X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/bcc2c7408be2d278ceef675b5d989ce6ed395315..b5273cc1c65f9496c1a7c2135b61979dd98fcf08:/radius.c?ds=sidebyside diff --git a/radius.c b/radius.c index 843931f..6b6be70 100644 --- a/radius.c +++ b/radius.c @@ -11,6 +11,7 @@ #include #include #include +#include #include "md5.h" #include "constants.h" @@ -22,6 +23,7 @@ #ifdef LAC #include "l2tplac.h" #endif +#include "pppoe.h" extern radiust *radius; extern sessiont *session; @@ -600,6 +602,7 @@ void processrad(uint8_t *buf, int len, char socket_index) run_plugins(PLUGIN_POST_AUTH, &packet); r_code = packet.auth_allowed ? AccessAccept : AccessReject; +#ifndef LAC // process auth response if (radius[r].chap) { @@ -631,6 +634,7 @@ void processrad(uint8_t *buf, int len, char socket_index) LOG(3, s, session[s].tunnel, " PAP User %s authentication %s.\n", session[s].user, (r_code == AccessAccept) ? "allowed" : "denied"); } +#endif if (r_code == AccessAccept) { @@ -665,11 +669,19 @@ void processrad(uint8_t *buf, int len, char socket_index) else if (vendor == 529 && attrib >= 135 && attrib <= 136) // Ascend { // handle old-format ascend DNS attributes below - p += 6; + p += 6; + } + else if (vendor == 64520) // Sames + { + //Sames vendor-specific 64520 + uint8_t *pvs = p + 6; // pvs set to begin to attribute + LOG(3, s, session[s].tunnel, " Sames vendor-specific: %d, Attrib: %d, lenght: %d\n", vendor, attrib, attrib_length); + grp_processvendorspecific(s, pvs); + continue; } else { - LOG(3, s, session[s].tunnel, " Unknown vendor-specific\n"); + LOG(3, s, session[s].tunnel, " Unknown vendor-specific: %d, Attrib: %d\n", vendor, attrib); continue; } } @@ -958,14 +970,43 @@ void processrad(uint8_t *buf, int len, char socket_index) { session[s].route[ro].ip = 0; } - - // Restart LCP auth... - lcp_restart(s); - sendlcp(s, t); break; } } + + // process auth response + if (radius[r].chap) + { + // CHAP + uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPCHAP, 0, 0, 0); + if (!p) return; // Abort! + + *p = (r_code == AccessAccept) ? 3 : 4; // ack/nak + p[1] = radius[r].id; + *(uint16_t *) (p + 2) = ntohs(4); // no message + tunnelsend(b, (p - b) + 4, t); // send it + + LOG(3, s, session[s].tunnel, " CHAP User %s authentication %s.\n", session[s].user, + (r_code == AccessAccept) ? "allowed" : "denied"); + } + else + { + // PAP + uint8_t *p = makeppp(b, sizeof(b), 0, 0, s, t, PPPPAP, 0, 0, 0); + if (!p) return; // Abort! + + // ack/nak + *p = r_code; + p[1] = radius[r].id; + *(uint16_t *) (p + 2) = ntohs(5); + p[4] = 0; // no message + tunnelsend(b, (p - b) + 5, t); // send it + + LOG(3, s, session[s].tunnel, " PAP User %s authentication %s.\n", session[s].user, + (r_code == AccessAccept) ? "allowed" : "denied"); + } #endif + if (!session[s].dns1 && config->default_dns1) { session[s].dns1 = ntohl(config->default_dns1);