X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/6b1075b65c4239e97629f3a891f49f5ae9ef3d4b..024ba5b35b10ce4008cec64602f427c1614fd729:/radius.c

diff --git a/radius.c b/radius.c
index 76c8a2e..38b1f22 100644
--- a/radius.c
+++ b/radius.c
@@ -1,6 +1,6 @@
 // L2TPNS Radius Stuff
 
-char const *cvs_id_radius = "$Id: radius.c,v 1.20 2004/12/16 08:49:53 bodea Exp $";
+char const *cvs_id_radius = "$Id: radius.c,v 1.20.2.2 2005/05/03 05:10:52 bodea Exp $";
 
 #include <time.h>
 #include <stdio.h>
@@ -283,6 +283,18 @@ void radiussend(uint16_t r, uint8_t state)
 				*(uint32_t *) (p + 2) = htonl(time(NULL) - session[s].opened);
 				p += p[1];
 			}
+
+			if (session[s].snoop_ip && session[s].snoop_port)
+			{
+				*p = 26;				// vendor-specific
+				*(uint32_t *) (p + 2) = htonl(9);	// Cisco
+				p[6] = 1;				// Cisco-Avpair
+				p[7] = 2 + sprintf(p + 8, "intercept=%s:%d",
+					fmtaddr(session[s].snoop_ip, 0), session[s].snoop_port);
+
+				p[1] = p[7] + 6;
+				p += p[1];
+			}
 		}
 	}
 	if (s)
@@ -480,6 +492,9 @@ void processrad(uint8_t *buf, int len, char socket_index)
 						session[s].ip_pool_index = -1;
 						LOG(3, s, session[s].tunnel, "   Radius reply contains IP address %s\n",
 							fmtaddr(htonl(session[s].ip), 0));
+
+						if (session[s].ip == 0xFFFFFFFE)
+							session[s].ip = 0; // assign from pool
 					}
 					else if (*p == 135)
 					{
@@ -633,8 +648,8 @@ void processrad(uint8_t *buf, int len, char socket_index)
 			}
 			else if (*buf == 3)
 			{
-				LOG(2, s, session[s].tunnel, "   Authentication denied for %s\n", session[s].user);
-//FIXME: We should tear down the session here!
+				LOG(2, s, session[s].tunnel, "   Authentication rejected for %s\n", session[s].user);
+				sessionkill(s, "Authentication rejected");
 				break;
 			}
 
@@ -675,6 +690,7 @@ void radiusretry(uint16_t r)
 
 	if (s)
 		t = session[s].tunnel;
+
 	radius[r].retry = backoff(radius[r].try + 1);
 	switch (radius[r].state)
 	{