Add grouping session functionality for load balancing and failover
[l2tpns.git] / radius.c
index 843931f..6b6be70 100644 (file)
--- a/radius.c
+++ b/radius.c
@@ -11,6 +11,7 @@
 #include <ctype.h>
 #include <netinet/in.h>
 #include <errno.h>
+#include <linux/rtnetlink.h>
 
 #include "md5.h"
 #include "constants.h"
@@ -22,6 +23,7 @@
 #ifdef LAC
 #include "l2tplac.h"
 #endif
+#include "pppoe.h"
 
 extern radiust *radius;
 extern sessiont *session;
@@ -600,6 +602,7 @@ void processrad(uint8_t *buf, int len, char socket_index)
                        run_plugins(PLUGIN_POST_AUTH, &packet);
                        r_code = packet.auth_allowed ? AccessAccept : AccessReject;
 
+#ifndef LAC
                        // process auth response
                        if (radius[r].chap)
                        {
@@ -631,6 +634,7 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                LOG(3, s, session[s].tunnel, "   PAP User %s authentication %s.\n", session[s].user,
                                                (r_code == AccessAccept) ? "allowed" : "denied");
                        }
+#endif
 
                        if (r_code == AccessAccept)
                        {
@@ -665,11 +669,19 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                                else if (vendor == 529 && attrib >= 135 && attrib <= 136) // Ascend
                                                {
                                                        // handle old-format ascend DNS attributes below
-                                                       p += 6;
+                                                       p += 6;
+                                               }
+                                               else if (vendor == 64520) // Sames
+                                               {
+                                                       //Sames vendor-specific 64520
+                                                       uint8_t *pvs = p + 6; // pvs set to begin to attribute
+                                                       LOG(3, s, session[s].tunnel, "   Sames vendor-specific: %d, Attrib: %d, lenght: %d\n", vendor, attrib, attrib_length);
+                                                       grp_processvendorspecific(s, pvs);
+                                                       continue;
                                                }
                                                else
                                                {
-                                                       LOG(3, s, session[s].tunnel, "      Unknown vendor-specific\n");
+                                                       LOG(3, s, session[s].tunnel, "   Unknown vendor-specific: %d, Attrib: %d\n", vendor, attrib);
                                                        continue;
                                                }
                                        }
@@ -958,14 +970,43 @@ void processrad(uint8_t *buf, int len, char socket_index)
                                        {
                                                session[s].route[ro].ip = 0;
                                        }
-
-                                       // Restart LCP auth...
-                                       lcp_restart(s);
-                                       sendlcp(s, t);
                                        break;
                                }
                        }
+
+                       // process auth response
+                       if (radius[r].chap)
+                       {
+                               // CHAP
+                               uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPCHAP, 0, 0, 0);
+                               if (!p) return; // Abort!
+
+                               *p = (r_code == AccessAccept) ? 3 : 4;     // ack/nak
+                               p[1] = radius[r].id;
+                               *(uint16_t *) (p + 2) = ntohs(4); // no message
+                               tunnelsend(b, (p - b) + 4, t); // send it
+
+                               LOG(3, s, session[s].tunnel, "   CHAP User %s authentication %s.\n", session[s].user,
+                                               (r_code == AccessAccept) ? "allowed" : "denied");
+                       }
+                       else
+                       {
+                               // PAP
+                               uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPPAP, 0, 0, 0);
+                               if (!p) return;         // Abort!
+
+                               // ack/nak
+                               *p = r_code;
+                               p[1] = radius[r].id;
+                               *(uint16_t *) (p + 2) = ntohs(5);
+                               p[4] = 0; // no message
+                               tunnelsend(b, (p - b) + 5, t); // send it
+
+                               LOG(3, s, session[s].tunnel, "   PAP User %s authentication %s.\n", session[s].user,
+                                               (r_code == AccessAccept) ? "allowed" : "denied");
+                       }
 #endif
+
                        if (!session[s].dns1 && config->default_dns1)
                        {
                                session[s].dns1 = ntohl(config->default_dns1);