version 1.1.1.1, 2012/02/21 23:32:47
|
version 1.1.1.4, 2016/11/02 09:50:34
|
Line 45
|
Line 45
|
static int RadiusPutAcct(AuthData auth); |
static int RadiusPutAcct(AuthData auth); |
static int RadiusGetParams(AuthData auth, int eap_proxy); |
static int RadiusGetParams(AuthData auth, int eap_proxy); |
static int RadiusSendRequest(AuthData auth); |
static int RadiusSendRequest(AuthData auth); |
|
static void RadiusLogError(AuthData auth, const char *errmsg); |
|
|
/* Set menu options */ |
/* Set menu options */ |
|
|
enum { |
enum { |
|
UNSET_SERVER, |
SET_SERVER, |
SET_SERVER, |
|
#ifdef HAVE_RAD_BIND |
|
SET_SRC_ADDR, |
|
#endif |
SET_ME, |
SET_ME, |
SET_MEV6, |
SET_MEV6, |
SET_IDENTIFIER, |
SET_IDENTIFIER, |
Line 63
|
Line 68
|
/* |
/* |
* GLOBAL VARIABLES |
* GLOBAL VARIABLES |
*/ |
*/ |
| const struct cmdtab RadiusUnSetCmds[] = { |
| { "server {name} [{auth port}] [{acct port}]", "Unset (remove) radius server" , |
| RadiusSetCommand, NULL, 2, (void *) UNSET_SERVER }, |
| { NULL }, |
| }; |
| |
const struct cmdtab RadiusSetCmds[] = { |
const struct cmdtab RadiusSetCmds[] = { |
{ "server {name} {secret} [{auth port}] [{acct port}]", "Set radius server parameters" , |
{ "server {name} {secret} [{auth port}] [{acct port}]", "Set radius server parameters" , |
RadiusSetCommand, NULL, 2, (void *) SET_SERVER }, |
RadiusSetCommand, NULL, 2, (void *) SET_SERVER }, |
|
#ifdef HAVE_RAD_BIND |
|
{ "src-addr {ip}", "Set source address for request" , |
|
RadiusSetCommand, NULL, 2, (void *) SET_SRC_ADDR }, |
|
#endif |
{ "me {ip}", "Set NAS IP address" , |
{ "me {ip}", "Set NAS IP address" , |
RadiusSetCommand, NULL, 2, (void *) SET_ME }, |
RadiusSetCommand, NULL, 2, (void *) SET_ME }, |
{ "v6me {ip}", "Set NAS IPv6 address" , |
{ "v6me {ip}", "Set NAS IPv6 address" , |
Line 190 RadiusEapProxy(void *arg)
|
Line 204 RadiusEapProxy(void *arg)
|
AuthData auth = (AuthData)arg; |
AuthData auth = (AuthData)arg; |
int pos = 0, mlen = RAD_MAX_ATTR_LEN; |
int pos = 0, mlen = RAD_MAX_ATTR_LEN; |
|
|
Log(LG_RADIUS, ("[%s] RADIUS: EAP proxying user '%s'", | Log(LG_RADIUS, ("[%s] RADIUS: EAP proxying user '%s'", |
auth->info.lnkname, auth->params.authname)); |
auth->info.lnkname, auth->params.authname)); |
|
|
if (RadiusStart(auth, RAD_ACCESS_REQUEST) == RAD_NACK) { |
if (RadiusStart(auth, RAD_ACCESS_REQUEST) == RAD_NACK) { |
auth->status = AUTH_STATUS_FAIL; | auth->status = AUTH_STATUS_FAIL; |
return; |
return; |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_NAME: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_NAME: %s", |
auth->info.lnkname, auth->params.authname)); |
auth->info.lnkname, auth->params.authname)); |
if (rad_put_string(auth->radius.handle, RAD_USER_NAME, auth->params.authname) == -1) { |
if (rad_put_string(auth->radius.handle, RAD_USER_NAME, auth->params.authname) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_USER_NAME failed %s", | RadiusLogError(auth, "Put RAD_USER_NAME failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | auth->status = AUTH_STATUS_FAIL; |
auth->status = AUTH_STATUS_FAIL; | |
return; |
return; |
} |
} |
|
|
Line 217 RadiusEapProxy(void *arg)
|
Line 230 RadiusEapProxy(void *arg)
|
auth->info.lnkname, mlen, auth->params.eapmsg_len)); |
auth->info.lnkname, mlen, auth->params.eapmsg_len)); |
memcpy(chunk, &auth->params.eapmsg[pos], mlen); |
memcpy(chunk, &auth->params.eapmsg[pos], mlen); |
if (rad_put_attr(auth->radius.handle, RAD_EAP_MESSAGE, chunk, mlen) == -1) { |
if (rad_put_attr(auth->radius.handle, RAD_EAP_MESSAGE, chunk, mlen) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_EAP_MESSAGE failed %s", | RadiusLogError(auth, "Put RAD_EAP_MESSAGE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | auth->status = AUTH_STATUS_FAIL; |
auth->status = AUTH_STATUS_FAIL; | |
return; |
return; |
} |
} |
} |
} |
Line 254 RadStat(Context ctx, int ac, char *av[], void *arg)
|
Line 266 RadStat(Context ctx, int ac, char *av[], void *arg)
|
Printf("\tTimeout : %d\r\n", conf->radius_timeout); |
Printf("\tTimeout : %d\r\n", conf->radius_timeout); |
Printf("\tRetries : %d\r\n", conf->radius_retries); |
Printf("\tRetries : %d\r\n", conf->radius_retries); |
Printf("\tConfig-file : %s\r\n", (conf->file ? conf->file : "none")); |
Printf("\tConfig-file : %s\r\n", (conf->file ? conf->file : "none")); |
|
#ifdef HAVE_RAD_BIND |
|
Printf("\tSrc address : %s\r\n", inet_ntoa(conf->src_addr)); |
|
#endif |
Printf("\tMe (NAS-IP) : %s\r\n", inet_ntoa(conf->radius_me)); |
Printf("\tMe (NAS-IP) : %s\r\n", inet_ntoa(conf->radius_me)); |
Printf("\tv6Me (NAS-IP): %s\r\n", u_addrtoa(&conf->radius_mev6, buf1, sizeof(buf1))); |
Printf("\tv6Me (NAS-IP): %s\r\n", u_addrtoa(&conf->radius_mev6, buf1, sizeof(buf1))); |
Printf("\tIdentifier : %s\r\n", (conf->identifier ? conf->identifier : "")); |
Printf("\tIdentifier : %s\r\n", (conf->identifier ? conf->identifier : "")); |
Line 290 RadStat(Context ctx, int ac, char *av[], void *arg)
|
Line 305 RadStat(Context ctx, int ac, char *av[], void *arg)
|
Printf("\tClass : 0x%s\r\n", buf); |
Printf("\tClass : 0x%s\r\n", buf); |
Freee(buf); |
Freee(buf); |
|
|
|
Printf("\tFilter Id : %s\r\n", (a->params.filter_id ? a->params.filter_id : "")); |
return (0); |
return (0); |
} |
} |
|
|
Line 313 RadiusAddServer(AuthData auth, short request_type)
|
Line 329 RadiusAddServer(AuthData auth, short request_type)
|
s->sharedsecret, |
s->sharedsecret, |
c->radius_timeout, |
c->radius_timeout, |
c->radius_retries) == -1) { |
c->radius_retries) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Adding server error: %s", auth->info.lnkname, | RadiusLogError(auth, "Adding server error"); |
rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
} |
} |
Line 325 RadiusAddServer(AuthData auth, short request_type)
|
Line 340 RadiusAddServer(AuthData auth, short request_type)
|
s->sharedsecret, |
s->sharedsecret, |
c->radius_timeout, |
c->radius_timeout, |
c->radius_retries) == -1) { |
c->radius_retries) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Adding server error: %s", auth->info.lnkname, | RadiusLogError(auth, "Adding server error"); |
rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
} |
} |
|
|
s = s->next; |
s = s->next; |
} |
} |
|
#ifdef HAVE_RAD_BIND |
|
if (c->src_addr.s_addr != INADDR_ANY) |
|
rad_bind_to(auth->radius.handle, c->src_addr.s_addr); |
|
#endif |
|
|
return (RAD_ACK); |
return (RAD_ACK); |
} |
} |
Line 344 RadiusSetCommand(Context ctx, int ac, char *av[], void
|
Line 362 RadiusSetCommand(Context ctx, int ac, char *av[], void
|
RadConf const conf = &ctx->lnk->lcp.auth.conf.radius; |
RadConf const conf = &ctx->lnk->lcp.auth.conf.radius; |
RadServe_Conf server; |
RadServe_Conf server; |
RadServe_Conf t_server; |
RadServe_Conf t_server; |
|
RadServe_Conf next, prev; |
int val, count; |
int val, count; |
struct u_addr t; |
struct u_addr t; |
int auth_port = 1812; |
int auth_port = 1812; |
Line 354 RadiusSetCommand(Context ctx, int ac, char *av[], void
|
Line 373 RadiusSetCommand(Context ctx, int ac, char *av[], void
|
|
|
switch ((intptr_t)arg) { |
switch ((intptr_t)arg) { |
|
|
|
case UNSET_SERVER: |
|
|
|
if (ac > 3 || ac < 1) { |
|
return(-1); |
|
} |
|
for ( prev = NULL, t_server = conf->server ; |
|
t_server != NULL && (next = t_server->next, 1) ; |
|
