X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/59b55de4d7768bf41f2dd928e214ef6d98eb3351..98b15d3dd0353c15f477bd472bc7bfd4aa57a83c:/l2tpns.c?ds=sidebyside

diff --git a/l2tpns.c b/l2tpns.c
index 28eca3b..38ac5b6 100644
--- a/l2tpns.c
+++ b/l2tpns.c
@@ -4,7 +4,7 @@
 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
 // vim: sw=8 ts=8
 
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.96 2005/05/07 08:17:25 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.98 2005/05/07 11:57:53 bodea Exp $";
 
 #include <arpa/inet.h>
 #include <assert.h>
@@ -1544,7 +1544,7 @@ void sendipcp(tunnelidt t, sessionidt s)
 
 	if (!r)
 	{
-		sessionshutdown(s, "No free RADIUS sessions for IPCP");
+		sessionshutdown(s, "No free RADIUS sessions for IPCP", 3, 0);
 		return;
 	}
 
@@ -1801,12 +1801,11 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
 		uint16_t message = 0xFFFF;	// message type
 		uint8_t fatal = 0;
 		uint8_t mandatory = 0;
-		uint8_t chap = 0;		// if CHAP being used
+		uint8_t authtype = 0;		// proxy auth type
 		uint16_t asession = 0;		// assigned session
 		uint32_t amagic = 0;		// magic number
 		uint8_t aflags = 0;		// flags from last LCF
 		uint16_t version = 0x0100;	// protocol version (we handle 0.0 as well and send that back just in case)
-		int requestchap = 0;		// do we request PAP instead of original CHAP request?
 		char called[MAXTEL] = "";	// called number
 		char calling[MAXTEL] = "";	// calling number
 
@@ -2187,7 +2186,11 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
 					{
 						uint16_t atype = ntohs(*(uint16_t *)b);
 						LOG(4, s, t, "   Proxy Auth Type %d (%s)\n", atype, auth_type(atype));
-						requestchap = (atype == 2);
+						if (atype = 2)
+							authtype = AUTHCHAP;
+						else if (atype == 3)
+							authtype = AUTHPAP;
+
 						break;
 					}
 				case 30:    // Proxy Authentication Name
@@ -2224,8 +2227,10 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
 						{
 							if (*p == 5 && p[1] == 6) // Magic-Number
 								amagic = ntohl(*(uint32_t *) (p + 2));
-							else if (*p == 3 && p[1] == 5 && *(uint16_t *) (p + 2) == htons(PPPCHAP) && p[4] == 5) // Authentication-Protocol
-								chap = 1;
+							else if (*p == 3 && p[1] == 4 && *(uint16_t *) (p + 2) == htons(PPPPAP)) // Authentication-Protocol (PAP)
+								authtype = AUTHPAP;
+							else if (*p == 3 && p[1] == 5 && *(uint16_t *) (p + 2) == htons(PPPCHAP) && p[4] == 5) // Authentication-Protocol (CHAP)
+								authtype = AUTHCHAP;
 							else if (*p == 7) // Protocol-Field-Compression
 								aflags |= SESSIONPFC;
 							else if (*p == 8) // Address-and-Control-Field-Compression
@@ -2350,8 +2355,8 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
 					session[s].l2tp_flags = aflags; // set flags received
 					LOG(3, s, t, "Magic %X Flags %X\n", amagic, aflags);
 					controlnull(t); // ack
-					// In CHAP state, request PAP instead
-					if (requestchap)
+					// proxy authentication type is not supported
+					if (authtype && !(config->radius_authtypes & authtype))
 						initlcp(t, s);
 					break;
 				case 14:      // CDN