+ memset(cli_tunnel_actions, 0, sizeof(struct cli_tunnel_actions) * MAXSESSION);
+
+ memset(tunnel, 0, sizeof(tunnelt) * MAXTUNNEL);
+ memset(session, 0, sizeof(sessiont) * MAXSESSION);
+ memset(radius, 0, sizeof(radiust) * MAXRADIUS);
+ memset(ip_address_pool, 0, sizeof(ippoolt) * MAXIPPOOL);
+
+ // Put all the sessions on the free list marked as undefined.
+ for (i = 1; i < MAXSESSION; i++)
+ {
+ session[i].next = i + 1;
+ session[i].tunnel = T_UNDEF; // mark it as not filled in.
+ }
+ session[MAXSESSION - 1].next = 0;
+ sessionfree = 1;
+
+ // Mark all the tunnels as undefined (waiting to be filled in by a download).
+ for (i = 1; i < MAXTUNNEL; i++)
+ tunnel[i].state = TUNNELUNDEF; // mark it as not filled in.
+
+ if (!*hostname)
+ {
+ // Grab my hostname unless it's been specified
+ gethostname(hostname, sizeof(hostname));
+ stripdomain(hostname);
+ }
+
+ _statistics->start_time = _statistics->last_reset = time(NULL);
+
+#ifdef BGP
+ if (!(bgp_peers = shared_malloc(sizeof(struct bgp_peer) * BGP_NUM_PEERS)))
+ {
+ LOG(0, 0, 0, "Error doing malloc for bgp: %s\n", strerror(errno));
+ exit(1);
+ }
+#endif /* BGP */
+}
+
+static int assign_ip_address(sessionidt s)
+{
+ uint32_t i;
+ int best = -1;
+ time_t best_time = time_now;
+ char *u = session[s].user;
+ char reuse = 0;
+
+
+ CSTAT(assign_ip_address);
+
+ for (i = 1; i < ip_pool_size; i++)
+ {
+ if (!ip_address_pool[i].address || ip_address_pool[i].assigned)
+ continue;
+
+ if (!session[s].walled_garden && ip_address_pool[i].user[0] && !strcmp(u, ip_address_pool[i].user))
+ {
+ best = i;
+ reuse = 1;
+ break;
+ }
+
+ if (ip_address_pool[i].last < best_time)
+ {
+ best = i;
+ if (!(best_time = ip_address_pool[i].last))
+ break; // never used, grab this one
+ }
+ }
+
+ if (best < 0)
+ {
+ LOG(0, s, session[s].tunnel, "assign_ip_address(): out of addresses\n");
+ return 0;
+ }
+
+ session[s].ip = ip_address_pool[best].address;
+ session[s].ip_pool_index = best;
+ ip_address_pool[best].assigned = 1;
+ ip_address_pool[best].last = time_now;
+ ip_address_pool[best].session = s;
+ if (session[s].walled_garden)
+ /* Don't track addresses of users in walled garden (note: this
+ means that their address isn't "sticky" even if they get
+ un-gardened). */
+ ip_address_pool[best].user[0] = 0;
+ else
+ strncpy(ip_address_pool[best].user, u, sizeof(ip_address_pool[best].user) - 1);
+
+ STAT(ip_allocated);
+ LOG(4, s, session[s].tunnel, "assign_ip_address(): %s ip address %d from pool\n",
+ reuse ? "Reusing" : "Allocating", best);
+
+ return 1;
+}
+
+static void free_ip_address(sessionidt s)
+{
+ int i = session[s].ip_pool_index;
+
+
+ CSTAT(free_ip_address);
+
+ if (!session[s].ip)
+ return; // what the?
+
+ if (i < 0) // Is this actually part of the ip pool?
+ i = 0;
+
+ STAT(ip_freed);
+ cache_ipmap(session[s].ip, -i); // Change the mapping to point back to the ip pool index.
+ session[s].ip = 0;
+ ip_address_pool[i].assigned = 0;
+ ip_address_pool[i].session = 0;
+ ip_address_pool[i].last = time_now;
+}
+
+//
+// Fsck the address pool against the session table.
+// Normally only called when we become a master.
+//
+// This isn't perfect: We aren't keep tracking of which
+// users used to have an IP address.