prev = t_server, t_server = next) { |
|
|
|
if (strcmp(t_server->hostname, av[0]) != 0) |
|
continue; |
|
if (ac > 1 && t_server->auth_port != atoi(av[1])) |
|
continue; |
|
if (ac > 2 && t_server->acct_port != atoi(av[2])) |
|
continue; |
|
|
|
if (t_server == conf->server) { |
|
conf->server = t_server->next; |
|
} else { |
|
prev->next = t_server->next; |
|
t_server->next = NULL; |
|
} |
|
|
|
Freee(t_server->hostname); |
|
Freee(t_server->sharedsecret); |
|
Freee(t_server); |
|
t_server = prev; |
|
} |
|
|
|
break; |
|
|
case SET_SERVER: |
case SET_SERVER: |
if (ac > 4 || ac < 2) { |
if (ac > 4 || ac < 2) { |
return(-1); |
return(-1); |
Line 397 RadiusSetCommand(Context ctx, int ac, char *av[], void
|
Line 447 RadiusSetCommand(Context ctx, int ac, char *av[], void
|
|
|
break; |
break; |
|
|
|
#ifdef HAVE_RAD_BIND |
|
case SET_SRC_ADDR: |
|
if (ParseAddr(*av, &t, ALLOW_IPV4)) { |
|
u_addrtoin_addr(&t, &conf->src_addr); |
|
} else |
|
Error("Bad Src address '%s'.", *av); |
|
break; |
|
#endif |
|
|
case SET_ME: |
case SET_ME: |
if (ParseAddr(*av, &t, ALLOW_IPV4)) { |
if (ParseAddr(*av, &t, ALLOW_IPV4)) { |
u_addrtoin_addr(&t,&conf->radius_me); | u_addrtoin_addr(&t, &conf->radius_me); |
} else |
} else |
Error("Bad NAS address '%s'.", *av); |
Error("Bad NAS address '%s'.", *av); |
break; |
break; |
Line 469 RadiusOpen(AuthData auth, short request_type)
|
Line 528 RadiusOpen(AuthData auth, short request_type)
|
if (request_type == RAD_ACCESS_REQUEST) { |
if (request_type == RAD_ACCESS_REQUEST) { |
|
|
if ((auth->radius.handle = rad_open()) == NULL) { |
if ((auth->radius.handle = rad_open()) == NULL) { |
Log(LG_RADIUS, ("[%s] RADIUS: rad_open failed", auth->info.lnkname)); | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: rad_open failed", |
| auth->info.lnkname)); |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
} else { /* RAD_ACCOUNTING_REQUEST */ |
} else { /* RAD_ACCOUNTING_REQUEST */ |
|
|
if ((auth->radius.handle = rad_acct_open()) == NULL) { |
if ((auth->radius.handle = rad_acct_open()) == NULL) { |
Log(LG_RADIUS, ("[%s] RADIUS: rad_acct_open failed", auth->info.lnkname)); | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: rad_acct_open failed", |
| auth->info.lnkname)); |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
} |
} |
Line 483 RadiusOpen(AuthData auth, short request_type)
|
Line 544 RadiusOpen(AuthData auth, short request_type)
|
if (conf->file && strlen(conf->file)) { |
if (conf->file && strlen(conf->file)) { |
Log(LG_RADIUS2, ("[%s] RADIUS: using %s", auth->info.lnkname, conf->file)); |
Log(LG_RADIUS2, ("[%s] RADIUS: using %s", auth->info.lnkname, conf->file)); |
if (rad_config(auth->radius.handle, conf->file) != 0) { |
if (rad_config(auth->radius.handle, conf->file) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: rad_config: %s", auth->info.lnkname, | RadiusLogError(auth, "rad_config"); |
rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
} |
} |
Line 517 RadiusStart(AuthData auth, short request_type)
|
Line 577 RadiusStart(AuthData auth, short request_type)
|
tmpval = conf->identifier; |
tmpval = conf->identifier; |
} else { |
} else { |
if (gethostname(host, sizeof(host)) == -1) { |
if (gethostname(host, sizeof(host)) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: gethostname() for RAD_NAS_IDENTIFIER failed", | Log(LG_ERR|LG_RADIUS, |
| ("[%s] RADIUS: gethostname() for RAD_NAS_IDENTIFIER failed", |
auth->info.lnkname)); |
auth->info.lnkname)); |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
Line 526 RadiusStart(AuthData auth, short request_type)
|
Line 587 RadiusStart(AuthData auth, short request_type)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_IDENTIFIER: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_IDENTIFIER: %s", |
auth->info.lnkname, tmpval)); |
auth->info.lnkname, tmpval)); |
if (rad_put_string(auth->radius.handle, RAD_NAS_IDENTIFIER, tmpval) == -1) { |
if (rad_put_string(auth->radius.handle, RAD_NAS_IDENTIFIER, tmpval) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_IDENTIFIER failed %s", auth->info.lnkname, | RadiusLogError(auth, "Put RAD_NAS_IDENTIFIER failed"); |
rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 535 RadiusStart(AuthData auth, short request_type)
|
Line 595 RadiusStart(AuthData auth, short request_type)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_IP_ADDRESS: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_IP_ADDRESS: %s", |
auth->info.lnkname, inet_ntoa(conf->radius_me))); |
auth->info.lnkname, inet_ntoa(conf->radius_me))); |
if (rad_put_addr(auth->radius.handle, RAD_NAS_IP_ADDRESS, conf->radius_me) == -1) { |
if (rad_put_addr(auth->radius.handle, RAD_NAS_IP_ADDRESS, conf->radius_me) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_IP_ADDRESS failed %s", | RadiusLogError(auth, "Put RAD_NAS_IP_ADDRESS failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
|
|
if (!u_addrempty(&conf->radius_mev6)) { |
if (!u_addrempty(&conf->radius_mev6)) { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_IPV6_ADDRESS: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_IPV6_ADDRESS: %s", |
auth->info.lnkname, u_addrtoa(&conf->radius_mev6,buf,sizeof(buf)))); |
auth->info.lnkname, u_addrtoa(&conf->radius_mev6,buf,sizeof(buf)))); |
|
#ifdef HAVE_RAD_ADDR6 |
|
if (rad_put_addr6(auth->radius.handle, RAD_NAS_IPV6_ADDRESS, conf->radius_mev6.u.ip6) == -1) { |
|
#else |
if (rad_put_attr(auth->radius.handle, RAD_NAS_IPV6_ADDRESS, &conf->radius_mev6.u.ip6, sizeof(conf->radius_mev6.u.ip6)) == -1) { |
if (rad_put_attr(auth->radius.handle, RAD_NAS_IPV6_ADDRESS, &conf->radius_mev6.u.ip6, sizeof(conf->radius_mev6.u.ip6)) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_IPV6_ADDRESS failed %s", | #endif |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | RadiusLogError(auth, "Put RAD_NAS_IPV6_ADDRESS failed"); |
return (RAD_NACK); | return (RAD_NACK); |
} |
} |
} |
} |
|
|
Line 559 RadiusStart(AuthData auth, short request_type)
|
Line 621 RadiusStart(AuthData auth, short request_type)
|
&& request_type != RAD_ACCOUNTING_REQUEST) { |
&& request_type != RAD_ACCOUNTING_REQUEST) { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put Message Authenticator", auth->info.lnkname)); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put Message Authenticator", auth->info.lnkname)); |
if (rad_put_message_authentic(auth->radius.handle) == -1) { |
if (rad_put_message_authentic(auth->radius.handle) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put message_authentic failed %s", | RadiusLogError(auth, "Put message_authentic failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_SESSION_ID: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_SESSION_ID: %s", |
auth->info.lnkname, auth->info.session_id)); |
auth->info.lnkname, auth->info.session_id)); |
if (rad_put_string(auth->radius.handle, RAD_ACCT_SESSION_ID, auth->info.session_id) != 0) { |
if (rad_put_string(auth->radius.handle, RAD_ACCT_SESSION_ID, auth->info.session_id) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_SESSION_ID: %s", | RadiusLogError(auth, "Put RAD_ACCT_SESSION_ID failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_PORT: %d", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_PORT: %d", |
auth->info.lnkname, auth->info.linkID)); |
