off by one
[l2tpns.git] / radius.c
index 76c8a2e..38b1f22 100644 (file)
--- a/radius.c
+++ b/radius.c
@@ -1,6 +1,6 @@
 // L2TPNS Radius Stuff
 
-char const *cvs_id_radius = "$Id: radius.c,v 1.20 2004/12/16 08:49:53 bodea Exp $";
+char const *cvs_id_radius = "$Id: radius.c,v 1.20.2.2 2005/05/03 05:10:52 bodea Exp $";
 
 #include <time.h>
 #include <stdio.h>
@@ -283,6 +283,18 @@ void radiussend(uint16_t r, uint8_t state)
                                *(uint32_t *) (p + 2) = htonl(time(NULL) - session[s].opened);
                                p += p[1];
                        }
+
+                       if (session[s].snoop_ip && session[s].snoop_port)
+                       {
+                               *p = 26;                                // vendor-specific
+                               *(uint32_t *) (p + 2) = htonl(9);       // Cisco
+                               p[6] = 1;                               // Cisco-Avpair
+                               p[7] = 2 + sprintf(p + 8, "intercept=%s:%d",
+                                       fmtaddr(session[s].snoop_ip, 0), session[s].snoop_port);
+
+                               p[1] = p[7] + 6;
+                               p += p[1];
+                       }
                }
        }
        if (s)
@@ -480,6 +492,9 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                                session[s].ip_pool_index = -1;
                                                LOG(3, s, session[s].tunnel, "   Radius reply contains IP address %s\n",
                                                        fmtaddr(htonl(session[s].ip), 0));
+
+                                               if (session[s].ip == 0xFFFFFFFE)
+                                                       session[s].ip = 0; // assign from pool
                                        }
                                        else if (*p == 135)
                                        {
@@ -633,8 +648,8 @@ void processrad(uint8_t *buf, int len, char socket_index)
                        }
                        else if (*buf == 3)
                        {
-                               LOG(2, s, session[s].tunnel, "   Authentication denied for %s\n", session[s].user);
-//FIXME: We should tear down the session here!
+                               LOG(2, s, session[s].tunnel, "   Authentication rejected for %s\n", session[s].user);
+                               sessionkill(s, "Authentication rejected");
                                break;
                        }
 
@@ -675,6 +690,7 @@ void radiusretry(uint16_t r)
 
        if (s)
                t = session[s].tunnel;
+
        radius[r].retry = backoff(radius[r].try + 1);
        switch (radius[r].state)
        {