X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/97ad99cc23c5f0007de461afb200fd83c3d20481..81bc9de9ded5dea5d766866429a965e03fdb367b:/radius.c?ds=sidebyside diff --git a/radius.c b/radius.c index 567cd72..f14f614 100644 --- a/radius.c +++ b/radius.c @@ -1,6 +1,6 @@ // L2TPNS Radius Stuff -char const *cvs_id_radius = "$Id: radius.c,v 1.23 2005/01/25 04:19:06 bodea Exp $"; +char const *cvs_id_radius = "$Id: radius.c,v 1.28 2005/05/03 05:11:34 bodea Exp $"; #include #include @@ -140,7 +140,7 @@ void radiussend(uint16_t r, uint8_t state) if (s) { if (state == RADIUSAUTH) - sessionshutdown(s, "RADIUS timeout"); + sessionshutdown(s, "RADIUS timeout.", 3, 0); else { LOG(1, s, session[s].tunnel, "RADIUS timeout, but in state %s so don't timeout session\n", @@ -239,7 +239,7 @@ void radiussend(uint16_t r, uint8_t state) { *p = 44; // session ID p[1] = 18; - sprintf(p + 2, "%08X%08X", session[s].id, session[s].opened); + sprintf(p + 2, "%08X%08X", session[s].unique_id, session[s].opened); p += p[1]; if (state == RADIUSSTOP) { // stop @@ -271,6 +271,18 @@ void radiussend(uint16_t r, uint8_t state) *(uint32_t *) (p + 2) = htonl(time(NULL) - session[s].opened); p += p[1]; } + + if (session[s].snoop_ip && session[s].snoop_port) + { + *p = 26; // vendor-specific + *(uint32_t *) (p + 2) = htonl(9); // Cisco + p[6] = 1; // Cisco-Avpair + p[7] = 2 + sprintf(p + 8, "intercept=%s:%d", + fmtaddr(session[s].snoop_ip, 0), session[s].snoop_port); + + p[1] = p[7] + 6; + p += p[1]; + } } } if (s) @@ -470,6 +482,9 @@ void processrad(uint8_t *buf, int len, char socket_index) session[s].ip_pool_index = -1; LOG(3, s, session[s].tunnel, " Radius reply contains IP address %s\n", fmtaddr(htonl(session[s].ip), 0)); + + if (session[s].ip == 0xFFFFFFFE) + session[s].ip = 0; // assign from pool } else if (*p == 135) { @@ -578,7 +593,7 @@ void processrad(uint8_t *buf, int len, char socket_index) // Vendor-Specific Attribute int vendor = ntohl(*(int *)(p + 2)); char attrib = *(p + 6); - char attrib_length = *(p + 7) - 2; + int attrib_length = *(p + 7) - 2; char *avpair, *value, *key, *newp; LOG(3, s, session[s].tunnel, " Radius reply contains Vendor-Specific. Vendor=%d Attrib=%d Length=%d\n", vendor, attrib, attrib_length); @@ -649,8 +664,8 @@ void processrad(uint8_t *buf, int len, char socket_index) } else if (r_code == AccessReject) { - LOG(2, s, session[s].tunnel, " Authentication denied for %s\n", session[s].user); - sessionshutdown(s, "Authentication denied"); + LOG(2, s, session[s].tunnel, " Authentication rejected for %s\n", session[s].user); + sessionkill(s, "Authentication rejected"); break; }