#include <ctype.h>
#include <netinet/in.h>
#include <errno.h>
+#include <linux/rtnetlink.h>
#include "md5.h"
#include "constants.h"
#include "util.h"
#include "cluster.h"
-#ifdef LAC
#include "l2tplac.h"
-#endif
+#include "pppoe.h"
extern radiust *radius;
extern sessiont *session;
uint8_t routes = 0;
int r_code;
int r_id;
-#ifdef LAC
int OpentunnelReq = 0;
-#endif
CSTAT(processrad);
run_plugins(PLUGIN_POST_AUTH, &packet);
r_code = packet.auth_allowed ? AccessAccept : AccessReject;
+#ifndef LAC
// process auth response
if (radius[r].chap)
{
LOG(3, s, session[s].tunnel, " PAP User %s authentication %s.\n", session[s].user,
(r_code == AccessAccept) ? "allowed" : "denied");
}
+#endif
if (r_code == AccessAccept)
{
// Extract IP, routes, etc
uint8_t *p = buf + 20;
uint8_t *e = buf + len;
-#ifdef LAC
uint8_t tag;
uint8_t strtemp[256];
lac_reset_rad_tag_tunnel_ctxt();
-#endif
+
for (; p + 2 <= e && p[1] && p + p[1] <= e; p += p[1])
{
if (*p == 26 && p[1] >= 7)
else if (vendor == 529 && attrib >= 135 && attrib <= 136) // Ascend
{
// handle old-format ascend DNS attributes below
- p += 6;
+ p += 6;
+ }
+ else if (vendor == 64520) // Sames
+ {
+ //Sames vendor-specific 64520
+ uint8_t *pvs = p + 6; // pvs set to begin to attribute
+ LOG(3, s, session[s].tunnel, " Sames vendor-specific: %d, Attrib: %d, lenght: %d\n", vendor, attrib, attrib_length);
+ grp_processvendorspecific(s, pvs);
+ continue;
}
else
{
- LOG(3, s, session[s].tunnel, " Unknown vendor-specific\n");
+ LOG(3, s, session[s].tunnel, " Unknown vendor-specific: %d, Attrib: %d\n", vendor, attrib);
continue;
}
}
session[s].classlen = MAXCLASS;
memcpy(session[s].class, p + 2, session[s].classlen);
}
-#ifdef LAC
else if (*p == 64)
{
// Tunnel-Type
// Fill context
lac_set_rad_tag_tunnel_assignment_id(tag, (char *) strtemp);
}
-#endif
}
}
else if (r_code == AccessReject)
break;
}
-#ifdef LAC
if ((!config->disable_lac_func) && OpentunnelReq)
{
char assignment_id[256];
if (!lac_rad_select_assignment_id(s, assignment_id))
break; // Error no assignment_id
+ LOG(3, s, session[s].tunnel, "Select Tunnel Remote LNS for assignment_id == %s\n", assignment_id);
+
if (lac_rad_forwardtoremotelns(s, assignment_id, session[s].user))
{
int ro;
break;
}
}
-#endif
+
+ // process auth response
+ if (radius[r].chap)
+ {
+ // CHAP
+ uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPCHAP, 0, 0, 0);
+ if (!p) return; // Abort!
+
+ *p = (r_code == AccessAccept) ? 3 : 4; // ack/nak
+ p[1] = radius[r].id;
+ *(uint16_t *) (p + 2) = ntohs(4); // no message
+ tunnelsend(b, (p - b) + 4, t); // send it
+
+ LOG(3, s, session[s].tunnel, " CHAP User %s authentication %s.\n", session[s].user,
+ (r_code == AccessAccept) ? "allowed" : "denied");
+ }
+ else
+ {
+ // PAP
+ uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPPAP, 0, 0, 0);
+ if (!p) return; // Abort!
+
+ // ack/nak
+ *p = r_code;
+ p[1] = radius[r].id;
+ *(uint16_t *) (p + 2) = ntohs(5);
+ p[4] = 0; // no message
+ tunnelsend(b, (p - b) + 5, t); // send it
+
+ LOG(3, s, session[s].tunnel, " PAP User %s authentication %s.\n", session[s].user,
+ (r_code == AccessAccept) ? "allowed" : "denied");
+ }
+
if (!session[s].dns1 && config->default_dns1)
{
session[s].dns1 = ntohl(config->default_dns1);
LOG(0, 0, 0, "Error sending DAE response packet: %s\n", strerror(errno));
}
-#ifdef LAC
// Decrypte the encrypted Tunnel Password.
// Defined in RFC-2868.
// the pl2tpsecret buffer must set to 256 characters.
return decodedlen;
};
-#endif /* LAC */
projects / l2tpns.git / blobdiff