;

  }

  /* Process data */

  if (count == 512)

  { /* Full block of data to handle */

    MDblock(MDp,X);

  }

  else if (count > 512) /* Check for count too large */

  {

    printf("\nError: MD4Update called with illegal count value %d.",

	   count);

    return;

  }

  else /* partial block -- must be last block so finish up */

  {

    /* Find out how many bytes and residual bits there are */

    byte = count >> 3;

    bit =  count & 7;

    /* Copy X into XX since we need to modify it */

    for (i=0;i<=byte;i++)   XX[i] = X[i];

    for (i=byte+1;i<64;i++) XX[i] = 0;

    /* Add padding '1' bit and low-order zeros in last byte */

    mask = 1 << (7 - bit);

    XX[byte] = (XX[byte] | mask) & ~( mask - 1);

    /* If room for bit count, finish up with this block */

    if (byte <= 55)

    {

      for (i=0;i<8;i++) XX[56+i] = MDp->count[i];

      MDblock(MDp,XX);

    }

    else /* need to do two blocks to finish up */

    {

      MDblock(MDp,XX);

      for (i=0;i<56;i++) XX[i] = 0;

      for (i=0;i<8;i++)  XX[56+i] = MDp->count[i];

      MDblock(MDp,XX);

    }

    /* Set flag saying we're done with MD computation */

    MDp->done = 1;

  }

}

/*

** Finish up MD4 computation and return message digest.

*/

void

MD4Final(buf, MD)

unsigned char *buf;

MD4_CTX *MD;

{

  int i, j;

  unsigned int w;

  MD4Update(MD, NULL, 0);

  for (i = 0; i < 4; ++i) {

    w = MD->buffer[i];

    for (j = 0; j < 4; ++j) {

      *buf++ = w;

      w >>= 8;

    }

  }

}

/*

** End of md4.c

****************************(cut)***********************************/

/*

** ********************************************************************

** md4.h -- Header file for implementation of                        **

** MD4 Message Digest Algorithm                                      **

** Updated: 2/13/90 by Ronald L. Rivest                              **

** (C) 1990 RSA Data Security, Inc.                                  **

** ********************************************************************

*/

#ifndef __P

# if defined(__STDC__) || defined(__GNUC__)

#  define __P(x) x

# else

#  define __P(x) ()

# endif

#endif

/* MDstruct is the data structure for a message digest computation.

*/

typedef struct {

	unsigned int buffer[4]; /* Holds 4-word result of MD computation */

	unsigned char count[8]; /* Number of bits processed so far */

	unsigned int done;      /* Nonzero means MD computation finished */

} MD4_CTX;

/* MD4Init(MD4_CTX *)

** Initialize the MD4_CTX prepatory to doing a message digest

** computation.

*/

extern void MD4Init __P((MD4_CTX *MD));

/* MD4Update(MD,X,count)

** Input: X -- a pointer to an array of unsigned characters.

**        count -- the number of bits of X to use (an unsigned int).

** Updates MD using the first "count" bits of X.

** The array pointed to by X is not modified.

** If count is not a multiple of 8, MD4Update uses high bits of

** last byte.

** This is the basic input routine for a user.

** The routine terminates the MD computation when count < 512, so

** every MD computation should end with one call to MD4Update with a

** count less than 512.  Zero is OK for a count.

*/

extern void MD4Update __P((MD4_CTX *MD, unsigned char *X, unsigned int count));

/* MD4Print(MD)

** Prints message digest buffer MD as 32 hexadecimal digits.

** Order is from low-order byte of buffer[0] to high-order byte

** of buffer[3].

** Each byte is printed with high-order hexadecimal digit first.

*/

extern void MD4Print __P((MD4_CTX *));

/* MD4Final(buf, MD)

** Returns message digest from MD and terminates the message

** digest computation.

*/

extern void MD4Final __P((unsigned char *, MD4_CTX *));

/*

** End of md4.h

****************************(cut)***********************************/

/* GLOBAL.H - RSAREF types and constants

 */

/* PROTOTYPES should be set to one if and only if the compiler supports

  function argument prototyping.

  The following makes PROTOTYPES default to 0 if it has not already

  been defined with C compiler flags.

 */

#ifndef PROTOTYPES

#define PROTOTYPES 0

#endif

/* POINTER defines a generic pointer type */

typedef unsigned char *POINTER;

/* UINT2 defines a two byte word */

typedef unsigned short int UINT2;

/* UINT4 defines a four byte word */

#if defined(__alpha)

typedef unsigned int UINT4;

#else

typedef unsigned long int UINT4;

#endif

/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.

   If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it

  returns an empty list.

 */

#if PROTOTYPES

#define PROTO_LIST(list) list

#else

#define PROTO_LIST(list) ()

#endif

/* MD5.H - header file for MD5C.C

 */

/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All

rights reserved.

License to copy and use this software is granted provided that it

is identified as the "RSA Data Security, Inc. MD5 Message-Digest

Algorithm" in all material mentioning or referencing this software

or this function.