auth->info.lnkname, auth->info.linkID)); |
if (rad_put_int(auth->radius.handle, RAD_NAS_PORT, auth->info.linkID) == -1) { |
if (rad_put_int(auth->radius.handle, RAD_NAS_PORT, auth->info.linkID) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_PORT failed %s", | RadiusLogError(auth, "Put RAD_NAS_PORT failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 602 RadiusStart(AuthData auth, short request_type)
|
Line 661 RadiusStart(AuthData auth, short request_type)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_PORT_TYPE: %d", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_NAS_PORT_TYPE: %d", |
auth->info.lnkname, porttype)); |
auth->info.lnkname, porttype)); |
if (rad_put_int(auth->radius.handle, RAD_NAS_PORT_TYPE, porttype) == -1) { |
if (rad_put_int(auth->radius.handle, RAD_NAS_PORT_TYPE, porttype) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_PORT_TYPE failed %s", | RadiusLogError(auth, "Put RAD_NAS_PORT_TYPE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_SERVICE_TYPE: RAD_FRAMED", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_SERVICE_TYPE: RAD_FRAMED", |
auth->info.lnkname)); |
auth->info.lnkname)); |
if (rad_put_int(auth->radius.handle, RAD_SERVICE_TYPE, RAD_FRAMED) == -1) { |
if (rad_put_int(auth->radius.handle, RAD_SERVICE_TYPE, RAD_FRAMED) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_SERVICE_TYPE failed %s", | RadiusLogError(auth, "Put RAD_SERVICE_TYPE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
| |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_FRAMED_PROTOCOL: RAD_PPP", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_FRAMED_PROTOCOL: RAD_PPP", |
auth->info.lnkname)); |
auth->info.lnkname)); |
if (rad_put_int(auth->radius.handle, RAD_FRAMED_PROTOCOL, RAD_PPP) == -1) { |
if (rad_put_int(auth->radius.handle, RAD_FRAMED_PROTOCOL, RAD_PPP) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_FRAMED_PROTOCOL failed %s", | RadiusLogError(auth, "Put RAD_FRAMED_PROTOCOL failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 628 RadiusStart(AuthData auth, short request_type)
|
Line 684 RadiusStart(AuthData auth, short request_type)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_STATE: 0x%s", auth->info.lnkname, tmpval)); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_STATE: 0x%s", auth->info.lnkname, tmpval)); |
Freee(tmpval); |
Freee(tmpval); |
if (rad_put_attr(auth->radius.handle, RAD_STATE, auth->params.state, auth->params.state_len) == -1) { |
if (rad_put_attr(auth->radius.handle, RAD_STATE, auth->params.state, auth->params.state_len) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_STATE failed %s", | RadiusLogError(auth, "Put RAD_STATE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
|
|
Line 639 RadiusStart(AuthData auth, short request_type)
|
Line 694 RadiusStart(AuthData auth, short request_type)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CLASS: 0x%s", auth->info.lnkname, tmpval)); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CLASS: 0x%s", auth->info.lnkname, tmpval)); |
Freee(tmpval); |
Freee(tmpval); |
if (rad_put_attr(auth->radius.handle, RAD_CLASS, auth->params.class, auth->params.class_len) == -1) { |
if (rad_put_attr(auth->radius.handle, RAD_CLASS, auth->params.class, auth->params.class_len) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_CLASS failed %s", | RadiusLogError(auth, "Put RAD_CLASS failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CALLING_STATION_ID: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CALLING_STATION_ID: %s", |
auth->info.lnkname, auth->params.callingnum)); | auth->info.lnkname, auth->params.callingnum)); |
if (rad_put_string(auth->radius.handle, RAD_CALLING_STATION_ID, |
if (rad_put_string(auth->radius.handle, RAD_CALLING_STATION_ID, |
auth->params.callingnum) == -1) { | auth->params.callingnum) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_CALLING_STATION_ID failed %s", | RadiusLogError(auth, "Put RAD_CALLING_STATION_ID failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CALLED_STATION_ID: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CALLED_STATION_ID: %s", |
auth->info.lnkname, auth->params.callednum)); |
auth->info.lnkname, auth->params.callednum)); |
if (rad_put_string(auth->radius.handle, RAD_CALLED_STATION_ID, |
if (rad_put_string(auth->radius.handle, RAD_CALLED_STATION_ID, |
auth->params.callednum) == -1) { | auth->params.callednum) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_CALLED_STATION_ID failed %s", | RadiusLogError(auth, "Put RAD_CALLED_STATION_ID failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 667 RadiusStart(AuthData auth, short request_type)
|
Line 719 RadiusStart(AuthData auth, short request_type)
|
auth->info.lnkname, auth->params.peeriface)); |
auth->info.lnkname, auth->params.peeriface)); |
if (rad_put_string(auth->radius.handle, RAD_NAS_PORT_ID, |
if (rad_put_string(auth->radius.handle, RAD_NAS_PORT_ID, |
auth->params.peeriface) == -1) { |
auth->params.peeriface) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_NAS_PORT_ID failed %s", | RadiusLogError(auth, "Put RAD_NAS_PORT_ID failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_LINK: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_LINK: %s", |
auth->info.lnkname, auth->info.lnkname)); | auth->info.lnkname, auth->info.lnkname)); |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_LINK, auth->info.lnkname) != 0) { |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_LINK, auth->info.lnkname) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_LINK: %s", auth->info.lnkname, | RadiusLogError(auth, "Put RAD_MPD_LINK failed"); |
rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_PEER_IDENT: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_PEER_IDENT: %s", |
auth->info.lnkname, auth->info.peer_ident)); |
auth->info.lnkname, auth->info.peer_ident)); |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, |
RAD_MPD_PEER_IDENT, auth->info.peer_ident) != 0) { |
RAD_MPD_PEER_IDENT, auth->info.peer_ident) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_PEER_IDENT failed %s", | RadiusLogError(auth, "Put RAD_MPD_PEER_IDENT failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 722 RadiusStart(AuthData auth, short request_type)
|
Line 771 RadiusStart(AuthData auth, short request_type)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_TYPE: %d", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_TYPE: %d", |
auth->info.lnkname, porttype)); |
auth->info.lnkname, porttype)); |
if (rad_put_int(auth->radius.handle, RAD_TUNNEL_TYPE, porttype) == -1) { |
if (rad_put_int(auth->radius.handle, RAD_TUNNEL_TYPE, porttype) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_TYPE failed %s", | RadiusLogError(auth, "Put RAD_TUNNEL_TYPE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
} |
} |
Line 741 RadiusStart(AuthData auth, short request_type)
|
Line 789 RadiusStart(AuthData auth, short request_type)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_MEDIUM_TYPE: %d", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_MEDIUM_TYPE: %d", |
auth->info.lnkname, porttype)); |
auth->info.lnkname, porttype)); |
if (rad_put_int(auth->radius.handle, RAD_TUNNEL_MEDIUM_TYPE, porttype) == -1) { |
