X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/bcc2c7408be2d278ceef675b5d989ce6ed395315..137bcc99810a8bfc97030eceee52a96c75e91987:/radius.c?ds=inline diff --git a/radius.c b/radius.c index 843931f..8481561 100644 --- a/radius.c +++ b/radius.c @@ -19,9 +19,8 @@ #include "util.h" #include "cluster.h" -#ifdef LAC #include "l2tplac.h" -#endif +#include "pppoe.h" extern radiust *radius; extern sessiont *session; @@ -536,9 +535,7 @@ void processrad(uint8_t *buf, int len, char socket_index) uint8_t routes = 0; int r_code; int r_id; -#ifdef LAC int OpentunnelReq = 0; -#endif CSTAT(processrad); @@ -600,6 +597,7 @@ void processrad(uint8_t *buf, int len, char socket_index) run_plugins(PLUGIN_POST_AUTH, &packet); r_code = packet.auth_allowed ? AccessAccept : AccessReject; +#ifndef LAC // process auth response if (radius[r].chap) { @@ -631,6 +629,7 @@ void processrad(uint8_t *buf, int len, char socket_index) LOG(3, s, session[s].tunnel, " PAP User %s authentication %s.\n", session[s].user, (r_code == AccessAccept) ? "allowed" : "denied"); } +#endif if (r_code == AccessAccept) { @@ -638,11 +637,10 @@ void processrad(uint8_t *buf, int len, char socket_index) // Extract IP, routes, etc uint8_t *p = buf + 20; uint8_t *e = buf + len; -#ifdef LAC uint8_t tag; uint8_t strtemp[256]; lac_reset_rad_tag_tunnel_ctxt(); -#endif + for (; p + 2 <= e && p[1] && p + p[1] <= e; p += p[1]) { if (*p == 26 && p[1] >= 7) @@ -837,7 +835,6 @@ void processrad(uint8_t *buf, int len, char socket_index) session[s].classlen = MAXCLASS; memcpy(session[s].class, p + 2, session[s].classlen); } -#ifdef LAC else if (*p == 64) { // Tunnel-Type @@ -926,7 +923,6 @@ void processrad(uint8_t *buf, int len, char socket_index) // Fill context lac_set_rad_tag_tunnel_assignment_id(tag, (char *) strtemp); } -#endif } } else if (r_code == AccessReject) @@ -936,7 +932,6 @@ void processrad(uint8_t *buf, int len, char socket_index) break; } -#ifdef LAC if ((!config->disable_lac_func) && OpentunnelReq) { char assignment_id[256]; @@ -958,14 +953,42 @@ void processrad(uint8_t *buf, int len, char socket_index) { session[s].route[ro].ip = 0; } - - // Restart LCP auth... - lcp_restart(s); - sendlcp(s, t); break; } } -#endif + + // process auth response + if (radius[r].chap) + { + // CHAP + uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPCHAP, 0, 0, 0); + if (!p) return; // Abort! + + *p = (r_code == AccessAccept) ? 3 : 4; // ack/nak + p[1] = radius[r].id; + *(uint16_t *) (p + 2) = ntohs(4); // no message + tunnelsend(b, (p - b) + 4, t); // send it + + LOG(3, s, session[s].tunnel, " CHAP User %s authentication %s.\n", session[s].user, + (r_code == AccessAccept) ? "allowed" : "denied"); + } + else + { + // PAP + uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPPAP, 0, 0, 0); + if (!p) return; // Abort! + + // ack/nak + *p = r_code; + p[1] = radius[r].id; + *(uint16_t *) (p + 2) = ntohs(5); + p[4] = 0; // no message + tunnelsend(b, (p - b) + 5, t); // send it + + LOG(3, s, session[s].tunnel, " PAP User %s authentication %s.\n", session[s].user, + (r_code == AccessAccept) ? "allowed" : "denied"); + } + if (!session[s].dns1 && config->default_dns1) { session[s].dns1 = ntohl(config->default_dns1); @@ -1309,7 +1332,6 @@ void processdae(uint8_t *buf, int len, struct sockaddr_in *addr, int alen, struc LOG(0, 0, 0, "Error sending DAE response packet: %s\n", strerror(errno)); } -#ifdef LAC // Decrypte the encrypted Tunnel Password. // Defined in RFC-2868. // the pl2tpsecret buffer must set to 256 characters. @@ -1400,4 +1422,3 @@ int rad_tunnel_pwdecode(uint8_t *pl2tpsecret, size_t *pl2tpsecretlen, return decodedlen; }; -#endif /* LAC */