License is also granted to make and use derivative works provided

that such works are identified as "derived from the RSA Data

Security, Inc. MD5 Message-Digest Algorithm" in all material

mentioning or referencing the derived work.

RSA Data Security, Inc. makes no representations concerning either

the merchantability of this software or the suitability of this

software for any particular purpose. It is provided "as is"

without express or implied warranty of any kind.

These notices must be retained in any copies of any part of this

documentation and/or software.

 */

/* MD5 context. */

typedef struct

{

	UINT4           state[4];  /* state (ABCD) */

	UINT4           count[2];  /* number of bits, modulo 2^64 (lsb first) */

	unsigned char   buffer[64]; /* input buffer */

} MD5_CTX;

void MD5Init    PROTO_LIST ((MD5_CTX *));

void MD5Update  PROTO_LIST ((MD5_CTX *, unsigned char *, unsigned int));

void MD5Final   PROTO_LIST ((unsigned char[16], MD5_CTX *));

#ifdef RADIUS

#include "radius.h"

#endif

int reqradius;

static int radiusauth __P((char **));

    {"radius", 0, radiusauth},  /* Require authentication on RADIUS server */

}

/*

 * radiusauth - Sets reqradius variable to authenticate thru radius server

 */

static int

radiusauth(argv)

	char **argv;

{

	reqradius = 1;

	return 1;

#%PAM-1.0

# Information for the PPPD process with the 'login' option.

auth	required	/lib/security/pam_pwdb.so shadow nullok

auth	required	/lib/security/pam_nologin.so

account	required	/lib/security/pam_permit.so

session	required	/lib/security/pam_permit.so

#include	<sys/types.h>

#include	<sys/socket.h>

#include	<sys/param.h>

#include	<netinet/in.h>

#include	<sys/time.h>

#include	<sys/signal.h>

#include	<sys/termios.h>

#ifdef	SVR4

#include	<sys/systeminfo.h>

#endif	/* SVR4 */

#include	<netdb.h>

#include	<pwd.h>

#include	<stdio.h>

#include	<stdlib.h>

#include	<time.h>

#include	<unistd.h>

#include	"radius.h"

#ifndef RESPONSE_TIMEOUT

#define RESPONSE_TIMEOUT 3

#endif

#ifndef MAX_RETRIES

#define MAX_RETRIES	10

#endif

char            recv_buffer[4096];

char            send_buffer[4096];

char            ourhostname[MAXHOSTNAMELEN];

char           *progname;

char           *radius_dir;

int             debug_flag = 0;

int             dumpcore = 0;

int             file_logging = 2;   /* 0 => syslog, 1 => logfile, 2 => stderr */

int             zap_logfile = 0;

int             authfile_cnt = 0;

int             clients_cnt = 0;

int             users_cnt = 0;

time_t          birthdate;

AATVPTR		rad_authen_aatv = (AATV *) NULL;

AATVPTR         rad_ipc_aatv = (AATV *) NULL;

AATV           *authtype_tv[PW_AUTH_MAX + 1];

FILE           *ddt = NULL;

FILE           *msgfd = stderr;

extern void     dir_init();

static void     radpwtst_usage ();

typedef struct string_list_struct

{

	struct string_list_struct *next;

	char                      *str;

}string_list;

int	RADIUS_port;

int	RADIUS_asi;

int	RADIUS_data;

time_t	RADIUS_bt;

time_t	RADIUS_et;

char	*RADIUS_name;

int rad_auth(char *name, char *password)

{

	int		result;

	int		retries;

	int		new_old;

	char		*client_name = (char *)NULL;

	char		*clear_pw = (char *)NULL;

	string_list	*vplist = NULL;

	string_list	**vpnext = &vplist;

	char		msg[4096];

	char		passwd[AUTH_PASS_LEN + 1];

	SEND_DATA	data;

	int		send_server();

	syslog(LOG_DAEMON, "Trying to authenticate: %s with password: %s\n", name, password);

	data.code = PW_ACCESS_REQUEST;

	data.svc_port = 1645;

	data.server = "ns.link-ul.ru";

	radius_dir = "/var/adm/raddb";

	data.timeout = RESPONSE_TIMEOUT;

	data.user_file = (char *)NULL;

	data.group = (char *)NULL;

	data.send_pairs = (VALUE_PAIR *)NULL;

	retries = MAX_RETRIES;

	new_old = 0;

	data.ustype=PW_FRAMED;

	data.fptype=PW_PPP;

	data.port_num = RADIUS_port;

	*vpnext = (string_list *)malloc(sizeof(string_list));

	(*vpnext)->str = "NAS-Port-Type=0";

	(*vpnext)->next = (string_list *)NULL;

	vpnext = &((*vpnext)->next);

	data.user_name = name;

	data.password = password;

	dir_init();

	if (dict_init() != 0) {

		fprintf(stderr, "Missing directory in /var/adm/raddb\n");

		exit(-1);

	}

	for ( ; vplist ; vplist = vplist->next) {

		if (pair_parse (vplist->str, &data.send_pairs) != 0) {

			fprintf (stderr,

				"%s: Invalid attribute-value pair, '%s'\n",

				 progname, vplist->str);

			exit(-1);

