X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/149c87a729099fa8c2c7c75ca3816f9aa7f8760d..5dacb3cdf55ecd2bf6cc5a83cb791ad76b4bd086:/radius.c diff --git a/radius.c b/radius.c index a2b2339..cbfcb14 100644 --- a/radius.c +++ b/radius.c @@ -1,6 +1,6 @@ // L2TPNS Radius Stuff -char const *cvs_id_radius = "$Id: radius.c,v 1.45 2005/10/19 03:09:30 bodea Exp $"; +char const *cvs_id_radius = "$Id: radius.c,v 1.49 2006/04/13 11:14:35 bodea Exp $"; #include #include @@ -158,7 +158,7 @@ void radiussend(uint16_t r, uint8_t state) if (s) { if (state == RADIUSAUTH) - sessionshutdown(s, "RADIUS timeout.", 3, 0); + sessionshutdown(s, "RADIUS timeout.", CDN_ADMIN_DISC, TERM_REAUTHENTICATION_FAILURE); else { LOG(1, s, session[s].tunnel, "RADIUS timeout, but in state %s so don't timeout session\n", @@ -248,8 +248,8 @@ void radiussend(uint16_t r, uint8_t state) p += p[1]; } } - else if (state == RADIUSSTART || state == RADIUSSTOP || state == RADIUSINTERIM) - { // accounting + else // accounting + { *p = 40; // accounting type p[1] = 6; *(uint32_t *) (p + 2) = htonl(state - RADIUSSTART + 1); // start=1, stop=2, interim=3 @@ -305,19 +305,47 @@ void radiussend(uint16_t r, uint8_t state) *(uint32_t *) (p + 2) = htonl(session[s].cout_wrap); p += p[1]; + if (state == RADIUSSTOP && radius[r].term_cause) { - struct param_radius_account acct = { &tunnel[session[s].tunnel], &session[s], &p }; - run_plugins(PLUGIN_RADIUS_ACCOUNT, &acct); + *p = 49; // acct-terminate-cause + p[1] = 6; + *(uint32_t *) (p + 2) = htonl(radius[r].term_cause); + p += p[1]; + + if (radius[r].term_msg) + { + *p = 26; // vendor-specific + *(uint32_t *) (p + 2) = htonl(9); // Cisco + p[6] = 1; // Cisco-AVPair + p[7] = 2 + sprintf((char *) p + 8, "disc-cause-ext=%s", radius[r].term_msg); + p[1] = p[7] + 6; + p += p[1]; + } } } + + { + struct param_radius_account acct = { &tunnel[session[s].tunnel], &session[s], &p }; + run_plugins(PLUGIN_RADIUS_ACCOUNT, &acct); + } } } if (s) { - *p = 5; // NAS-Port + *p = 5; // NAS-Port p[1] = 6; *(uint32_t *) (p + 2) = htonl(s); p += p[1]; + + *p = 6; // Service-Type + p[1] = 6; + *(uint32_t *) (p + 2) = htonl(2); // Framed-User + p += p[1]; + + *p = 7; // Framed-Protocol + p[1] = 6; + *(uint32_t *) (p + 2) = htonl(1); // PPP + p += p[1]; } if (s && session[s].ip) { @@ -775,7 +803,7 @@ void radiusretry(uint16_t r) extern int daefd; -void processdae(uint8_t *buf, int len, struct sockaddr_in *addr, int alen) +void processdae(uint8_t *buf, int len, struct sockaddr_in *addr, int alen, struct in_addr *local) { int i, r_code, r_id, length, attribute_length; uint8_t *packet, attribute; @@ -984,7 +1012,7 @@ void processdae(uint8_t *buf, int len, struct sockaddr_in *addr, int alen) LOG(3, s, t, " DAE Disconnect %d (%s)\n", s, session[s].user); r_code = DisconnectACK; - sessionshutdown(s, "Requested by PoD", 3, 0); // disconnect session + sessionshutdown(s, "Requested by PoD", CDN_ADMIN_DISC, TERM_ADMIN_RESET); // disconnect session break; case CoARequest: // Change of Authorization @@ -1053,6 +1081,6 @@ void processdae(uint8_t *buf, int len, struct sockaddr_in *addr, int alen) LOG(3, 0, 0, "Sending DAE %s, id=%d\n", radius_code(r_code), r_id); // send DAE response - if (sendto(daefd, buf, len, MSG_DONTWAIT | MSG_NOSIGNAL, (struct sockaddr *) addr, alen) < 0) + if (sendtofrom(daefd, buf, len, MSG_DONTWAIT | MSG_NOSIGNAL, (struct sockaddr *) addr, alen, local) < 0) LOG(0, 0, 0, "Error sending DAE response packet: %s\n", strerror(errno)); }