if (rad_put_int(auth->radius.handle, RAD_TUNNEL_MEDIUM_TYPE, porttype) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_MEDIUM_TYPE failed %s", | RadiusLogError(auth, "Put RAD_TUNNEL_MEDIUM_TYPE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
if (auth->info.originate == LINK_ORIGINATE_LOCAL) { |
if (auth->info.originate == LINK_ORIGINATE_LOCAL) { |
Line 752 RadiusStart(AuthData auth, short request_type)
|
Line 799 RadiusStart(AuthData auth, short request_type)
|
} |
} |
if (tmpval[0]) { |
if (tmpval[0]) { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_SERVER_ENDPOINT: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_SERVER_ENDPOINT: %s", |
auth->info.lnkname, tmpval)); | auth->info.lnkname, tmpval)); |
if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_SERVER_ENDPOINT, |
if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_SERVER_ENDPOINT, |
0, tmpval) == -1) { | 0, tmpval) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_SERVER_ENDPOINT failed %s", | RadiusLogError(auth, "Put RAD_TUNNEL_SERVER_ENDPOINT failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
if (auth->info.originate == LINK_ORIGINATE_LOCAL) { |
if (auth->info.originate == LINK_ORIGINATE_LOCAL) { |
Line 767 RadiusStart(AuthData auth, short request_type)
|
Line 813 RadiusStart(AuthData auth, short request_type)
|
} |
} |
if (tmpval[0]) { |
if (tmpval[0]) { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_CLIENT_ENDPOINT: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_CLIENT_ENDPOINT: %s", |
auth->info.lnkname, tmpval)); | auth->info.lnkname, tmpval)); |
if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_CLIENT_ENDPOINT, |
if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_CLIENT_ENDPOINT, |
0, tmpval) == -1) { | 0, tmpval) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_CLIENT_ENDPOINT failed %s", | RadiusLogError(auth, "Put RAD_TUNNEL_CLIENT_ENDPOINT failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
if (auth->info.originate == LINK_ORIGINATE_LOCAL) { |
if (auth->info.originate == LINK_ORIGINATE_LOCAL) { |
Line 782 RadiusStart(AuthData auth, short request_type)
|
Line 827 RadiusStart(AuthData auth, short request_type)
|
} |
} |
if (tmpval[0]) { |
if (tmpval[0]) { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_SERVER_AUTH_ID: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_SERVER_AUTH_ID: %s", |
auth->info.lnkname, tmpval)); | auth->info.lnkname, tmpval)); |
if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_SERVER_AUTH_ID, |
if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_SERVER_AUTH_ID, |
0, tmpval) == -1) { | 0, tmpval) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_SERVER_AUTH_ID failed %s", | RadiusLogError(auth, "Put RAD_TUNNEL_SERVER_AUTH_ID failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
if (auth->info.originate == LINK_ORIGINATE_LOCAL) { |
if (auth->info.originate == LINK_ORIGINATE_LOCAL) { |
Line 797 RadiusStart(AuthData auth, short request_type)
|
Line 841 RadiusStart(AuthData auth, short request_type)
|
} |
} |
if (tmpval[0]) { |
if (tmpval[0]) { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_CLIENT_AUTH_ID: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_TUNNEL_CLIENT_AUTH_ID: %s", |
auth->info.lnkname, tmpval)); | auth->info.lnkname, tmpval)); |
if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_CLIENT_AUTH_ID, |
if (rad_put_string_tag(auth->radius.handle, RAD_TUNNEL_CLIENT_AUTH_ID, |
0, tmpval) == -1) { | 0, tmpval) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_TUNNEL_CLIENT_AUTH_ID failed %s", | RadiusLogError(auth, "Put RAD_TUNNEL_CLIENT_AUTH_ID failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
} |
} |
Line 810 RadiusStart(AuthData auth, short request_type)
|
Line 853 RadiusStart(AuthData auth, short request_type)
|
if (auth->info.phys_type == &gPppoePhysType) { |
if (auth->info.phys_type == &gPppoePhysType) { |
if (auth->params.selfname[0]) { |
if (auth->params.selfname[0]) { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put ADSL-Agent-Circuit-Id: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put ADSL-Agent-Circuit-Id: %s", |
auth->info.lnkname, auth->params.selfname)); | auth->info.lnkname, auth->params.selfname)); |
if (rad_put_vendor_string(auth->radius.handle, 3561, 1, |
if (rad_put_vendor_string(auth->radius.handle, 3561, 1, |
auth->params.selfname) == -1) { | auth->params.selfname) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put ADSL-Agent-Circuit-Id failed %s", | RadiusLogError(auth, "Put ADSL-Agent-Circuit-Id failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
if (auth->params.peername[0]) { |
if (auth->params.peername[0]) { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put ADSL-Agent-Remote-Id: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put ADSL-Agent-Remote-Id: %s", |
auth->info.lnkname, auth->params.peername)); | auth->info.lnkname, auth->params.peername)); |
if (rad_put_vendor_string(auth->radius.handle, 3561, 2, |
if (rad_put_vendor_string(auth->radius.handle, 3561, 2, |
auth->params.peername) == -1) { | auth->params.peername) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put ADSL-Agent-Remote-Id failed %s", | RadiusLogError(auth, "Put ADSL-Agent-Remote-Id failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
} |
} |
Line 849 RadiusPutAuth(AuthData auth)
|
Line 890 RadiusPutAuth(AuthData auth)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_NAME: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_NAME: %s", |
auth->info.lnkname, auth->params.authname)); |
auth->info.lnkname, auth->params.authname)); |
if (rad_put_string(auth->radius.handle, RAD_USER_NAME, auth->params.authname) == -1) { |
if (rad_put_string(auth->radius.handle, RAD_USER_NAME, auth->params.authname) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_USER_NAME failed %s", | RadiusLogError(auth, "Put RAD_USER_NAME failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 859 RadiusPutAuth(AuthData auth)
|
Line 899 RadiusPutAuth(AuthData auth)
|
|
|
case CHAP_ALG_MSOFT: |
case CHAP_ALG_MSOFT: |
if (cp->value_len != 49) { |
if (cp->value_len != 49) { |
Log(LG_RADIUS, ("[%s] RADIUS: RADIUS_CHAP (MSOFTv1) unrecognised key length %d/%d", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: RADIUS_CHAP (MSOFTv1) unrecognised key length %d/%d", |
auth->info.lnkname, cp->value_len, 49)); |
auth->info.lnkname, cp->value_len, 49)); |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
Line 868 RadiusPutAuth(AuthData auth)
|
Line 908 RadiusPutAuth(AuthData auth)
|
auth->info.lnkname)); |
auth->info.lnkname)); |
if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP_CHALLENGE, |
if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP_CHALLENGE, |
cp->chal_data, cp->chal_len) == -1) { |
cp->chal_data, cp->chal_len) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MICROSOFT_MS_CHAP_CHALLENGE failed %s", | RadiusLogError(auth, "Put RAD_MICROSOFT_MS_CHAP_CHALLENGE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 883 RadiusPutAuth(AuthData auth)
|
Line 922 RadiusPutAuth(AuthData auth)
|
auth->info.lnkname)); |
auth->info.lnkname)); |
if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP_RESPONSE, |
if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP_RESPONSE, |