		}

	}

	data.seq_nbr = RADIUS_data = (u_char) rand();

	if (gethostname(ourhostname, sizeof(ourhostname)) < 0) {

		perror("gethostname");

		exit(-1);

	}

	if (client_name == (char *)NULL) {

		if ((data.client_id = get_ipaddr(ourhostname)) == 0) {

			printf("Couldn't get own IP address!\n");

			data.client_id = 0;

		}

	} else

		data.client_id = get_ipaddr(client_name);

	if ((data.user_file != (char *)NULL)&&(data.group == (char *)NULL))

		data.group = "DEFAULT";

	msg[0] = '\0';

	result = send_server(&data, &retries, msg);

	if (result == OK_RC) { 

		printf("\"%s\" authentication OK", data.user_name);

		RADIUS_name = (char *)malloc(strlen(data.user_name)+1);

		strcpy(RADIUS_name, data.user_name);

	} else {

		printf("\"%s\" authentication failed", data.user_name);

		if (result != BADRESP_RC)

			printf("(RC=%i)", result);

	}

	if (msg[0])

		printf(": %s", msg);

	putchar('\n');

	return (result);

}

int rad_acct_start(char *name)

{

	int		result;

	int		retries;

	int		new_old;

	char		*client_name = (char *)NULL;

	char		*clear_pw = (char *)NULL;

	string_list	*vplist = NULL;

	string_list	**vpnext = &vplist;

	char		msg[4096];

	char		passwd[AUTH_PASS_LEN + 1];

	SEND_DATA	data;

	int		send_server();

	char		*str;

	data.code = PW_ACCOUNTING_REQUEST;

	data.svc_port = 1646;

	data.server = "ns.link-ul.ru";

	radius_dir = "/var/adm/raddb";

	data.timeout = RESPONSE_TIMEOUT;

	data.user_file = (char *)NULL;

	data.group = (char *)NULL;

	data.send_pairs = (VALUE_PAIR *)NULL;

	retries = MAX_RETRIES;

	new_old = 0;

	data.ustype = PW_FRAMED;

	data.fptype = PW_PPP;

	data.port_num = RADIUS_port;

	data.user_name = name;

	data.password = "";

	if (pair_parse("NAS-Port-Type=0", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute-value pair\n");

		exit(-1);

	}

	if (pair_parse("Acct-Status-Type=1", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-status-type\n");

		exit(-1);

	}

	if (pair_parse("Acct-Authentic=3", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-authentic\n");

		exit(-1);

	}

	if (pair_parse("Acct-Delay-Time=0", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-delay-time\n");

		exit(-1);

	}

	str = (char *)malloc(128);

	RADIUS_asi = rand();

	sprintf(str, "Acct-Session-Id=%x", RADIUS_asi);

	if (pair_parse(str, &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-session-id\n");

		exit(-1);

	}

	dir_init();

	if (dict_init() != 0) {

		fprintf(stderr, "Missing directory in /var/adm/raddb\n");

		exit(-1);

	}

	data.seq_nbr = (++RADIUS_data);

	if (gethostname(ourhostname, sizeof(ourhostname)) < 0) {

		perror("gethostname");

		exit(-1);

	}

	if (client_name == (char *)NULL) {

		if ((data.client_id = get_ipaddr(ourhostname)) == 0) {

			printf("Couldn't get own IP address!\n");

			data.client_id = 0;

		}

	} else

		data.client_id = get_ipaddr(client_name);

	if ((data.user_file != (char *)NULL)&&(data.group == (char *)NULL))

		data.group = "DEFAULT";

	msg[0] = '\0';

	result = send_server(&data, &retries, msg);

	if (result == OK_RC) 

		printf("\"%s\" accounting start OK", data.user_name);

	else {

		printf("\"%s\" accounting start failed", data.user_name);

		if (result != BADRESP_RC)

			printf("(RC=%i)", result);

	}

	if (msg[0])

		printf(": %s", msg);

	putchar('\n');

	RADIUS_bt = time(NULL);

	return (result);

}

int rad_acct_stop(char *name)

{

	int		result;

	int		retries;

	int		new_old;

	char		*client_name = (char *)NULL;

	char		*clear_pw = (char *)NULL;

	string_list	*vplist = NULL;

	string_list	**vpnext = &vplist;

	char		msg[4096];

	char		passwd[AUTH_PASS_LEN + 1];

	SEND_DATA	data;

	int		send_server();

	char		*str;

	data.code = PW_ACCOUNTING_REQUEST;

	data.svc_port = 1646;

	data.server = "ns.link-ul.ru";

	radius_dir = "/var/adm/raddb";

	data.timeout = RESPONSE_TIMEOUT;

	data.user_file = (char *)NULL;

	data.group = (char *)NULL;

	data.send_pairs = (VALUE_PAIR *)NULL;

	retries = MAX_RETRIES;

	new_old = 0;

	data.ustype = PW_FRAMED;

	data.fptype = PW_PPP;

	data.port_num = RADIUS_port;

	data.user_name = name;

	data.password = "";

	if (pair_parse("NAS-Port-Type=0", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute-value pair\n");

		exit(-1);