+//
+void rebuild_address_pool(void)
+{
+ int i;
+
+ //
+ // Zero the IP pool allocation, and build
+ // a map from IP address to pool index.
+ for (i = 1; i < MAXIPPOOL; ++i)
+ {
+ ip_address_pool[i].assigned = 0;
+ ip_address_pool[i].session = 0;
+ if (!ip_address_pool[i].address)
+ continue;
+
+ cache_ipmap(ip_address_pool[i].address, -i); // Map pool IP to pool index.
+ }
+
+ for (i = 0; i < MAXSESSION; ++i)
+ {
+ int ipid;
+ if (!(session[i].opened && session[i].ip))
+ continue;
+
+ ipid = - lookup_ipmap(htonl(session[i].ip));
+
+ if (session[i].ip_pool_index < 0)
+ {
+ // Not allocated out of the pool.
+ if (ipid < 1) // Not found in the pool either? good.
+ continue;
+
+ LOG(0, i, 0, "Session %d has an IP address (%s) that was marked static, but is in the pool (%d)!\n",
+ i, fmtaddr(session[i].ip, 0), ipid);
+
+ // Fall through and process it as part of the pool.
+ }
+
+
+ if (ipid > MAXIPPOOL || ipid < 0)
+ {
+ LOG(0, i, 0, "Session %d has a pool IP that's not found in the pool! (%d)\n", i, ipid);
+ ipid = -1;
+ session[i].ip_pool_index = ipid;
+ continue;
+ }
+
+ ip_address_pool[ipid].assigned = 1;
+ ip_address_pool[ipid].session = i;
+ ip_address_pool[ipid].last = time_now;
+ strncpy(ip_address_pool[ipid].user, session[i].user, sizeof(ip_address_pool[ipid].user) - 1);
+ session[i].ip_pool_index = ipid;
+ cache_ipmap(session[i].ip, i); // Fix the ip map.
+ }
+}
+
+//
+// Fix the address pool to match a changed session.
+// (usually when the master sends us an update).
+static void fix_address_pool(int sid)
+{
+ int ipid;
+
+ ipid = session[sid].ip_pool_index;
+
+ if (ipid > ip_pool_size)
+ return; // Ignore it. rebuild_address_pool will fix it up.
+
+ if (ip_address_pool[ipid].address != session[sid].ip)
+ return; // Just ignore it. rebuild_address_pool will take care of it.
+
+ ip_address_pool[ipid].assigned = 1;
+ ip_address_pool[ipid].session = sid;
+ ip_address_pool[ipid].last = time_now;
+ strncpy(ip_address_pool[ipid].user, session[sid].user, sizeof(ip_address_pool[ipid].user) - 1);
+}
+
+//
+// Add a block of addresses to the IP pool to hand out.
+//
+static void add_to_ip_pool(in_addr_t addr, in_addr_t mask)
+{
+ int i;
+ if (mask == 0)
+ mask = 0xffffffff; // Host route only.
+
+ addr &= mask;
+
+ if (ip_pool_size >= MAXIPPOOL) // Pool is full!
+ return ;
+
+ for (i = addr ;(i & mask) == addr; ++i)
+ {
+ if ((i & 0xff) == 0 || (i&0xff) == 255)
+ continue; // Skip 0 and broadcast addresses.
