3 files changed, 381 insertions, 0 deletions

diff --git a/lib/libpam/modules/pam_radius/pam_radius.8 b/lib/libpam/modules/pam_radius/pam_radius.8
new file mode 100644
index 000000000000..13184e81ec70
--- /dev/null
+++ b/lib/libpam/modules/pam_radius/pam_radius.8
@@ -0,0 +1,128 @@
+.\" Copyright (c) 1999
+.\"	Andrzej Bialecki <abial@FreeBSD.org>.  All rights reserved.
+.\"
+.\" Copyright (c) 1992, 1993, 1994
+.\"	The Regents of the University of California.  All rights reserved.
+.\" All rights reserved.
+.\"
+.\" This code is derived from software donated to Berkeley by
+.\" Jan-Simon Pendry.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"	$Id$
+.\"
+.Dd August 2, 1999
+.Dt pam_radius 8
+.Os FreeBSD 3.3
+.Sh NAME
+.Nm pam_radius
+.Nd RADIUS authentication PAM module
+.Sh SYNOPSIS
+.Nm pam_radius.so
+.Op Cm use_first_pass
+.Op Cm try_first_pass
+.Op Cm echo_pass
+.Op Cm conf Ns No = Ns Ar pathname
+.Op Cm template_user Ns No = Ns Ar username
+.Sh DESCRIPTION
+The
+.Nm
+module provides authentication services based
+upon the RADIUS (Remote Authentication Dial In User Service) protocol
+for the PAM (Pluggable Authentication Module) framework.
+.Pp
+The
+.Nm
+module accepts these optional parameters:
+.Bl -tag -width Fl
+.It Cm use_first_pass
+causes
+.Nm
+to use a previously entered password instead of prompting for a new one.
+If no password has been entered then authentication fails.
+.It Cm try_first_pass
+causes
+.Nm
+to use a previously entered password, if one is available.  If no
+password has been entered,
+.Nm
+prompts for one as usual.
+.It Cm echo_pass
+causes echoing to be left on if
+.Nm
+prompts for a password.
+.It Cm conf Ns No = Ns Ar pathname
+specifies a non-standard location for the RADIUS client configuration file
+(normally located in /etc/radius.conf).
+.It Cm template_user Ns No = Ns Ar username
+specifies a user whose
+.Xr passwd 5
+entry will be used as a template to create the session environment
+if the supplied username doesn't exist in local password database. The user
+will be authenticated with the supplied username and password, but his
+credentials to the system will be presented as the ones for
+.Ar username ,
+i.e., his login class, home directory, resource limits, etc. will be set to ones
+defined for
+.Ar username .
+.Pp
+If this option is omitted, and there is no username
+in the system databases equal to the supplied one (as determined by call to
+.Xr getpwnam 3 Ns ),
+the authentication will fail.
+.Sh FILES
+.Bl -tag -width /etc/radius.conf -compact
+.It Pa /etc/radius.conf
+The standard RADIUS client configuration file for
+.Nm
+.El
+.Sh SEE ALSO
+.Xr pam 8 ,
+.Xr passwd 5 ,
+.Xr radius.conf 5
+.Sh HISTORY
+The
+.Nm
+module first appeared in
+.Fx 3.1 .
+The
+.Nm
+manual page first appeared in
+.Fx 3.3 .
+.Sh AUTHORS
+The
+.Nm
+manual page was written by
+.An Andrzej Bialecki Aq abial@FreeBSD.org .
+.Pp
+The
+.Nm
+module was written by
+.An John D. Polstra Aq jdp@FreeBSD.org .
diff --git a/share/examples/ppp/ppp.conf.isdn b/share/examples/ppp/ppp.conf.isdn
new file mode 100644
index 000000000000..659634b2661a
--- /dev/null
+++ b/share/examples/ppp/ppp.conf.isdn
@@ -0,0 +1,87 @@
+#
+# Copyright (c) 1997 Brian Somers <brian@Awfulhak.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$Id: ppp.conf.isdn,v 1.1 1999/08/09 22:57:47 brian Exp $
+
+# This is an example ppp profile for bringing up a multilink ppp connection
+# over ISDN.  It needs at least version 0.83.0 of the i4b code.  An example
+# isdnd configuration file is also supplied in this directory (isdnd.rc)
+#
+isdn:
+ # Replace this with your ISPs phone number
+ set phone 12345678
+
+ # Replace these with your login name & password.  This profile assumes
+ # you're using PAP or CHAP.
+ set authname somename
+ set authkey somepasswd
+
+ # Assuming you have a LAN:
+ set enddisc mac
+
+ enable lqr
+ set reconnect 3 5
+ set redial 3 10
+ set lqrperiod 45
+ disable pred1 deflate
+ deny pred1 deflate
+
+ # Our minimum charge period is 5 minutes, so don't hangup before then
+ set timeout 60 600
+
+ # We have no chat scripts in the ISDN world (yet)
+ set dial
+ set login
+ set hangup
+
+ # Use the raw B-channel devices
+ set device /dev/i4brbch0 /dev/i4brbch1
+ set speed sync
+
+ # How long does it take to connect with ISDN ?