	}

	if (pair_parse("Acct-Status-Type=2", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-status-type\n");

		exit(-1);

	}

	if (pair_parse("Acct-Authentic=3", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-authentic\n");

		exit(-1);

	}

	if (pair_parse("Acct-Delay-Time=0", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-delay-time\n");

		exit(-1);

	}

	if (pair_parse("Acct-Output-Octets=0", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-output-octets\n");

		exit(-1);

	}

	if (pair_parse("Acct-Input-Octets=0", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-inpute-octets\n");

		exit(-1);

	}

	if (pair_parse("Acct-Input-Packets=0", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute aÓÓt-inpute-packets\n");

		exit(-1);

	}

	if (pair_parse("Acct-Output-Packets=0", &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-output-packets\n");

		exit(-1);

	}

	str = (char *)malloc(128);

	sprintf(str,"Acct-Session-Id=%x", RADIUS_asi);

	if (pair_parse(str, &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-session-id\n");

		exit(-1);

	}

	RADIUS_et = time(NULL);

	sprintf(str,"Acct-Session-Time=%ld",RADIUS_et-RADIUS_bt);

	if (pair_parse(str, &data.send_pairs) != 0) {

		fprintf(stderr, "Invalid attribute acct-session-time\n");

		exit(-1);

	}

	dir_init();

	if (dict_init() != 0) {

		fprintf(stderr, "Missing directory in /var/adm/raddb\n");

		exit(-1);

	}

	data.seq_nbr = (++RADIUS_data);

	if (gethostname(ourhostname, sizeof(ourhostname)) < 0) {

		perror("gethostname");

		exit(-1);

	}

	if (client_name == (char *)NULL) {

		if ((data.client_id = get_ipaddr(ourhostname)) == 0) {

			printf("Couldn't get own IP address!\n");

			data.client_id = 0;

		}

	} else

		data.client_id = get_ipaddr(client_name);

	if ((data.user_file != (char *)NULL)&&(data.group == (char *)NULL))

		data.group = "DEFAULT";

	msg[0] = '\0';

	result = send_server(&data, &retries, msg);

	if (result == OK_RC) 

		printf("\"%s\" accounting stop OK", data.user_name);

	else {

		printf("\"%s\" accounting stop failed", data.user_name);

		if (result != BADRESP_RC)

			printf("(RC=%i)", result);

	}

	if (msg[0])

		printf(": %s", msg);

	putchar('\n');

	return (result);

}

#if 0

int main (int argc, char *argv[])

{

	progname = *argv;

	srand(time(0));

	RADIUS_port = rand();

	if (argc != 3)

		radpwtst_usage();

	if (authenticate(argv[1], argv[2]) != OK_RC)

		exit(-1);

	if (accounting_start(argv[1]) != OK_RC)

		exit(-1);

	printf("Press any key to finish\n");

	getchar();

	if (accounting_stop(argv[1]) != OK_RC)

		exit(-1);

} /* end of main () */

static void

radpwtst_usage ()

{

	printf ("Usage: %s username password\n", progname);

	exit (-1);

} /* end of radpwtst_usage () */

#endif

/*

 *

 *	RADIUS

 *	Remote Authentication Dial In User Service

 *

 *

 *	Livingston Enterprises, Inc.

 *	6920 Koll Center Parkway

 *	Pleasanton, CA   94566

 *

 *	Copyright 1992 Livingston Enterprises, Inc.

 *

 *	Permission to use, copy, modify, and distribute this software for any

 *	purpose and without fee is hereby granted, provided that this

 *	copyright and permission notice appear on all copies and supporting

 *	documentation, the name of Livingston Enterprises, Inc. not be used

 *	in advertising or publicity pertaining to distribution of the

 *	program without specific prior permission, and notice be given

 *	in supporting documentation that copying and distribution is by

 *	permission of Livingston Enterprises, Inc.

 *

 *	Livingston Enterprises, Inc. makes no representations about

 *	the suitability of this software for any purpose.  It is

 *	provided "as is" without express or implied warranty.

 *

 * Public entry points in this file:

 *

 * dict_attrfind

 * dict_attrget

 * dict_init

 * dict_valfind

 * dict_valget

 *

 */

static char     sccsid[] =

		"@(#)dict.c 1.2 Copyright 1992 Livingston Enterprises Inc";

static char     rcsid[] = "$Id: dict.c,v 1.9 1996/05/17 14:19:03 web Exp $";

#include	<stdio.h>

#include	<stdlib.h>

#include	<time.h>

#include	<sys/types.h>

#include	<ctype.h>

#include	<netinet/in.h>

#include	<syslog.h>

#include	"radius.h"

extern int      debug_flag;

extern char    *radius_dir;

static DICT_ATTR *dictionary_attributes;

static DICT_VALUE *dictionary_values;

/*************************************************************************

 *

 *	Function: dict_init

 *

 *	Purpose: Initialize the dictionary.  Read all ATTRIBUTES into

 *		 the dictionary_attributes list.  Read all VALUES into

 *		 the dictionary_values list.