&rad_mschapval, sizeof(rad_mschapval)) == -1) { |
&rad_mschapval, sizeof(rad_mschapval)) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MICROSOFT_MS_CHAP_RESPONSE failed %s", | RadiusLogError(auth, "Put RAD_MICROSOFT_MS_CHAP_RESPONSE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
break; |
break; |
|
|
case CHAP_ALG_MSOFTv2: |
case CHAP_ALG_MSOFTv2: |
if (cp->value_len != sizeof(*mschapv2val)) { |
if (cp->value_len != sizeof(*mschapv2val)) { |
Log(LG_RADIUS, ("[%s] RADIUS: RADIUS_CHAP (MSOFTv2) unrecognised key length %d/%d", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: RADIUS_CHAP (MSOFTv2) unrecognised key length %d/%d", |
auth->info.lnkname, cp->value_len, (int)sizeof(*mschapv2val))); |
auth->info.lnkname, cp->value_len, (int)sizeof(*mschapv2val))); |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
Line 900 RadiusPutAuth(AuthData auth)
|
Line 938 RadiusPutAuth(AuthData auth)
|
auth->info.lnkname)); |
auth->info.lnkname)); |
if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, |
if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, |
RAD_MICROSOFT_MS_CHAP_CHALLENGE, cp->chal_data, cp->chal_len) == -1) { |
RAD_MICROSOFT_MS_CHAP_CHALLENGE, cp->chal_data, cp->chal_len) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MICROSOFT_MS_CHAP_CHALLENGE failed %s", | RadiusLogError(auth, "Put RAD_MICROSOFT_MS_CHAP_CHALLENGE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 919 RadiusPutAuth(AuthData auth)
|
Line 956 RadiusPutAuth(AuthData auth)
|
auth->info.lnkname)); |
auth->info.lnkname)); |
if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP2_RESPONSE, |
if (rad_put_vendor_attr(auth->radius.handle, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP2_RESPONSE, |
&rad_mschapv2val, sizeof(rad_mschapv2val)) == -1) { |
&rad_mschapv2val, sizeof(rad_mschapv2val)) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put vendor_attr(RAD_MICROSOFT_MS_CHAP2_RESPONSE failed %s", | RadiusLogError(auth, "Put vendor_attr(RAD_MICROSOFT_MS_CHAP2_RESPONSE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
break; |
break; |
Line 932 RadiusPutAuth(AuthData auth)
|
Line 968 RadiusPutAuth(AuthData auth)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CHAP_CHALLENGE", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CHAP_CHALLENGE", |
auth->info.lnkname)); |
auth->info.lnkname)); |
if (rad_put_attr(auth->radius.handle, RAD_CHAP_CHALLENGE, cp->chal_data, cp->chal_len) == -1) { |
if (rad_put_attr(auth->radius.handle, RAD_CHAP_CHALLENGE, cp->chal_data, cp->chal_len) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_CHAP_CHALLENGE failed %s", | RadiusLogError(auth, "Put RAD_CHAP_CHALLENGE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CHAP_PASSWORD", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_CHAP_PASSWORD", |
auth->info.lnkname)); |
auth->info.lnkname)); |
if (rad_put_attr(auth->radius.handle, RAD_CHAP_PASSWORD, &rad_chapval, cp->value_len + 1) == -1) { |
if (rad_put_attr(auth->radius.handle, RAD_CHAP_PASSWORD, &rad_chapval, cp->value_len + 1) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_CHAP_PASSWORD failed %s", | RadiusLogError(auth, "Put RAD_CHAP_PASSWORD failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
break; |
break; |
|
|
default: |
default: |
Log(LG_RADIUS, ("[%s] RADIUS: RADIUS unkown CHAP ALG %d", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: RADIUS unkown CHAP ALG: %d", |
auth->info.lnkname, auth->alg)); |
auth->info.lnkname, auth->alg)); |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
} else if (auth->proto == PROTO_PAP) { |
} else if (auth->proto == PROTO_PAP) { |
| Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_PASSWORD", auth->info.lnkname)); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_PASSWORD", | |
auth->info.lnkname)); | |
if (rad_put_string(auth->radius.handle, RAD_USER_PASSWORD, pp->peer_pass) == -1) { |
if (rad_put_string(auth->radius.handle, RAD_USER_PASSWORD, pp->peer_pass) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_USER_PASSWORD failed %s", | RadiusLogError(auth, "Put RAD_USER_PASSWORD failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
} else { |
} else { |
Log(LG_RADIUS, ("[%s] RADIUS: RADIUS unkown Proto %d", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: RADIUS unkown Proto: %d", |
auth->info.lnkname, auth->proto)); |
auth->info.lnkname, auth->proto)); |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
Line 975 RadiusPutAcct(AuthData auth)
|
Line 1005 RadiusPutAcct(AuthData auth)
|
{ |
{ |
char *username; |
char *username; |
int authentic; |
int authentic; |
|
char buf[64]; |
|
|
if (auth->acct_type == AUTH_ACCT_START) { |
if (auth->acct_type == AUTH_ACCT_START) { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: RAD_START", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: RAD_START", |
auth->info.lnkname)); | auth->info.lnkname)); |
if (rad_put_int(auth->radius.handle, RAD_ACCT_STATUS_TYPE, RAD_START)) { |
if (rad_put_int(auth->radius.handle, RAD_ACCT_STATUS_TYPE, RAD_START)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put STATUS_TYPE: %s", | RadiusLogError(auth, "Put STATUS_TYPE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_FRAMED_IP_ADDRESS: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_FRAMED_IP_ADDRESS: %s", |
auth->info.lnkname, inet_ntoa(auth->info.peer_addr))); |
auth->info.lnkname, inet_ntoa(auth->info.peer_addr))); |
if (rad_put_addr(auth->radius.handle, RAD_FRAMED_IP_ADDRESS, auth->info.peer_addr)) { |
if (rad_put_addr(auth->radius.handle, RAD_FRAMED_IP_ADDRESS, auth->info.peer_addr)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_FRAMED_IP_ADDRESS: %s", | RadiusLogError(auth, "Put RAD_FRAMED_IP_ADDRESS failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 1000 RadiusPutAcct(AuthData auth)
|
Line 1029 RadiusPutAcct(AuthData auth)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_FRAMED_IP_NETMASK: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_FRAMED_IP_NETMASK: %s", |
auth->info.lnkname, inet_ntoa(ip))); |
auth->info.lnkname, inet_ntoa(ip))); |
if (rad_put_addr(auth->radius.handle, RAD_FRAMED_IP_NETMASK, ip)) { |
if (rad_put_addr(auth->radius.handle, RAD_FRAMED_IP_NETMASK, ip)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_FRAMED_IP_NETMASK: %s", | RadiusLogError(auth, "Put RAD_FRAMED_IP_NETMASK failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
} |
} |
|
|
|
#ifdef HAVE_RAD_ADDR6 |
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_FRAMED_IPV6_ADDRESS: %s", |
|
auth->info.lnkname, inet_ntop(AF_INET6, &auth->info.peer_addr6, buf, |
|
sizeof(buf)))); |
|
if (rad_put_addr6(auth->radius.handle, RAD_FRAMED_IPV6_ADDRESS, auth->info.peer_addr6)) { |
|
RadiusLogError(auth, "Put RAD_FRAMED_IPV6_ADDRESS failed"); |
|
return (RAD_NACK); |
|
} |
|
#endif |
|
|
username = auth->params.authname; |
username = auth->params.authname; |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_NAME: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_USER_NAME: %s", |
auth->info.lnkname, username)); |
auth->info.lnkname, username)); |
if (rad_put_string(auth->radius.handle, RAD_USER_NAME, username) != 0) { |
