Adding the possibility to listening multiple IP L2TP tunnels.
[l2tpns.git] / radius.c
index 843931f..8481561 100644 (file)
--- a/radius.c
+++ b/radius.c
@@ -19,9 +19,8 @@
 #include "util.h"
 #include "cluster.h"
 
-#ifdef LAC
 #include "l2tplac.h"
-#endif
+#include "pppoe.h"
 
 extern radiust *radius;
 extern sessiont *session;
@@ -536,9 +535,7 @@ void processrad(uint8_t *buf, int len, char socket_index)
        uint8_t routes = 0;
        int r_code;
        int r_id;
-#ifdef LAC
        int OpentunnelReq = 0;
-#endif
 
        CSTAT(processrad);
 
@@ -600,6 +597,7 @@ void processrad(uint8_t *buf, int len, char socket_index)
                        run_plugins(PLUGIN_POST_AUTH, &packet);
                        r_code = packet.auth_allowed ? AccessAccept : AccessReject;
 
+#ifndef LAC
                        // process auth response
                        if (radius[r].chap)
                        {
@@ -631,6 +629,7 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                LOG(3, s, session[s].tunnel, "   PAP User %s authentication %s.\n", session[s].user,
                                                (r_code == AccessAccept) ? "allowed" : "denied");
                        }
+#endif
 
                        if (r_code == AccessAccept)
                        {
@@ -638,11 +637,10 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                // Extract IP, routes, etc
                                uint8_t *p = buf + 20;
                                uint8_t *e = buf + len;
-#ifdef LAC
                                uint8_t tag;
                                uint8_t strtemp[256];
                                lac_reset_rad_tag_tunnel_ctxt();
-#endif
+
                                for (; p + 2 <= e && p[1] && p + p[1] <= e; p += p[1])
                                {
                                        if (*p == 26 && p[1] >= 7)
@@ -837,7 +835,6 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                                        session[s].classlen = MAXCLASS;
                                                memcpy(session[s].class, p + 2, session[s].classlen);
                                        }
-#ifdef LAC
                                        else if (*p == 64)
                                        {
                                                // Tunnel-Type
@@ -926,7 +923,6 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                                // Fill context
                                                lac_set_rad_tag_tunnel_assignment_id(tag, (char *) strtemp);
                                        }
-#endif
                                }
                        }
                        else if (r_code == AccessReject)
@@ -936,7 +932,6 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                break;
                        }
 
-#ifdef LAC
                        if ((!config->disable_lac_func) && OpentunnelReq)
                        {
                                char assignment_id[256];
@@ -958,14 +953,42 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                        {
                                                session[s].route[ro].ip = 0;
                                        }
-
-                                       // Restart LCP auth...
-                                       lcp_restart(s);
-                                       sendlcp(s, t);
                                        break;
                                }
                        }
-#endif
+
+                       // process auth response
+                       if (radius[r].chap)
+                       {
+                               // CHAP
+                               uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPCHAP, 0, 0, 0);
+                               if (!p) return; // Abort!
+
+                               *p = (r_code == AccessAccept) ? 3 : 4;     // ack/nak
+                               p[1] = radius[r].id;
+                               *(uint16_t *) (p + 2) = ntohs(4); // no message
+                               tunnelsend(b, (p - b) + 4, t); // send it
+
+                               LOG(3, s, session[s].tunnel, "   CHAP User %s authentication %s.\n", session[s].user,
+                                               (r_code == AccessAccept) ? "allowed" : "denied");
+                       }
+                       else
+                       {
+                               // PAP
+                               uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPPAP, 0, 0, 0);
+                               if (!p) return;         // Abort!
+
+                               // ack/nak
+                               *p = r_code;
+                               p[1] = radius[r].id;
+                               *(uint16_t *) (p + 2) = ntohs(5);
+                               p[4] = 0; // no message
+                               tunnelsend(b, (p - b) + 5, t); // send it
+
+                               LOG(3, s, session[s].tunnel, "   PAP User %s authentication %s.\n", session[s].user,
+                                               (r_code == AccessAccept) ? "allowed" : "denied");
+                       }
+
                        if (!session[s].dns1 && config->default_dns1)
                        {
                                session[s].dns1 = ntohl(config->default_dns1);
@@ -1309,7 +1332,6 @@ void processdae(uint8_t *buf, int len, struct sockaddr_in *addr, int alen, struc
                LOG(0, 0, 0, "Error sending DAE response packet: %s\n", strerror(errno));
 }
 
-#ifdef LAC
 // Decrypte the encrypted Tunnel Password.
 // Defined in RFC-2868.
 // the pl2tpsecret buffer must set to 256 characters.
@@ -1400,4 +1422,3 @@ int rad_tunnel_pwdecode(uint8_t *pl2tpsecret, size_t *pl2tpsecretlen,
 
        return decodedlen;
 };
-#endif /* LAC */