 *

 *************************************************************************/

int

dict_init ()

{

	FILE           *dictfd;

	char            dummystr[AUTH_ID_LEN];

	char            namestr[AUTH_ID_LEN];

	char            valstr[AUTH_ID_LEN];

	char            attrstr[AUTH_ID_LEN];

	char            typestr[AUTH_ID_LEN];

	int             line_no;

	DICT_ATTR      *attr;

	DICT_VALUE     *dval;

	char            buffer[256];

	int             value;

	int             type;

	static char    *func = "dict_init";

	dprintf(2, (LOG_AUTH, LOG_DEBUG, "%s: entered", func));

	sprintf (buffer, "%s/%s", radius_dir, RADIUS_DICTIONARY);

	if ((dictfd = fopen (buffer, "r")) == (FILE *) NULL)

	{

		fprintf (stderr, "%s: Couldn't open dictionary: %s\n",

			 func, buffer);

		return (-1);

	}

	line_no = 0;

	while (fgets (buffer, sizeof (buffer), dictfd) != (char *) NULL)

	{

		line_no++;

		/* Skip empty space */

		if (*buffer == '#' || *buffer == '\0' || *buffer == '\n')

		{

			continue;

		}

		if (strncmp (buffer, "ATTRIBUTE", 9) == 0)

		{

			/* Read the ATTRIBUTE line */

			if (sscanf (buffer, "%s%s%s%s", dummystr, namestr,

				    valstr, typestr) != 4)

			{

				fprintf (stderr,

			    "%s: Invalid attribute on line %d of dictionary\n",

					 func, line_no);

				return (-1);

			}

			/*

			 * Validate all entries

			 */

			if (strlen (namestr) > NAME_LENGTH)

			{

				fprintf (stderr,

			   "%s: Invalid name length on line %d of dictionary\n",

					 func, line_no);

				return (-1);

			}

			if (!isdigit (*valstr))

			{

				fprintf (stderr,

				 "%s: Invalid value on line %d of dictionary\n",

					 func, line_no);

				return (-1);

			}

			value = atoi (valstr);

			if (strcmp (typestr, "string") == 0)

			{

				type = PW_TYPE_STRING;

			}

			else if (strcmp (typestr, "integer") == 0)

			{

				type = PW_TYPE_INTEGER;

			}

			else if (strcmp (typestr, "ipaddr") == 0)

			{

				type = PW_TYPE_IPADDR;

			}

			else if (strcmp (typestr, "date") == 0)

			{

				type = PW_TYPE_DATE;

			}

			else if (strcmp (typestr, "octets") == 0)

			{

				type = PW_TYPE_OCTETS;

			}

			else if (strcmp (typestr, "vendor") == 0)

			{

				type = PW_TYPE_VENDOR;

			}

			else

			{

				fprintf (stderr,

				  "%s: Invalid type on line %d of dictionary\n",

					 func, line_no);

				return (-1);

			}

			/* Create a new attribute for the list */

			if ((attr =

				(DICT_ATTR *) malloc (sizeof (DICT_ATTR)))

							== (DICT_ATTR *) NULL)

			{

				fprintf (stderr, "%s: FATAL out of memory\n",

					func);

				abort ();

			}

			strcpy (attr->name, namestr);

			attr->value = value;

			attr->type = type;

			/* Insert it into the list */

			attr->next = dictionary_attributes;

			dictionary_attributes = attr;

		}

		else if (strncmp (buffer, "VALUE", 5) == 0)

		{

			/* Read the VALUE line */

			if (sscanf (buffer, "%s%s%s%s", dummystr, attrstr,

				    namestr, valstr) != 4)

			{

				fprintf (stderr,

			   "%s: Invalid value entry on line %d of dictionary\n",

					 func, line_no);

				return (-1);

			}

			/*

			 * Validate all entries

			 */

			if (strlen (attrstr) > NAME_LENGTH)

			{

				fprintf (stderr,

		      "%s: Invalid attribute length on line %d of dictionary\n",

					 func, line_no);

				return (-1);

			}

			if (strlen (namestr) > NAME_LENGTH)

			{

				fprintf (stderr,

			   "%s: Invalid name length on line %d of dictionary\n",

					 func, line_no);

				return (-1);

			}

			if (!isdigit (*valstr))

			{

				fprintf (stderr,

				 "%s: Invalid value on line %d of dictionary\n",

					 func, line_no);

				return (-1);

			}

			value = atoi (valstr);

			/* Create a new VALUE entry for the list */

			if ((dval =

				(DICT_VALUE *) malloc (sizeof (DICT_VALUE)))

							== (DICT_VALUE *) NULL)

			{

				fprintf (stderr, "%s: FATAL out of memory\n",

					func);

				abort ();

			}

			strcpy (dval->attrname, attrstr);

			strcpy (dval->name, namestr);

			dval->value = value;

			/* Insert it into the list */

			dval->next = dictionary_values;

			dictionary_values = dval;

		}

	}

	fclose (dictfd);

	return (0);

} /* end of dict_init () */

/*************************************************************************

 *

 *	Function: dict_attrget

 *

 *	Purpose: Return the full attribute structure based on the

 *		 attribute id number.