+ link * set cd 6
+
+ # Ask the peer what to put in resolv.conf
+ enable dns
+
+ # Take a wild guess and let the other side decide
+ set ifaddr 172.16.0.1/0 212.0.0.0/0
+ add! default hisaddr
+
+ # Multilink mode please
+ set mrru 1500
+
+ # Two new links
+ clone 1,2
+
+ # And get rid of the old one with the crusty name
+ link deflink rm
+
+ # Automatically manage the second link
+ link * set mode auto
+ set autoload 10 100 30
+
+ # Otherwise, do things via the diagnostic port
+ set server /tmp/pavilion "" 0177
diff --git a/usr.sbin/ppp/exec.c b/usr.sbin/ppp/exec.c
new file mode 100644
index 000000000000..19e74bd4270e
--- /dev/null
+++ b/usr.sbin/ppp/exec.c
@@ -0,0 +1,166 @@
+/*-
+ * Copyright (c) 1999 Brian Somers <brian@Awfulhak.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$Id: exec.c,v 1.7 1999/08/06 20:04:03 brian Exp $
+ */
+
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <sys/uio.h>
+#include <termios.h>
+#include <unistd.h>
+
+#include "layer.h"
+#include "defs.h"
+#include "mbuf.h"
+#include "log.h"
+#include "timer.h"
+#include "lqr.h"
+#include "hdlc.h"
+#include "throughput.h"
+#include "fsm.h"
+#include "lcp.h"
+#include "ccp.h"
+#include "link.h"
+#include "async.h"
+#include "descriptor.h"
+#include "physical.h"
+#include "mp.h"
+#include "chat.h"
+#include "command.h"
+#include "auth.h"
+#include "chap.h"
+#include "cbcp.h"
+#include "datalink.h"
+#include "exec.h"
+
+static struct device execdevice = {
+  EXEC_DEVICE,
+  "exec",
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL,
+  NULL
+};
+
+struct device *
+exec_iov2device(int type, struct physical *p, struct iovec *iov,
+                int *niov, int maxiov)
+{
+  if (type == EXEC_DEVICE) {
+    free(iov[(*niov)++].iov_base);
+    physical_SetupStack(p, execdevice.name, PHYSICAL_FORCE_ASYNC);
+    return &execdevice;
+  }
+
+  return NULL;
+}
+
+struct device *
+exec_Create(struct physical *p)
+{
+  if (p->fd < 0 && *p->name.full == '!') {
+    int fids[2];
+
+    if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, fids) < 0)
+      log_Printf(LogPHASE, "Unable to create pipe for line exec: %s\n",
+	         strerror(errno));
+    else {
+      int stat, argc, i;
+      pid_t pid, realpid;
+      char *argv[MAXARGS];
+
+      stat = fcntl(fids[0], F_GETFL, 0);
+      if (stat > 0) {
+        stat |= O_NONBLOCK;
+        fcntl(fids[0], F_SETFL, stat);
+      }
+      realpid = getpid();
+      switch ((pid = fork())) {
+        case -1:
+          log_Printf(LogPHASE, "Unable to create pipe for line exec: %s\n",
+	             strerror(errno));
+          break;
+
+        case  0:
+          close(fids[0]);
+          timer_TermService();
+          setuid(geteuid());
+
+          switch (fork()) {
+            case 0:
+              break;
+
+            case -1:
+              log_Printf(LogPHASE, "Unable to fork to drop parent: %s\n",
+	                 strerror(errno));
+            default:
+              _exit(127);
+          }
+
+          log_Printf(LogDEBUG, "Exec'ing ``%s''\n", p->name.base);
+
+          dup2(fids[1], STDIN_FILENO);
+          dup2(fids[1], STDOUT_FILENO);
+          dup2(fids[1], STDERR_FILENO);
+          for (i = getdtablesize(); i > STDERR_FILENO; i--)
+            fcntl(i, F_SETFD, 1);
+
+          argc = MakeArgs(p->name.base, argv, VECSIZE(argv));
+          command_Expand(argv, argc, (char const *const *)argv,
+                         p->dl->bundle, 0, realpid);
+          execvp(*argv, argv);
+          printf("execvp failed: %s: %s\r\n", *argv, strerror(errno));
+          _exit(127);
+          break;
+
+        default:
+          close(fids[1]);
+          p->fd = fids[0];
+          waitpid(pid, &stat, 0);
+          log_Printf(LogDEBUG, "Using descriptor %d for child\n", p->fd);
+          physical_SetupStack(p, execdevice.name, PHYSICAL_FORCE_ASYNC);
+          return &execdevice;
+      }
+    }
+  }
+
+  return NULL;
+}