+
+ ip_address_pool[ip_pool_size].address = i;
+ ip_address_pool[ip_pool_size].assigned = 0;
+ ++ip_pool_size;
+ if (ip_pool_size >= MAXIPPOOL)
+ {
+ LOG(0, 0, 0, "Overflowed IP pool adding %s\n", fmtaddr(htonl(addr), 0));
+ return;
+ }
+ }
+}
+
+// Initialize the IP address pool
+static void initippool()
+{
+ FILE *f;
+ char *p;
+ char buf[4096];
+ memset(ip_address_pool, 0, sizeof(ip_address_pool));
+
+ if (!(f = fopen(IPPOOLFILE, "r")))
+ {
+ LOG(0, 0, 0, "Can't load pool file " IPPOOLFILE ": %s\n", strerror(errno));
+ exit(1);
+ }
+
+ while (ip_pool_size < MAXIPPOOL && fgets(buf, 4096, f))
+ {
+ char *pool = buf;
+ buf[4095] = 0; // Force it to be zero terminated/
+
+ if (*buf == '#' || *buf == '\n')
+ continue; // Skip comments / blank lines
+ if ((p = (char *)strrchr(buf, '\n'))) *p = 0;
+ if ((p = (char *)strchr(buf, ':')))
+ {
+ in_addr_t src;
+ *p = '\0';
+ src = inet_addr(buf);
+ if (src == INADDR_NONE)
+ {
+ LOG(0, 0, 0, "Invalid address pool IP %s\n", buf);
+ exit(1);
+ }
+ // This entry is for a specific IP only
+ if (src != config->bind_address)
+ continue;
+ *p = ':';
+ pool = p+1;
+ }
+ if ((p = (char *)strchr(pool, '/')))
+ {
+ // It's a range
+ int numbits = 0;
+ in_addr_t start = 0, mask = 0;
+
+ LOG(2, 0, 0, "Adding IP address range %s\n", buf);
+ *p++ = 0;
+ if (!*p || !(numbits = atoi(p)))
+ {
+ LOG(0, 0, 0, "Invalid pool range %s\n", buf);
+ continue;
+ }
+ start = ntohl(inet_addr(pool));
+ mask = (in_addr_t) (pow(2, numbits) - 1) << (32 - numbits);
+
+ // Add a static route for this pool
+ LOG(5, 0, 0, "Adding route for address pool %s/%u\n",
+ fmtaddr(htonl(start), 0), 32 + mask);
+
+ routeset(0, start, mask, 0, 1);
+
+ add_to_ip_pool(start, mask);
+ }
+ else
+ {
+ // It's a single ip address
+ add_to_ip_pool(inet_addr(pool), 0);
+ }
+ }
+ fclose(f);
+ LOG(1, 0, 0, "IP address pool is %d addresses\n", ip_pool_size - 1);
+}
+
+void snoop_send_packet(char *packet, uint16_t size, in_addr_t destination, uint16_t port)
+{
+ struct sockaddr_in snoop_addr = {0};
+ if (!destination || !port || snoopfd <= 0 || size <= 0 || !packet)
+ return;
+
+ snoop_addr.sin_family = AF_INET;
+ snoop_addr.sin_addr.s_addr = destination;
+ snoop_addr.sin_port = ntohs(port);
+
+ LOG(5, 0, 0, "Snooping %d byte packet to %s:%d\n", size,
+ fmtaddr(snoop_addr.sin_addr.s_addr, 0),
+ htons(snoop_addr.sin_port));
+
+ if (sendto(snoopfd, packet, size, MSG_DONTWAIT | MSG_NOSIGNAL, (void *) &snoop_addr, sizeof(snoop_addr)) < 0)
+ LOG(0, 0, 0, "Error sending intercept packet: %s\n", strerror(errno));
+
+ STAT(packets_snooped);
+}
+
+static int dump_session(FILE **f, sessiont *s)
+{
+ if (!s->opened || !s->ip || !(s->cin || s->cout) || !*s->user || s->walled_garden)
+ return 1;
+
+ if (!*f)
+ {
+ char filename[1024];
+ char timestr[64];
+ time_t now = time(NULL);
+
+ strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", localtime(&now));
+ snprintf(filename, sizeof(filename), "%s/%s", config->accounting_dir, timestr);
+
+ if (!(*f = fopen(filename, "w")))
+ {
+ LOG(0, 0, 0, "Can't write accounting info to %s: %s\n", filename, strerror(errno));
+ return 0;
+ }
+
+ LOG(3, 0, 0, "Dumping accounting information to %s\n", filename);