 *

 *************************************************************************/

DICT_ATTR *

dict_attrget (attribute)

int             attribute;

{

	DICT_ATTR      *attr;

	attr = dictionary_attributes;

	while (attr != (DICT_ATTR *) NULL)

	{

		if (attr->value == attribute)

		{

			return (attr);

		}

		attr = attr->next;

	}

	return ((DICT_ATTR *) NULL);

} /* end of dict_attrget () */

/*************************************************************************

 *

 *	Function: dict_attrfind

 *

 *	Purpose: Return the full attribute structure based on the

 *		 attribute name.

 *

 *************************************************************************/

DICT_ATTR *

dict_attrfind (attrname)

char           *attrname;

{

	DICT_ATTR      *attr;

	attr = dictionary_attributes;

	while (attr != (DICT_ATTR *) NULL)

	{

		if (strcasecmp (attr->name, attrname) == 0)

		{

			return (attr);

		}

		attr = attr->next;

	}

	return ((DICT_ATTR *) NULL);

} /* end of dict_attrfind () */

/*************************************************************************

 *

 *	Function: dict_valfind

 *

 *	Purpose: Return the full value structure based on the

 *		 value name.

 *

 *************************************************************************/

DICT_VALUE *

dict_valfind (valname)

char           *valname;

{

	DICT_VALUE     *val;

	val = dictionary_values;

	while (val != (DICT_VALUE *) NULL)

	{

		if (strcasecmp (val->name, valname) == 0)

		{

			return (val);

		}

		val = val->next;

	}

	return ((DICT_VALUE *) NULL);

} /* end of dict_valfind () */

/*************************************************************************

 *

 *	Function: dict_valget

 *

 *	Purpose: Return the full value structure based on the

 *		 actual value and the associated attribute name.

 *

 *************************************************************************/

DICT_VALUE *

dict_valget (value, attrname)

UINT4           value;

char           *attrname;

{

	DICT_VALUE     *val;

	val = dictionary_values;

	while (val != (DICT_VALUE *) NULL)

	{

		if (strcmp (val->attrname, attrname) == 0 &&

				val->value == value)

		{

			return (val);

		}

		val = val->next;

	}

	return ((DICT_VALUE *) NULL);

} /* end of dict_valget () */

/*

 * RADIUS -- Remote Authentication Dial In User Service

 * 

 * COPYRIGHT  (c)  1992, 1993, 1994, 1995, 1996

 * THE REGENTS OF THE UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INCORPORATED

 * ALL RIGHTS RESERVED

 * 

 * PERMISSION IS GRANTED TO USE, COPY, CREATE DERIVATIVE WORKS AND REDISTRIBUTE

 * THIS SOFTWARE AND SUCH DERIVATIVE WORKS IN BINARY FORM ONLY FOR ANY PURPOSE,

 * SO LONG AS NO FEE IS CHARGED, AND SO LONG AS THE COPYRIGHT NOTICE ABOVE, THIS

 * GRANT OF PERMISSION, AND THE DISCLAIMER BELOW APPEAR IN ALL COPIES MADE; AND

 * SO LONG AS THE NAME OF THE UNIVERSITY OF MICHIGAN IS NOT USED IN ANY

 * ADVERTISING OR PUBLICITY PERTAINING TO THE USE OR DISTRIBUTION OF THIS

 * SOFTWARE WITHOUT SPECIFIC, WRITTEN PRIOR AUTHORIZATION.

 * 

 * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION FROM THE UNIVERSITY

 * OF MICHIGAN AS TO ITS FITNESS FOR ANY PURPOSE, AND WITHOUT WARRANTY BY THE

 * UNIVERSITY OF MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING

 * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

 * A PARTICULAR PURPOSE.  THE REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE

 * LIABLE FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR

 * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING OUT OF OR IN

 * CONNECTION WITH THE USE OF THE SOFTWARE, EVEN IF IT HAS BEEN OR IS HEREAFTER

 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

 * 

 * For a License to distribute source code or to charge a fee for the program

 * or a product containing the program, contact MERIT at the University of

 * Michigan:

 * 

 * aaa-license@merit.edu

 * 

 * [This version puts NO LIMITS on the use.  It grants the right to create

 * DERIVATIVE WORKS.  The user may copy and distribute the code in the form

 * received AND DERIVATIVE WORKS, so long as no fee is charged.  If copies are

 * made, our copyright notice and the disclaimer must be included on them.  USE

 * THIS VERSION WITH CARE.  THIS VERSION VERY LIKELY WILL KILL ANY POTENTIAL

 * FOR LATER COMMERCIALIZATION OF THE SOFTWARE.]

