X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/6b1075b65c4239e97629f3a891f49f5ae9ef3d4b..7b9fe631a04e8a92b0c8f949709dc1a88a1063bc:/radius.c diff --git a/radius.c b/radius.c index 76c8a2e..38b1f22 100644 --- a/radius.c +++ b/radius.c @@ -1,6 +1,6 @@ // L2TPNS Radius Stuff -char const *cvs_id_radius = "$Id: radius.c,v 1.20 2004/12/16 08:49:53 bodea Exp $"; +char const *cvs_id_radius = "$Id: radius.c,v 1.20.2.2 2005/05/03 05:10:52 bodea Exp $"; #include #include @@ -283,6 +283,18 @@ void radiussend(uint16_t r, uint8_t state) *(uint32_t *) (p + 2) = htonl(time(NULL) - session[s].opened); p += p[1]; } + + if (session[s].snoop_ip && session[s].snoop_port) + { + *p = 26; // vendor-specific + *(uint32_t *) (p + 2) = htonl(9); // Cisco + p[6] = 1; // Cisco-Avpair + p[7] = 2 + sprintf(p + 8, "intercept=%s:%d", + fmtaddr(session[s].snoop_ip, 0), session[s].snoop_port); + + p[1] = p[7] + 6; + p += p[1]; + } } } if (s) @@ -480,6 +492,9 @@ void processrad(uint8_t *buf, int len, char socket_index) session[s].ip_pool_index = -1; LOG(3, s, session[s].tunnel, " Radius reply contains IP address %s\n", fmtaddr(htonl(session[s].ip), 0)); + + if (session[s].ip == 0xFFFFFFFE) + session[s].ip = 0; // assign from pool } else if (*p == 135) { @@ -633,8 +648,8 @@ void processrad(uint8_t *buf, int len, char socket_index) } else if (*buf == 3) { - LOG(2, s, session[s].tunnel, " Authentication denied for %s\n", session[s].user); -//FIXME: We should tear down the session here! + LOG(2, s, session[s].tunnel, " Authentication rejected for %s\n", session[s].user); + sessionkill(s, "Authentication rejected"); break; } @@ -675,6 +690,7 @@ void radiusretry(uint16_t r) if (s) t = session[s].tunnel; + radius[r].retry = backoff(radius[r].try + 1); switch (radius[r].state) {