+ fprintf(*f, "# dslwatch.pl dump file V1.01\n"
+ "# host: %s\n"
+ "# time: %ld\n"
+ "# uptime: %ld\n"
+ "# format: username ip qos uptxoctets downrxoctets\n",
+ hostname,
+ now,
+ now - basetime);
+ }
+
+ LOG(4, 0, 0, "Dumping accounting information for %s\n", s->user);
+ fprintf(*f, "%s %s %d %u %u\n",
+ s->user, // username
+ fmtaddr(htonl(s->ip), 0), // ip
+ (s->throttle_in || s->throttle_out) ? 2 : 1, // qos
+ (uint32_t) s->cin, // uptxoctets
+ (uint32_t) s->cout); // downrxoctets
+
+ s->pin = s->cin = 0;
+ s->pout = s->cout = 0;
+
+ return 1;
+}
+
+static void dump_acct_info(int all)
+{
+ int i;
+ FILE *f = NULL;
+
+
+ CSTAT(dump_acct_info);
+
+ if (shut_acct_n)
+ {
+ for (i = 0; i < shut_acct_n; i++)
+ dump_session(&f, &shut_acct[i]);
+
+ shut_acct_n = 0;
+ }
+
+ if (all)
+ for (i = 1; i <= config->cluster_highest_sessionid; i++)
+ dump_session(&f, &session[i]);
+
+ if (f)
+ fclose(f);
+}
+
+// Main program
+int main(int argc, char *argv[])
+{
+ int i;
+ int optdebug = 0;
+ char *optconfig = CONFIGFILE;
+
+ time(&basetime); // start clock
+
+ // scan args
+ while ((i = getopt(argc, argv, "dvc:h:")) >= 0)
+ {
+ switch (i)
+ {
+ case 'd':
+ if (fork()) exit(0);
+ setsid();
+ freopen("/dev/null", "r", stdin);
+ freopen("/dev/null", "w", stdout);
+ freopen("/dev/null", "w", stderr);
+ break;
+ case 'v':
+ optdebug++;
+ break;
+ case 'c':
+ optconfig = optarg;
+ break;
+ case 'h':
+ snprintf(hostname, sizeof(hostname), "%s", optarg);
+ break;
+ default:
+ printf("Args are:\n"
+ "\t-d\t\tDetach from terminal\n"
+ "\t-c <file>\tConfig file\n"
+ "\t-h <hostname>\tForce hostname\n"
+ "\t-v\t\tDebug\n");
+
+ return (0);
+ break;
+ }
+ }
+
+ // Start the timer routine off
+ time(&time_now);
+ strftime(time_now_string, sizeof(time_now_string), "%Y-%m-%d %H:%M:%S", localtime(&time_now));
+ signal(SIGALRM, sigalrm_handler);
+ siginterrupt(SIGALRM, 0);
+
+ initplugins();
+ initdata(optdebug, optconfig);
+
+ init_cli(hostname);
+ read_config_file();
+ init_tbf(config->num_tbfs);
+
+ LOG(0, 0, 0, "L2TPNS version " VERSION "\n");
+ LOG(0, 0, 0, "Copyright (c) 2003, 2004, 2005 Optus Internet Engineering\n");
+ LOG(0, 0, 0, "Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced\n");
+ {
+ struct rlimit rlim;
+ rlim.rlim_cur = RLIM_INFINITY;
+ rlim.rlim_max = RLIM_INFINITY;
+ // Remove the maximum core size
+ if (setrlimit(RLIMIT_CORE, &rlim) < 0)
+ LOG(0, 0, 0, "Can't set ulimit: %s\n", strerror(errno));
+
+ // Make core dumps go to /tmp
+ chdir("/tmp");
+ }
+
+ if (config->scheduler_fifo)
+ {
+ int ret;
+ struct sched_param params = {0};
+ params.sched_priority = 1;
+
+ if (get_nprocs() < 2)
+ {
+ LOG(0, 0, 0, "Not using FIFO scheduler, there is only 1 processor in the system.\n");
+ config->scheduler_fifo = 0;
+ }
+ else
+ {
+ if ((ret = sched_setscheduler(0, SCHED_FIFO, ¶ms)) == 0)
+ {
+ LOG(1, 0, 0, "Using FIFO scheduler. Say goodbye to any other processes running\n");
+ }
+ else
+ {
+ LOG(0, 0, 0, "Error setting scheduler to FIFO: %s\n", strerror(errno));
+ config->scheduler_fifo = 0;
+ }
+ }
+ }
+
+ /* Set up the cluster communications port. */
+ if (cluster_init() < 0)