 *

 *

 * Public entry points in this file:

 * 

 * add_string

 * authtype_toa

 * avpair_add

 * avpair_assign

 * avpair_copy

 * avpair_get

 * avpair_new

 * avpair_vtoa

 * compress_file

 * debug_list

 * debug_pair

 * dumpit

 * fprint_attr_val

 * gen_valpairs

 * get_errmsg

 * get_passwd

 * get_vp

 * get_last_vp

 * insert_vp

 * loghead

 * logit

 * missing_attribute

 * parse_realm

 * prune_pairs

 * _reply_message

 * reply_sprintf

 * setupsock

 * trunc_logfile

 * type_string

 * 

 */

static char     rcsid[] = "$Id: funcs.c,v 1.99 1996/06/14 16:14:47 web Exp $";

#include	<sys/types.h>

#include	<sys/param.h>

#if defined(sys5)

#include	<sys/sysmacros.h>

#endif	/* sys5 */

#include	<sys/socket.h>

#include	<sys/time.h>

#if defined(aix) || defined(ultrix)

#include	<fcntl.h>

#else	/* aix */

#include	<sys/fcntl.h>

#endif	/* aix */

#include	<sys/wait.h>

#include	<net/if.h>

#include	<netinet/in.h>

#include	<arpa/inet.h>

#include	<stdio.h>

#include	<netdb.h>

#include	<time.h>

#include	<ctype.h>

#include	<errno.h>

#include	<dirent.h>

#include	<syslog.h>

#include	<unistd.h>

#include	<varargs.h>

#include	"radius.h"

extern int       debug_flag;

extern int       dumpcore;

extern int       file_logging;

extern int       spawn_flag;

extern int       zap_logfile;

#if !defined(__FreeBSD__) && !defined(_BSDI_VERSION) && !defined(__NetBSD__)

extern int       sys_nerr;

extern char     *sys_errlist[];

#endif	/* __FreeBSD__ */

extern FILE     *ddt;

extern FILE     *msgfd;

extern char     *radius_dir;

extern AATVPTR   rad_authen_aatv;

extern time_t    birthdate;

extern char      recv_buffer[4096];

extern char      send_buffer[4096];

extern char      ourhostname[MAXHOSTNAMELEN];

/*************************************************************************

 *

 *	Function: add_string (string, convert)

 *

 *	Purpose: Store string in storage block, returning pointer.  

 *		 Optimizes string storage allocation and allows only

 *		 one copy of string to be stored.  A NULL string pointer

 *		 returns a pointer to a null string.

 *

 *		 If convert is non-zero, the string is stored in lower-case.

 *		 Thus a case insensitive match is performed to attempt to

 *		 find an already existing copy of the string in the table.

 *

 *		 Use this only to store non-dynamic (i.e., configuration)

 *		 strings as there is no way to delete strings and lookups

 *		 to see if a string is already is present are quite 

 *		 inefficient.

 *

 *************************************************************************/

char *

add_string (string, convert)

char          *string;

int            convert;

{

	typedef struct char_blk

	{

		struct char_blk        *next;

		char		       *next_ptr;

		int			rem_len;

		char			strings[2048];

	} CHAR_BLK;

	static CHAR_BLK *first_blk = (CHAR_BLK *) NULL;

	CHAR_BLK        *last_blk;

	CHAR_BLK        *blk;

	CHAR_BLK        *space_blk; /* 1st block with sufficient space */

	register char   *ptr;

	register char	*fptr;

	register char	*str;

	register UINT4	 len;

	register UINT4	 slen;

	char		 lcstr[AUTH_ID_LEN]; /* Case converted string */

	static char     *func = "add_string";

	if (!string)

	{

		string = "";	/* Convert NULL pointer to null string */

	}

	/* Copy input to all lowercase */

	if (convert & ASLC)

	{

		for (ptr = lcstr, fptr = string ; *fptr ; )

		{

			*ptr++ = tolower (*fptr++);

		}

		*ptr++ = '\0';

		len = ptr - lcstr;

		string = lcstr;

	}

	else

	{

		len = strlen (string) + 1;

	}

	space_blk = (CHAR_BLK *) NULL;

	/* See if we're already storing this string */

	for (blk = last_blk = first_blk ; blk ; last_blk = blk, blk = blk->next)

	{

		for (str = blk->strings ; str < blk->next_ptr ; str += slen)

		{

			if (len > (slen = (UINT4) *str++))

			{

				continue;

			}

			fptr = slen - len + str; 

			ptr = string;

			while (*ptr++ == *fptr)

			{

				if (*fptr++ == '\0') /* Found it! */

				{	

					return fptr - len;

				}

			}

		}

		if (space_blk == (CHAR_BLK *) NULL && blk->rem_len > len)

		{

			space_blk = blk;

		}

	}

	if (convert & FINDONLY)

	{

		return NULL;

	}

	/* Need to store new string.  See if we found space in previous block */

	if (space_blk == (CHAR_BLK *) NULL)

	{

		if ((blk = (CHAR_BLK *) malloc (sizeof(CHAR_BLK))) 

