// L2TPNS Radius Stuff
-char const *cvs_id_radius = "$Id: radius.c,v 1.20 2004/12/16 08:49:53 bodea Exp $";
+char const *cvs_id_radius = "$Id: radius.c,v 1.20.2.4 2005/07/03 02:40:23 bodea Exp $";
#include <time.h>
#include <stdio.h>
*(uint32_t *) (p + 2) = htonl(time(NULL) - session[s].opened);
p += p[1];
}
+
+ if (session[s].snoop_ip && session[s].snoop_port)
+ {
+ *p = 26; // vendor-specific
+ *(uint32_t *) (p + 2) = htonl(9); // Cisco
+ p[6] = 1; // Cisco-Avpair
+ p[7] = 2 + sprintf(p + 8, "intercept=%s:%d",
+ fmtaddr(session[s].snoop_ip, 0), session[s].snoop_port);
+
+ p[1] = p[7] + 6;
+ p += p[1];
+ }
}
}
if (s)
session[s].ip_pool_index = -1;
LOG(3, s, session[s].tunnel, " Radius reply contains IP address %s\n",
fmtaddr(htonl(session[s].ip), 0));
+
+ if (session[s].ip == 0xFFFFFFFE)
+ session[s].ip = 0; // assign from pool
}
else if (*p == 135)
{
}
else if (*buf == 3)
{
- LOG(2, s, session[s].tunnel, " Authentication denied for %s\n", session[s].user);
-//FIXME: We should tear down the session here!
+ LOG(2, s, session[s].tunnel, " Authentication rejected for %s\n", session[s].user);
+ sessionkill(s, "Authentication rejected");
break;
}
if (s)
t = session[s].tunnel;
+
radius[r].retry = backoff(radius[r].try + 1);
switch (radius[r].state)
{