// L2TPNS Radius Stuff
-// $Id: radius.c,v 1.1 2003/12/16 07:07:39 fred_nerk Exp $
+// $Id: radius.c,v 1.2 2004/03/05 00:09:03 fred_nerk Exp $
#include <time.h>
#include <stdio.h>
#include "plugin.h"
#include "util.h"
-extern char *radiussecret;
extern radiust *radius;
extern sessiont *session;
extern tunnelt *tunnel;
-extern ipt radiusserver[MAXRADSERVER]; // radius servers
extern u32 sessionid;
-extern u8 radiusfree;
extern int radfd;
-extern u8 numradiusservers;
-extern char debug;
-extern unsigned long default_dns1, default_dns2;
extern struct Tstats *_statistics;
-extern int radius_accounting;
-extern uint32_t bind_address;
+extern struct configt *config;
const char *radius_state(int state)
{
void radiusclear(u8 r, sessionidt s)
{
- radius[r].state = RADIUSNULL;
if (s) session[s].radius = 0;
- memset(&radius[r], 0, sizeof(radius[r]));
- radius[r].next = radiusfree;
- radiusfree = r;
+ memset(&radius[r], 0, sizeof(radius[r])); // radius[r].state = RADIUSNULL;
+}
+
+static u8 new_radius()
+{
+ u8 i;
+ for (i = 1; i < MAXRADIUS; i++)
+ {
+ if (radius[i].state == RADIUSNULL)
+ return i;
+ }
+ log(0, 0, 0, 0, "Can't find a free radius session! This could be bad!\n");
+ return 0;
}
u8 radiusnew(sessionidt s)
{
u8 r;
- if (!radiusfree)
+ if (!(r = new_radius()))
{
log(1, 0, s, session[s].tunnel, "No free RADIUS sessions\n");
STAT(radius_overflow);
return 0;
};
- r = radiusfree;
- session[s].radius = r;
- radiusfree = radius[r].next;
memset(&radius[r], 0, sizeof(radius[r]));
+ session[s].radius = r;
radius[r].session = s;
+ radius[r].state = RADIUSWAIT;
return r;
}
#ifdef STAT_CALLS
STAT(call_radiussend);
#endif
- if (!numradiusservers)
+ s = radius[r].session;
+ if (!config->numradiusservers)
{
- log(0, 0, 0, 0, "No RADIUS servers\n");
+ log(0, 0, s, session[s].tunnel, "No RADIUS servers\n");
return;
}
- if (!radiussecret)
+ if (!*config->radiussecret)
{
- log(0, 0, 0, 0, "No RADIUS secret\n");
+ log(0, 0, s, session[s].tunnel, "No RADIUS secret\n");
return;
}
- s = radius[r].session;
- if (state != RADIUSAUTH && !radius_accounting)
+ if (state != RADIUSAUTH && !config->radius_accounting)
{
// Radius accounting is turned off
radiusclear(r, s);
radius[r].state = state;
radius[r].retry = backoff(radius[r].try++);
log(4, 0, s, session[s].tunnel, "Send RADIUS %d state %s try %d\n", r, radius_state(radius[r].state), radius[r].try);
- if (radius[r].try > numradiusservers * 2)
+ if (radius[r].try > config->numradiusservers * 2)
{
if (s)
{
{
MD5_CTX ctx;
MD5Init(&ctx);
- MD5Update(&ctx, radiussecret, strlen(radiussecret));
+ MD5Update(&ctx, config->radiussecret, strlen(config->radiussecret));
if (p)
MD5Update(&ctx, pass + p - 16, 16);
else
// NAS-IP-Address
*p = 4;
p[1] = 6;
- *(u32 *)(p + 2) = bind_address;
+ *(u32 *)(p + 2) = config->bind_address;
p += p[1];
// All AVpairs added
MD5Update(&ctx, b, 4);
MD5Update(&ctx, z, 16);
MD5Update(&ctx, b + 20, (p - b) - 20);
- MD5Update(&ctx, radiussecret, strlen(radiussecret));
+ MD5Update(&ctx, config->radiussecret, strlen(config->radiussecret));
MD5Final(hash, &ctx);
memcpy(b + 4, hash, 16);
memcpy(radius[r].auth, hash, 16);
}
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
- *(u32 *) & addr.sin_addr = htonl(radiusserver[(radius[r].try - 1) % numradiusservers]);
+ *(u32 *) & addr.sin_addr = config->radiusserver[(radius[r].try - 1) % config->numradiusservers];
addr.sin_port = htons((state == RADIUSAUTH) ? RADPORT : RADAPORT);
log_hex(5, "RADIUS Send", b, (p - b));
MD5Update(&ctx, buf, 4);
MD5Update(&ctx, radius[r].auth, 16);
MD5Update(&ctx, buf + 20, len - 20);
- MD5Update(&ctx, radiussecret, strlen(radiussecret));
+ MD5Update(&ctx, config->radiussecret, strlen(config->radiussecret));
MD5Final(hash, &ctx);
do {
if (memcmp(hash, buf + 4, 16))
// Check for Assign-IP-Address
if (!session[s].ip || session[s].ip == 0xFFFFFFFE)
{
- session[s].ip = assign_ip_address();
+ assign_ip_address(s);
if (session[s].ip)
log(3, 0, s, t, " No IP allocated by radius. Assigned %s from pool\n",
inet_toa(htonl(session[s].ip)));
else
log(3, 0, s, t, " No IP allocated by radius. None available in pool\n");
}
- if (!session[s].dns1 && default_dns1)
+ if (!session[s].dns1 && config->default_dns1)
{
- session[s].dns1 = htonl(default_dns1);
- log(3, 0, s, t, " Sending dns1 = %s\n", inet_toa(default_dns1));
+ session[s].dns1 = htonl(config->default_dns1);
+ log(3, 0, s, t, " Sending dns1 = %s\n", inet_toa(config->default_dns1));
}
- if (!session[s].dns2 && default_dns2)
+ if (!session[s].dns2 && config->default_dns2)
{
- session[s].dns2 = htonl(default_dns2);
- log(3, 0, s, t, " Sending dns2 = %s\n", inet_toa(default_dns2));
+ session[s].dns2 = htonl(config->default_dns2);
+ log(3, 0, s, t, " Sending dns2 = %s\n", inet_toa(config->default_dns2));
}
if (session[s].ip)
}
}
+void radius_clean()
+{
+ int i;
+
+ log(1, 0, 0, 0, "Cleaning radius session array\n");
+
+ for (i = 1; i < MAXRADIUS; i++)
+ {
+ if (radius[i].retry == 0
+ || !session[radius[i].session].opened
+ || session[radius[i].session].die
+ || session[radius[i].session].tunnel == 0)
+ radiusclear(i, 0);
+ }
+}
projects / l2tpns.git / blobdiff