							== (CHAR_BLK *) NULL)

		{

			logit (LOG_DAEMON, LOG_ALERT,

				"%s: FATAL couldn't allocate CHAR_BLK storage",

				func);

			abort ();

		}

		blk->next_ptr = blk->strings;

		blk->rem_len = sizeof (blk->strings);

		blk->next = (CHAR_BLK *) NULL;

		if (last_blk == (CHAR_BLK *) NULL)

		{

			first_blk = blk;

		}

		else

		{

			last_blk->next = blk;

		}

		space_blk = blk;

	}

	fptr = space_blk->next_ptr;

	*fptr++ = len;

	strcpy (fptr, string);

	space_blk->next_ptr = fptr + len;

	space_blk->rem_len -= len + 1;

	return fptr;

} /* end of add_string () */

/******************************************************************************

 *

 *	Function: authtype_toa

 *

 *	Purpose: Return a string representation of the authreq code.

 *

 *	Returns: pointer to static string.

 *

 *****************************************************************************/

char *

authtype_toa (code)

int             code;		/* code indicating authen, acct, etc. */

{

	static char *typelist[] =

	{

		"invalid(0)",		/* invalid */

		"access",		/* PW_ACCESS_REQUEST */

		"accept",		/* PW_ACCESS_ACCEPT */

		"reject",		/* PW_ACCESS_REJECT */

		"acct-req",		/* PW_ACCOUNTING_REQUEST */

		"acct-resp",		/* PW_ACCOUNTING_RESPONSE */

		"acct-status",		/* PW_ACCOUNTING_STATUS */

		"pw-request",		/* PW_PASSWORD_REQUEST */

		"pw-ack",		/* PW_PASSWORD_ACK */

		"pw-reject",		/* PW_PASSWORD_REJECT */

		"acct-msg",		/* PW_ACCOUNTING_MESSAGE */

		"access-challenge",	/* PW_ACCESS_CHALLENGE */

		"status-server",	/* PW_STATUS_SERVER */

		"status-client"		/* PW_STATUS_CLIENT */

	};

	static char unknown[20];

	if ((code <= 0) || ((sizeof (typelist) / sizeof (typelist[0])) <= code))

	{

		if (code == PW_FORWARDING)

		{

			return "forwarding";

		}

		sprintf (unknown, "invalid(%d)", code);

		return unknown;

	}

	return typelist[code];

} /* end of authtype_toa () */

/******************************************************************************

 *

 *	Function: avpair_add

 *

 *	Purpose: Add an attribute-value pair to the given list.

 *

 *	Returns: pointer to added a/v pair upon success,

 *		 NULL pointer upon failure.

 *

 *	Remarks: Always appends the new pair to the end of the list.

 *

 *****************************************************************************/

VALUE_PAIR *

avpair_add (list, attrid, pval, len)

VALUE_PAIR    **list;		/* a list of attribute-value pairs. */

int             attrid;		/* Attribute id number. */

void           *pval;		/* Pointer to value. */

int             len;		/* length of value, or 0 */

{

	VALUE_PAIR     *vp;

	vp = avpair_new (attrid, pval, len);

	if (vp != (VALUE_PAIR *) NULL)

	{

		insert_vp (list, (VALUE_PAIR *) NULL, vp);

	}

	return vp;

} /* end of avpair_add */

/******************************************************************************

 *

 *	Function: avpair_assign

 *

 *	Purpose: Assign the given raw value to an attribute-value pair.

 *

 *	Returns:  0 on success,

 *		 -1 on failure.

 *

 *****************************************************************************/

int

avpair_assign (vp, pval, len)

VALUE_PAIR     *vp;	/* pointer to the attribute-value pair */

void           *pval;	/* pointer to value to be assigned */

int             len;	/* for strings: */

			/*  len == 0 ==> null-terminated ASCII string */

			/*  len > 0  ==> len is length of raw binary data */

			/* for non-strings: */

			/*  len == 0 ==> just plain data, just gets copied */

			/*  len > 0  ==> convert data from network ... */

			/*		... representation before copying */

{

	int             result = -1;

	static char    *func = "avpair_assign";

	if (len < 0 || len > AUTH_STRING_LEN)

	{

		logit (LOG_DAEMON, LOG_ERR, "%s: bad attribute length %d",

			func, len);

	}

	else

	{

		switch (vp->type)

		{

		    case PW_TYPE_STRING: /* Use lvalue field to store length. */

		    case PW_TYPE_OCTETS:

		    case PW_TYPE_VENDOR:

			if (len > 0) /* use length to control the raw copy */

			{

				memcpy (vp->strvalue, (char *) pval, len);

				vp->strvalue[len] = 0; /* In case of string! */

				vp->lvalue = len;

			}

			else /* len == 0 means the string is NULL terminated */

			{

				strncpy (vp->strvalue, (char *) pval,

					AUTH_STRING_LEN);

				vp->lvalue = strlen ((char *) pval);

			}

			result = 0;

			break;

		    case PW_TYPE_DATE:

		    case PW_TYPE_INTEGER: