X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/6b1075b65c4239e97629f3a891f49f5ae9ef3d4b..c5f7b1fb4d94628bad1ff1e0564e78d400f62185:/radius.c diff --git a/radius.c b/radius.c index 76c8a2e..d6e3abb 100644 --- a/radius.c +++ b/radius.c @@ -1,6 +1,6 @@ // L2TPNS Radius Stuff -char const *cvs_id_radius = "$Id: radius.c,v 1.20 2004/12/16 08:49:53 bodea Exp $"; +char const *cvs_id_radius = "$Id: radius.c,v 1.20.2.3 2005/05/30 06:35:19 bodea Exp $"; #include #include @@ -142,7 +142,7 @@ void radiussend(uint16_t r, uint8_t state) if (radius[r].state != state) radius[r].try = 0; radius[r].state = state; - radius[r].retry = backoff(radius[r].try++); + radius[r].retry = backoff(radius[r].try++) + 20; // 3s, 4s, 6s, 10s... LOG(4, s, session[s].tunnel, "Send RADIUS id %d sock %d state %s try %d\n", r >> RADIUS_SHIFT, r & RADIUS_MASK, radius_state(radius[r].state), radius[r].try); @@ -283,6 +283,18 @@ void radiussend(uint16_t r, uint8_t state) *(uint32_t *) (p + 2) = htonl(time(NULL) - session[s].opened); p += p[1]; } + + if (session[s].snoop_ip && session[s].snoop_port) + { + *p = 26; // vendor-specific + *(uint32_t *) (p + 2) = htonl(9); // Cisco + p[6] = 1; // Cisco-Avpair + p[7] = 2 + sprintf(p + 8, "intercept=%s:%d", + fmtaddr(session[s].snoop_ip, 0), session[s].snoop_port); + + p[1] = p[7] + 6; + p += p[1]; + } } } if (s) @@ -480,6 +492,9 @@ void processrad(uint8_t *buf, int len, char socket_index) session[s].ip_pool_index = -1; LOG(3, s, session[s].tunnel, " Radius reply contains IP address %s\n", fmtaddr(htonl(session[s].ip), 0)); + + if (session[s].ip == 0xFFFFFFFE) + session[s].ip = 0; // assign from pool } else if (*p == 135) { @@ -633,8 +648,8 @@ void processrad(uint8_t *buf, int len, char socket_index) } else if (*buf == 3) { - LOG(2, s, session[s].tunnel, " Authentication denied for %s\n", session[s].user); -//FIXME: We should tear down the session here! + LOG(2, s, session[s].tunnel, " Authentication rejected for %s\n", session[s].user); + sessionkill(s, "Authentication rejected"); break; } @@ -675,7 +690,7 @@ void radiusretry(uint16_t r) if (s) t = session[s].tunnel; - radius[r].retry = backoff(radius[r].try + 1); + switch (radius[r].state) { case RADIUSCHAP: // sending CHAP down PPP