+ exit(1);
+
+#ifdef BGP
+ signal(SIGPIPE, SIG_IGN);
+ bgp_setup(config->as_number);
+ bgp_add_route(config->bind_address, 0xffffffff);
+ for (i = 0; i < BGP_NUM_PEERS; i++)
+ {
+ if (config->neighbour[i].name[0])
+ bgp_start(&bgp_peers[i], config->neighbour[i].name,
+ config->neighbour[i].as, config->neighbour[i].keepalive,
+ config->neighbour[i].hold, 0); /* 0 = routing disabled */
+ }
+#endif /* BGP */
+
+ inittun();
+ LOG(1, 0, 0, "Set up on interface %s\n", config->tundevice);
+
+ initudp();
+ initrad();
+ initippool();
+
+ signal(SIGHUP, sighup_handler);
+ signal(SIGTERM, sigterm_handler);
+ signal(SIGINT, sigterm_handler);
+ signal(SIGQUIT, sigquit_handler);
+ signal(SIGCHLD, sigchild_handler);
+
+ // Prevent us from getting paged out
+ if (config->lock_pages)
+ {
+ if (!mlockall(MCL_CURRENT))
+ LOG(1, 0, 0, "Locking pages into memory\n");
+ else
+ LOG(0, 0, 0, "Can't lock pages: %s\n", strerror(errno));
+ }
+
+ alarm(1);
+
+ // Drop privileges here
+ if (config->target_uid > 0 && geteuid() == 0)
+ setuid(config->target_uid);
+
+ mainloop();
+
+#ifdef BGP
+ /* try to shut BGP down cleanly; with luck the sockets will be
+ writable since we're out of the select */
+ for (i = 0; i < BGP_NUM_PEERS; i++)
+ if (bgp_peers[i].state == Established)
+ bgp_stop(&bgp_peers[i]);
+#endif /* BGP */
+
+ /* remove plugins (so cleanup code gets run) */
+ plugins_done();
+
+ // Remove the PID file if we wrote it
+ if (config->wrote_pid && *config->pid_file == '/')
+ unlink(config->pid_file);
+
+ /* kill CLI children */
+ signal(SIGTERM, SIG_IGN);
+ kill(0, SIGTERM);
+ return 0;
+}
+
+static void sighup_handler(int sig)
+{
+ if (log_stream)
+ {
+ if (log_stream != stderr)
+ fclose(log_stream);
+
+ log_stream = NULL;
+ }
+
+ read_config_file();
+}
+
+static void sigalrm_handler(int sig)
+{
+ // Log current traffic stats
+
+ snprintf(config->bandwidth, sizeof(config->bandwidth),
+ "UDP-ETH:%1.0f/%1.0f ETH-UDP:%1.0f/%1.0f TOTAL:%0.1f IN:%u OUT:%u",
+ (udp_rx / 1024.0 / 1024.0 * 8),
+ (eth_tx / 1024.0 / 1024.0 * 8),
+ (eth_rx / 1024.0 / 1024.0 * 8),
+ (udp_tx / 1024.0 / 1024.0 * 8),
+ ((udp_tx + udp_rx + eth_tx + eth_rx) / 1024.0 / 1024.0 * 8),
+ udp_rx_pkt, eth_rx_pkt);
+
+ udp_tx = udp_rx = 0;
+ udp_rx_pkt = eth_rx_pkt = 0;
+ eth_tx = eth_rx = 0;
+
+ if (config->dump_speed)
+ printf("%s\n", config->bandwidth);
+
+ // Update the internal time counter
+ time(&time_now);
+ strftime(time_now_string, sizeof(time_now_string), "%Y-%m-%d %H:%M:%S", localtime(&time_now));
+ alarm(1);
+
+ {
+ // Run timer hooks
+ struct param_timer p = { time_now };
+ run_plugins(PLUGIN_TIMER, &p);
+ }
+
+}
+
+static void sigterm_handler(int sig)
+{
+ LOG(1, 0, 0, "Shutting down cleanly\n");
+ main_quit++;
+}
+
+static void sigquit_handler(int sig)
+{
+ int i;
+
+ LOG(1, 0, 0, "Shutting down without saving sessions\n");
+
+ if (config->cluster_iam_master)
+ {
+ for (i = 1; i < MAXSESSION; i++)
+ {
+ if (session[i].opened)
+ sessionkill(i, "L2TPNS Closing");
+ }
+ for (i = 1; i < MAXTUNNEL; i++)
+ {
+ if (tunnel[i].ip || tunnel[i].state)
+ tunnelshutdown(i, "L2TPNS Closing", 6, 0, 0);
+ }
+ }
+
+ main_quit++;
+}
+
+static void sigchild_handler(int sig)
+{
+ while (waitpid(-1, NULL, WNOHANG) > 0)
+ ;
+}
+
+static void build_chap_response(char *challenge, uint8_t id, uint16_t challenge_length, char **challenge_response)
+{
+ MD5_CTX ctx;
+ *challenge_response = NULL;
+
+ if (!*config->l2tpsecret)
+ {
+ LOG(0, 0, 0, "LNS requested CHAP authentication, but no l2tp secret is defined\n");
+ return;
+ }
+
+ LOG(4, 0, 0, " Building challenge response for CHAP request\n");
+
+ *challenge_response = (char *)calloc(17, 1);
+
+ MD5Init(&ctx);
+ MD5Update(&ctx, &id, 1);
+ MD5Update(&ctx, config->l2tpsecret, strlen(config->l2tpsecret));
+ MD5Update(&ctx, challenge, challenge_length);
+ MD5Final(*challenge_response, &ctx);
+
+ return;
+}
+
+static int facility_value(char *name)
+{
+ int i;
+ for (i = 0; facilitynames[i].c_name; i++)
+ {
+ if (strcmp(facilitynames[i].c_name, name) == 0)
+ return facilitynames[i].c_val;
+ }
+ return 0;
+}
+
+static void update_config()
+{
+ int i;
+ char *p;
+ static int timeout = 0;
+ static int interval = 0;
+
+ // Update logging
+ closelog();
+ syslog_log = 0;
+ if (log_stream)
+ {
+ if (log_stream != stderr)
+ fclose(log_stream);
+
+ log_stream = NULL;
+ }
+
+ if (*config->log_filename)
+ {
+ if (strstr(config->log_filename, "syslog:") == config->log_filename)
+ {
+ char *p = config->log_filename + 7;
+ if (*p)
+ {
+ openlog("l2tpns", LOG_PID, facility_value(p));
+ syslog_log = 1;
+ }
+ }
+ else if (strchr(config->log_filename, '/') == config->log_filename)
+ {
+ if ((log_stream = fopen((char *)(config->log_filename), "a")))
+ {
+ fseek(log_stream, 0, SEEK_END);
+ setbuf(log_stream, NULL);
+ }
+ else
+ {
+ log_stream = stderr;
+ setbuf(log_stream, NULL);
+ }
+ }
+ }
+ else
+ {
+ log_stream = stderr;
+ setbuf(log_stream, NULL);
+ }
+
+ // Update radius
+ config->numradiusservers = 0;
+ for (i = 0; i < MAXRADSERVER; i++)
+ if (config->radiusserver[i])
+ {
+ config->numradiusservers++;
+ // Set radius port: if not set, take the port from the
+ // first radius server. For the first radius server,
+ // take the #defined default value from l2tpns.h
+
+ // test twice, In case someone works with
+ // a secondary radius server without defining
+ // a primary one, this will work even then.
+ if (i > 0 && !config->radiusport[i])
+ config->radiusport[i] = config->radiusport[i-1];
+ if (!config->radiusport[i])
+ config->radiusport[i] = RADPORT;
+ }
+
+ if (!config->numradiusservers)
+ LOG(0, 0, 0, "No RADIUS servers defined!\n");
+
+ config->num_radfds = 2 << RADIUS_SHIFT;
+
+ // parse radius_authtypes_s
+ config->radius_authtypes = config->radius_authprefer = 0;
+ p = config->radius_authtypes_s;
+ while (p && *p)
+ {
+ char *s = strpbrk(p, " \t,");
+ int type = 0;
+
+ if (s)
+ {
+ *s++ = 0;
+ while (*s == ' ' || *s == '\t')
+ s++;
+
+ if (!*s)
+ s = 0;
+ }
+
+ if (!strncasecmp("chap", p, strlen(p)))
+ type = AUTHCHAP;
+ else if (!strncasecmp("pap", p, strlen(p)))
+ type = AUTHPAP;
+ else
+ LOG(0, 0, 0, "Invalid RADIUS authentication type \"%s\"\n", p);
+
+ config->radius_authtypes |= type;
+ if (!config->radius_authprefer)
+ config->radius_authprefer = type;
+
+ p = s;
+ }
+
+ if (!config->radius_authtypes)