X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/bbe84e53bf73900549ff97ddb29d85aa9e90c6cd..b3335712110224f0a27e58320ebc6b4459d7ac34:/radius.c?ds=sidebyside

diff --git a/radius.c b/radius.c
index ff52cdc..528aee8 100644
--- a/radius.c
+++ b/radius.c
@@ -1,6 +1,6 @@
 // L2TPNS Radius Stuff
 
-char const *cvs_id_radius = "$Id: radius.c,v 1.22 2005/01/05 14:35:01 bodea Exp $";
+char const *cvs_id_radius = "$Id: radius.c,v 1.26 2005/04/18 05:07:20 bodea Exp $";
 
 #include <time.h>
 #include <stdio.h>
@@ -140,7 +140,7 @@ void radiussend(uint16_t r, uint8_t state)
 		if (s)
 		{
 			if (state == RADIUSAUTH)
-				sessionshutdown(s, "RADIUS timeout");
+				sessionshutdown(s, "RADIUS timeout", 3, 0);
 			else
 			{
 				LOG(1, s, session[s].tunnel, "RADIUS timeout, but in state %s so don't timeout session\n",
@@ -239,7 +239,7 @@ void radiussend(uint16_t r, uint8_t state)
 		{
 			*p = 44;           // session ID
 			p[1] = 18;
-			sprintf(p + 2, "%08X%08X", session[s].id, session[s].opened);
+			sprintf(p + 2, "%08X%08X", session[s].unique_id, session[s].opened);
 			p += p[1];
 			if (state == RADIUSSTOP)
 			{                // stop
@@ -470,6 +470,9 @@ void processrad(uint8_t *buf, int len, char socket_index)
 						session[s].ip_pool_index = -1;
 						LOG(3, s, session[s].tunnel, "   Radius reply contains IP address %s\n",
 							fmtaddr(htonl(session[s].ip), 0));
+
+						if (session[s].ip == 0xFFFFFFFE)
+							session[s].ip = 0; // assign from pool
 					}
 					else if (*p == 135)
 					{
@@ -578,7 +581,7 @@ void processrad(uint8_t *buf, int len, char socket_index)
 						// Vendor-Specific Attribute
 						int vendor = ntohl(*(int *)(p + 2));
 						char attrib = *(p + 6);
-						char attrib_length = *(p + 7) - 2;
+						int attrib_length = *(p + 7) - 2;
 						char *avpair, *value, *key, *newp;
 
 						LOG(3, s, session[s].tunnel, "   Radius reply contains Vendor-Specific.  Vendor=%d Attrib=%d Length=%d\n", vendor, attrib, attrib_length);
@@ -619,12 +622,38 @@ void processrad(uint8_t *buf, int len, char socket_index)
 						} while (newp);
 						free(avpair);
 					}
+					else if (*p == 99)
+					{
+						// Framed-IPv6-Route
+						struct in6_addr r6;
+						int prefixlen;
+						uint8_t *n = p + 2;
+						uint8_t *e = p + p[1];
+						uint8_t *m = strchr(n, '/');
+
+						*m++ = 0;
+						inet_pton(AF_INET6, n, &r6);
+
+						prefixlen = 0;
+						while (m < e && isdigit(*m)) {
+							prefixlen = prefixlen * 10 + *m++ - '0';
+						}
+
+						if (prefixlen)
+						{
+							LOG(3, s, session[s].tunnel,
+								"   Radius reply contains route for %s/%d\n",
+								n, prefixlen);
+							session[s].ipv6route = r6;
+							session[s].ipv6prefixlen = prefixlen;
+						}
+					}
 				}
 			}
 			else if (r_code == AccessReject)
 			{
-				LOG(2, s, session[s].tunnel, "   Authentication denied for %s\n", session[s].user);
-//FIXME: We should tear down the session here!
+				LOG(2, s, session[s].tunnel, "   Authentication rejected for %s\n", session[s].user);
+				sessionkill(s, "Authentication rejected");
 				break;
 			}