remove dead session fields
[l2tpns.git] / radius.c
index 17488ac..0059ed7 100644 (file)
--- a/radius.c
+++ b/radius.c
@@ -1,6 +1,6 @@
 // L2TPNS Radius Stuff
 
 // L2TPNS Radius Stuff
 
-char const *cvs_id_radius = "$Id: radius.c,v 1.21 2005-01-05 13:45:49 bodea Exp $";
+char const *cvs_id_radius = "$Id: radius.c,v 1.26 2005-04-18 05:07:20 bodea Exp $";
 
 #include <time.h>
 #include <stdio.h>
 
 #include <time.h>
 #include <stdio.h>
@@ -140,7 +140,7 @@ void radiussend(uint16_t r, uint8_t state)
                if (s)
                {
                        if (state == RADIUSAUTH)
                if (s)
                {
                        if (state == RADIUSAUTH)
-                               sessionshutdown(s, "RADIUS timeout");
+                               sessionshutdown(s, "RADIUS timeout", 3, 0);
                        else
                        {
                                LOG(1, s, session[s].tunnel, "RADIUS timeout, but in state %s so don't timeout session\n",
                        else
                        {
                                LOG(1, s, session[s].tunnel, "RADIUS timeout, but in state %s so don't timeout session\n",
@@ -239,7 +239,7 @@ void radiussend(uint16_t r, uint8_t state)
                {
                        *p = 44;           // session ID
                        p[1] = 18;
                {
                        *p = 44;           // session ID
                        p[1] = 18;
-                       sprintf(p + 2, "%08X%08X", session[s].id, session[s].opened);
+                       sprintf(p + 2, "%08X%08X", session[s].unique_id, session[s].opened);
                        p += p[1];
                        if (state == RADIUSSTOP)
                        {                // stop
                        p += p[1];
                        if (state == RADIUSSTOP)
                        {                // stop
@@ -337,9 +337,7 @@ void radiussend(uint16_t r, uint8_t state)
        {
                // get radius port
                uint16_t port = config->radiusport[(radius[r].try - 1) % config->numradiusservers];
        {
                // get radius port
                uint16_t port = config->radiusport[(radius[r].try - 1) % config->numradiusservers];
-               // no need to define the accounting port for itself:
-               //  the accounting port is as far as I know always one more
-               //  than the auth port    JK 20040713
+               // assume RADIUS accounting port is the authentication port +1
                addr.sin_port = htons((state == RADIUSAUTH) ? port : port+1);
        }
 
                addr.sin_port = htons((state == RADIUSAUTH) ? port : port+1);
        }
 
@@ -472,6 +470,9 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                                session[s].ip_pool_index = -1;
                                                LOG(3, s, session[s].tunnel, "   Radius reply contains IP address %s\n",
                                                        fmtaddr(htonl(session[s].ip), 0));
                                                session[s].ip_pool_index = -1;
                                                LOG(3, s, session[s].tunnel, "   Radius reply contains IP address %s\n",
                                                        fmtaddr(htonl(session[s].ip), 0));
+
+                                               if (session[s].ip == 0xFFFFFFFE)
+                                                       session[s].ip = 0; // assign from pool
                                        }
                                        else if (*p == 135)
                                        {
                                        }
                                        else if (*p == 135)
                                        {
@@ -580,7 +581,7 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                                // Vendor-Specific Attribute
                                                int vendor = ntohl(*(int *)(p + 2));
                                                char attrib = *(p + 6);
                                                // Vendor-Specific Attribute
                                                int vendor = ntohl(*(int *)(p + 2));
                                                char attrib = *(p + 6);
-                                               char attrib_length = *(p + 7) - 2;
+                                               int attrib_length = *(p + 7) - 2;
                                                char *avpair, *value, *key, *newp;
 
                                                LOG(3, s, session[s].tunnel, "   Radius reply contains Vendor-Specific.  Vendor=%d Attrib=%d Length=%d\n", vendor, attrib, attrib_length);
                                                char *avpair, *value, *key, *newp;
 
                                                LOG(3, s, session[s].tunnel, "   Radius reply contains Vendor-Specific.  Vendor=%d Attrib=%d Length=%d\n", vendor, attrib, attrib_length);
@@ -621,12 +622,38 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                                } while (newp);
                                                free(avpair);
                                        }
                                                } while (newp);
                                                free(avpair);
                                        }
+                                       else if (*p == 99)
+                                       {
+                                               // Framed-IPv6-Route
+                                               struct in6_addr r6;
+                                               int prefixlen;
+                                               uint8_t *n = p + 2;
+                                               uint8_t *e = p + p[1];
+                                               uint8_t *m = strchr(n, '/');
+
+                                               *m++ = 0;
+                                               inet_pton(AF_INET6, n, &r6);
+
+                                               prefixlen = 0;
+                                               while (m < e && isdigit(*m)) {
+                                                       prefixlen = prefixlen * 10 + *m++ - '0';
+                                               }
+
+                                               if (prefixlen)
+                                               {
+                                                       LOG(3, s, session[s].tunnel,
+                                                               "   Radius reply contains route for %s/%d\n",
+                                                               n, prefixlen);
+                                                       session[s].ipv6route = r6;
+                                                       session[s].ipv6prefixlen = prefixlen;
+                                               }
+                                       }
                                }
                        }
                        else if (r_code == AccessReject)
                        {
                                }
                        }
                        else if (r_code == AccessReject)
                        {
-                               LOG(2, s, session[s].tunnel, "   Authentication denied for %s\n", session[s].user);
-//FIXME: We should tear down the session here!
+                               LOG(2, s, session[s].tunnel, "   Authentication rejected for %s\n", session[s].user);
+                               sessionkill(s, "Authentication rejected");
                                break;
                        }
 
                                break;
                        }