if (rad_put_string(auth->radius.handle, RAD_USER_NAME, username) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_USER_NAME: %s", | RadiusLogError(auth, "Put RAD_USER_NAME failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_MULTI_SESSION_ID: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_MULTI_SESSION_ID: %s", |
auth->info.lnkname, auth->info.msession_id)); |
auth->info.lnkname, auth->info.msession_id)); |
if (rad_put_string(auth->radius.handle, RAD_ACCT_MULTI_SESSION_ID, auth->info.msession_id) != 0) { |
if (rad_put_string(auth->radius.handle, RAD_ACCT_MULTI_SESSION_ID, auth->info.msession_id) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_MULTI_SESSION_ID: %s", | RadiusLogError(auth, "Put RAD_ACCT_MULTI_SESSION_ID failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_BUNDLE: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_BUNDLE: %s", |
auth->info.lnkname, auth->info.bundname)); |
auth->info.lnkname, auth->info.bundname)); |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_BUNDLE, auth->info.bundname) != 0) { |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_BUNDLE, auth->info.bundname) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_BUNDLE: %s", auth->info.lnkname, | RadiusLogError(auth, "Put RAD_MPD_BUNDLE failed"); |
rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_IFACE: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_IFACE: %s", |
auth->info.lnkname, auth->info.ifname)); |
auth->info.lnkname, auth->info.ifname)); |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_IFACE, auth->info.ifname) != 0) { |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_IFACE, auth->info.ifname) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_IFACE: %s", auth->info.lnkname, | RadiusLogError(auth, "Put RAD_MPD_IFACE failed"); |
rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_IFACE_INDEX: %u", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_IFACE_INDEX: %u", |
auth->info.lnkname, auth->info.ifindex)); |
auth->info.lnkname, auth->info.ifindex)); |
if (rad_put_vendor_int(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_IFACE_INDEX, auth->info.ifindex) != 0) { |
if (rad_put_vendor_int(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_IFACE_INDEX, auth->info.ifindex) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_IFACE_INDEX: %s", auth->info.lnkname, | RadiusLogError(auth, "Put RAD_MPD_IFACE_INDEX failed"); |
rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_PEER_IDENT: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_PEER_IDENT: %s", |
auth->info.lnkname, auth->info.peer_ident)); |
auth->info.lnkname, auth->info.peer_ident)); |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_PEER_IDENT, auth->info.peer_ident) != 0) { |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_PEER_IDENT, auth->info.peer_ident) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_PEER_IDENT failed %s", | RadiusLogError(auth, "Put RAD_MPD_PEER_IDENT failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_LINK_COUNT: %d", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_LINK_COUNT: %d", |
auth->info.lnkname, auth->info.n_links)); |
auth->info.lnkname, auth->info.n_links)); |
if (rad_put_int(auth->radius.handle, RAD_ACCT_LINK_COUNT, auth->info.n_links) != 0) { |
if (rad_put_int(auth->radius.handle, RAD_ACCT_LINK_COUNT, auth->info.n_links) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_LINK_COUNT failed: %s", | RadiusLogError(auth, "Put RAD_ACCT_LINK_COUNT failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 1071 RadiusPutAcct(AuthData auth)
|
Line 1102 RadiusPutAcct(AuthData auth)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_AUTHENTIC: %d", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_AUTHENTIC: %d", |
auth->info.lnkname, authentic)); |
auth->info.lnkname, authentic)); |
if (rad_put_int(auth->radius.handle, RAD_ACCT_AUTHENTIC, authentic) != 0) { |
if (rad_put_int(auth->radius.handle, RAD_ACCT_AUTHENTIC, authentic) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_AUTHENTIC failed: %s", | RadiusLogError(auth, "Put RAD_ACCT_AUTHENTIC failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 1088 RadiusPutAcct(AuthData auth)
|
Line 1118 RadiusPutAcct(AuthData auth)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: RAD_STOP", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: RAD_STOP", |
auth->info.lnkname)); |
auth->info.lnkname)); |
if (rad_put_int(auth->radius.handle, RAD_ACCT_STATUS_TYPE, RAD_STOP)) { |
if (rad_put_int(auth->radius.handle, RAD_ACCT_STATUS_TYPE, RAD_STOP)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: %s", | RadiusLogError(auth, "Put RAD_ACCT_STATUS_TYPE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 1122 RadiusPutAcct(AuthData auth)
|
Line 1151 RadiusPutAcct(AuthData auth)
|
auth->info.lnkname, auth->info.downReason, termCause)); |
auth->info.lnkname, auth->info.downReason, termCause)); |
|
|
if (rad_put_int(auth->radius.handle, RAD_ACCT_TERMINATE_CAUSE, termCause) != 0) { |
if (rad_put_int(auth->radius.handle, RAD_ACCT_TERMINATE_CAUSE, termCause) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_TERMINATE_CAUSE failed: %s", | RadiusLogError(auth, "Put RAD_ACCT_TERMINATE_CAUSE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
} else { |
} else { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: RAD_UPDATE", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: RAD_UPDATE", |
auth->info.lnkname)); |
auth->info.lnkname)); |
if (rad_put_int(auth->radius.handle, RAD_ACCT_STATUS_TYPE, RAD_UPDATE)) { |
if (rad_put_int(auth->radius.handle, RAD_ACCT_STATUS_TYPE, RAD_UPDATE)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_STATUS_TYPE: %s", | RadiusLogError(auth, "Put RAD_ACCT_STATUS_TYPE failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
} |
} |
Line 1139 RadiusPutAcct(AuthData auth)
|
Line 1166 RadiusPutAcct(AuthData auth)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_SESSION_TIME: %ld", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_SESSION_TIME: %ld", |
auth->info.lnkname, (long int)(time(NULL) - auth->info.last_up))); |
auth->info.lnkname, (long int)(time(NULL) - auth->info.last_up))); |
if (rad_put_int(auth->radius.handle, RAD_ACCT_SESSION_TIME, time(NULL) - auth->info.last_up) != 0) { |
if (rad_put_int(auth->radius.handle, RAD_ACCT_SESSION_TIME, time(NULL) - auth->info.last_up) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_ACCT_SESSION_TIME failed: %s", | RadiusLogError(auth, "Put RAD_ACCT_SESSION_TIME failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
|
|
Line 1156 RadiusPutAcct(AuthData auth)
|
Line 1182 RadiusPutAcct(AuthData auth)
|
if (rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_OCTETS, auth->info.stats.recvOctets % MAX_U_INT32) != 0 || |
if (rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_OCTETS, auth->info.stats.recvOctets % MAX_U_INT32) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_PACKETS, auth->info.stats.recvFrames) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_PACKETS, auth->info.stats.recvFrames) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_GIGAWORDS, auth->info.stats.recvOctets / MAX_U_INT32) != 0) { |
rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_GIGAWORDS, auth->info.stats.recvOctets / MAX_U_INT32) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put input stats: %s", auth->info.lnkname, | RadiusLogError(auth, "Put input stats failed"); |
rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
#ifdef USE_NG_BPF |
#ifdef USE_NG_BPF |
Line 1173 RadiusPutAcct(AuthData auth)
|
Line 1198 RadiusPutAcct(AuthData auth)
|
if (rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_OCTETS, auth->info.stats.xmitOctets % MAX_U_INT32) != 0 || |
if (rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_OCTETS, auth->info.stats.xmitOctets % MAX_U_INT32) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_PACKETS, auth->info.stats.xmitFrames) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_PACKETS, auth->info.stats.xmitFrames) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_GIGAWORDS, auth->info.stats.xmitOctets / MAX_U_INT32) != 0) { |
rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_GIGAWORDS, auth->info.stats.xmitOctets / MAX_U_INT32) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put output stats: %s", auth->info.lnkname, | RadiusLogError(auth, "Put output stats failed"); |
rad_strerror(auth->radius.handle))); | |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
#ifdef USE_NG_BPF |
#ifdef USE_NG_BPF |
Line 1184 RadiusPutAcct(AuthData auth)
|
Line 1208 RadiusPutAcct(AuthData auth)
|
snprintf(str, sizeof(str), "%s:%llu", |
snprintf(str, sizeof(str), "%s:%llu", |
ssr->name, (long long unsigned)ssr->Octets); |
ssr->name, (long long unsigned)ssr->Octets); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_INPUT_OCTETS: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_INPUT_OCTETS: %s", |
auth->info.lnkname, str)); | auth->info.lnkname, str)); |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_INPUT_OCTETS, str) != 0) { |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_INPUT_OCTETS, str) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_INPUT_OCTETS: %s", auth->info.lnkname, | RadiusLogError(auth, "Put RAD_MPD_INPUT_OCTETS failed"); |
rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
} |
} |
snprintf(str, sizeof(str), "%s:%llu", |
snprintf(str, sizeof(str), "%s:%llu", |
ssr->name, (long long unsigned)ssr->Packets); |
ssr->name, (long long unsigned)ssr->Packets); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_INPUT_PACKETS: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_INPUT_PACKETS: %s", |
auth->info.lnkname, str)); | auth->info.lnkname, str)); |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_INPUT_PACKETS, str) != 0) { |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_INPUT_PACKETS, str) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_INPUT_PACKETS: %s", auth->info.lnkname, | RadiusLogError(auth, "Put RAD_MPD_INPUT_PACKETS failed"); |
rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
} |
} |
if (strcmp(ssr->name,auth->params.std_acct[0]) == 0) { |
if (strcmp(ssr->name,auth->params.std_acct[0]) == 0) { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_INPUT_OCTETS: %lu", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_INPUT_OCTETS: %lu", |
auth->info.lnkname, (long unsigned int)(ssr->Octets % MAX_U_INT32))); | auth->info.lnkname, (long unsigned int)(ssr->Octets % MAX_U_INT32))); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_INPUT_GIGAWORDS: %lu", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_INPUT_GIGAWORDS: %lu", |
auth->info.lnkname, (long unsigned int)(ssr->Octets / MAX_U_INT32))); | auth->info.lnkname, (long unsigned int)(ssr->Octets / MAX_U_INT32))); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_INPUT_PACKETS: %lu", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_INPUT_PACKETS: %lu", |
auth->info.lnkname, (long unsigned int)(ssr->Packets))); | auth->info.lnkname, (long unsigned int)(ssr->Packets))); |
if (rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_OCTETS, ssr->Octets % MAX_U_INT32) != 0 || |
if (rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_OCTETS, ssr->Octets % MAX_U_INT32) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_PACKETS, ssr->Packets) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_PACKETS, ssr->Packets) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_GIGAWORDS, ssr->Octets / MAX_U_INT32) != 0) { |
rad_put_int(auth->radius.handle, RAD_ACCT_INPUT_GIGAWORDS, ssr->Octets / MAX_U_INT32) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put input stats: %s", auth->info.lnkname, | RadiusLogError(auth, "Put input stats failed"); |
rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
} |
} |
Line 1218 RadiusPutAcct(AuthData auth)
|
Line 1241 RadiusPutAcct(AuthData auth)
|
snprintf(str, sizeof(str), "%s:%llu", |
snprintf(str, sizeof(str), "%s:%llu", |
ssr->name, (long long unsigned)ssr->Octets); |
ssr->name, (long long unsigned)ssr->Octets); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_OUTPUT_OCTETS: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_OUTPUT_OCTETS: %s", |
auth->info.lnkname, str)); | auth->info.lnkname, str)); |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_OUTPUT_OCTETS, str) != 0) { |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_OUTPUT_OCTETS, str) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_OUTPUT_OCTETS: %s", auth->info.lnkname, | RadiusLogError(auth, "Put RAD_MPD_OUTPUT_OCTETS failed"); |
rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
} |
} |
snprintf(str, sizeof(str), "%s:%llu", |
snprintf(str, sizeof(str), "%s:%llu", |
ssr->name, (long long unsigned)ssr->Packets); |
ssr->name, (long long unsigned)ssr->Packets); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_OUTPUT_PACKETS: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_MPD_OUTPUT_PACKETS: %s", |
auth->info.lnkname, str)); | auth->info.lnkname, str)); |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_OUTPUT_PACKETS, str) != 0) { |
if (rad_put_vendor_string(auth->radius.handle, RAD_VENDOR_MPD, RAD_MPD_OUTPUT_PACKETS, str) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put RAD_MPD_OUTPUT_PACKETS: %s", auth->info.lnkname, | RadiusLogError(auth, "Put RAD_MPD_OUTPUT_PACKETS failed"); |
rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
} |
} |
if (strcmp(ssr->name,auth->params.std_acct[1]) == 0) { |
if (strcmp(ssr->name,auth->params.std_acct[1]) == 0) { |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_OUTPUT_OCTETS: %lu", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_OUTPUT_OCTETS: %lu", |
auth->info.lnkname, (long unsigned int)(ssr->Octets % MAX_U_INT32))); | auth->info.lnkname, (long unsigned int)(ssr->Octets % MAX_U_INT32))); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_OUTPUT_GIGAWORDS: %lu", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_OUTPUT_GIGAWORDS: %lu", |
auth->info.lnkname, (long unsigned int)(ssr->Octets / MAX_U_INT32))); | auth->info.lnkname, (long unsigned int)(ssr->Octets / MAX_U_INT32))); |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_OUTPUT_PACKETS: %lu", |
Log(LG_RADIUS2, ("[%s] RADIUS: Put RAD_ACCT_OUTPUT_PACKETS: %lu", |
auth->info.lnkname, (long unsigned int)(ssr->Packets))); | auth->info.lnkname, (long unsigned int)(ssr->Packets))); |
if (rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_OCTETS, ssr->Octets % MAX_U_INT32) != 0 || |
if (rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_OCTETS, ssr->Octets % MAX_U_INT32) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_PACKETS, ssr->Packets) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_PACKETS, ssr->Packets) != 0 || |
rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_GIGAWORDS, ssr->Octets / MAX_U_INT32) != 0) { |
rad_put_int(auth->radius.handle, RAD_ACCT_OUTPUT_GIGAWORDS, ssr->Octets / MAX_U_INT32) != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: Put output stats: %s", auth->info.lnkname, | RadiusLogError(auth, "Put output stats failed"); |
rad_strerror(auth->radius.handle))); | return (RAD_NACK); |
return (RAD_NACK); | |
} |
} |
} |
} |
} |
} |
Line 1264 RadiusSendRequest(AuthData auth)
|
Line 1286 RadiusSendRequest(AuthData auth)
|
auth->info.lnkname, auth->params.authname)); |
auth->info.lnkname, auth->params.authname)); |
n = rad_init_send_request(auth->radius.handle, &fd, &tv); |
n = rad_init_send_request(auth->radius.handle, &fd, &tv); |
if (n != 0) { |
if (n != 0) { |
Log(LG_RADIUS, ("[%s] RADIUS: rad_init_send_request failed: %d %s", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: rad_init_send_request failed: %d %s", |
auth->info.lnkname, n, rad_strerror(auth->radius.handle))); | auth->info.lnkname, n, rad_strerror(auth->radius.handle))); |
return (RAD_NACK); | return (RAD_NACK); |
} |
} |
|
|
gettimeofday(&timelimit, NULL); |
gettimeofday(&timelimit, NULL); |
Line 1282 RadiusSendRequest(AuthData auth)
|
Line 1304 RadiusSendRequest(AuthData auth)
|
n = poll(fds,1,tv.tv_sec*1000+tv.tv_usec/1000); |
n = poll(fds,1,tv.tv_sec*1000+tv.tv_usec/1000); |
|
|
if (n == -1) { |
if (n == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: poll failed %s", auth->info.lnkname, | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: poll failed %s", |
strerror(errno))); | auth->info.lnkname, strerror(errno))); |
return (RAD_NACK); | return (RAD_NACK); |
} |
} |
|
|
if ((fds[0].revents&POLLIN)!=POLLIN) { |
if ((fds[0].revents&POLLIN)!=POLLIN) { |
Line 1337 RadiusSendRequest(AuthData auth)
|
Line 1359 RadiusSendRequest(AuthData auth)
|
return (RAD_NACK); |
return (RAD_NACK); |
|
|
default: |
default: |
Log(LG_RADIUS, ("[%s] RADIUS: rad_send_request: unexpected return value: %d", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: rad_send_request: unexpected return value: %d", |
auth->info.lnkname, n)); |
auth->info.lnkname, n)); |
return (RAD_NACK); |
return (RAD_NACK); |
} |
} |
Line 1355 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1377 RadiusGetParams(AuthData auth, int eap_proxy)
|
char *route; |
char *route; |
char *tmpval; |
char *tmpval; |
struct in_addr ip; |
struct in_addr ip; |
|
struct in6_addr ipv6; |
|
char buf[64]; |
#if defined(USE_NG_BPF) || defined(USE_IPFW) |
#if defined(USE_NG_BPF) || defined(USE_IPFW) |
struct acl **acls, *acls1; |
struct acl **acls, *acls1; |
char *acl, *acl1, *acl2, *acl3; |
char *acl, *acl1, *acl2, *acl3; |
Line 1421 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1445 RadiusGetParams(AuthData auth, int eap_proxy)
|
|
|
case RAD_FRAMED_IP_ADDRESS: |
case RAD_FRAMED_IP_ADDRESS: |
ip = rad_cvt_addr(data); |
ip = rad_cvt_addr(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_ADDRESS: %s ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_ADDRESS: %s", |
auth->info.lnkname, inet_ntoa(ip))); |
auth->info.lnkname, inet_ntoa(ip))); |
| |
if (strcmp(inet_ntoa(ip), "255.255.255.255") == 0) { | if (ip.s_addr == INADDR_BROADCAST) { |
/* the peer can choose an address */ |
/* the peer can choose an address */ |
Log(LG_RADIUS2, ("[%s] the peer can choose an address", auth->info.lnkname)); |
Log(LG_RADIUS2, ("[%s] the peer can choose an address", auth->info.lnkname)); |
ip.s_addr=0; |
ip.s_addr=0; |
Line 1441 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1465 RadiusGetParams(AuthData auth, int eap_proxy)
|
} |
} |
break; |
break; |
|
|
|
#ifdef HAVE_RAD_ADDR6 |
|
case RAD_FRAMED_IPV6_ADDRESS: |
|
ipv6 = rad_cvt_addr6(data); |
|
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ADDRESS: %s", |
|
auth->info.lnkname, inet_ntop(AF_INET6, &ipv6, buf, sizeof(buf)))); |
|
in6_addrtou_range(&ipv6, 64, &auth->params.range); |
|
auth->params.range_valid = 1; |
|
break; |
|
#endif |
|
|
case RAD_USER_NAME: |
case RAD_USER_NAME: |
tmpval = rad_cvt_string(data, len); |
tmpval = rad_cvt_string(data, len); |
/* copy it into the persistent data struct */ |
/* copy it into the persistent data struct */ |
strlcpy(auth->params.authname, tmpval, sizeof(auth->params.authname)); |
strlcpy(auth->params.authname, tmpval, sizeof(auth->params.authname)); |
free(tmpval); |
free(tmpval); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_USER_NAME: %s ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_USER_NAME: %s", |
auth->info.lnkname, auth->params.authname)); |
auth->info.lnkname, auth->params.authname)); |
break; |
break; |
|
|
case RAD_FRAMED_IP_NETMASK: |
case RAD_FRAMED_IP_NETMASK: |
ip = rad_cvt_addr(data); |
ip = rad_cvt_addr(data); |
auth->params.netmask = in_addrtowidth(&ip); |
auth->params.netmask = in_addrtowidth(&ip); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_NETMASK: %s (/%d) ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IP_NETMASK: %s (/%d)", |
auth->info.lnkname, inet_ntoa(ip), auth->params.netmask)); |
auth->info.lnkname, inet_ntoa(ip), auth->params.netmask)); |
break; |
break; |
|
|
case RAD_FRAMED_ROUTE: |
case RAD_FRAMED_ROUTE: |
route = rad_cvt_string(data, len); |
route = rad_cvt_string(data, len); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: %s ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: %s", |
auth->info.lnkname, route)); |
auth->info.lnkname, route)); |
if (!ParseRange(route, &range, ALLOW_IPV4)) { |
if (!ParseRange(route, &range, ALLOW_IPV4)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: Bad route \"%s\"", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_ROUTE: Bad route \"%s\"", |
auth->info.lnkname, route)); |
auth->info.lnkname, route)); |
free(route); |
free(route); |
break; |
break; |
Line 1473 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1507 RadiusGetParams(AuthData auth, int eap_proxy)
|
j = 0; |
j = 0; |
SLIST_FOREACH(r1, &auth->params.routes, next) { |
SLIST_FOREACH(r1, &auth->params.routes, next) { |
if (!u_rangecompare(&r->dest, &r1->dest)) { |
if (!u_rangecompare(&r->dest, &r1->dest)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Duplicate route %s", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Duplicate route %s", |
auth->info.lnkname, route)); |
auth->info.lnkname, route)); |
j = 1; |
j = 1; |
} |
} |
Line 1488 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1522 RadiusGetParams(AuthData auth, int eap_proxy)
|
|
|
case RAD_FRAMED_IPV6_ROUTE: |
case RAD_FRAMED_IPV6_ROUTE: |
route = rad_cvt_string(data, len); |
route = rad_cvt_string(data, len); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: %s ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: %s", |
auth->info.lnkname, route)); |
auth->info.lnkname, route)); |
if (!ParseRange(route, &range, ALLOW_IPV6)) { |
if (!ParseRange(route, &range, ALLOW_IPV6)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: Bad route \"%s\"", auth->info.lnkname, route)); | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_IPV6_ROUTE: Bad route \"%s\"", auth->info.lnkname, route)); |
free(route); |
free(route); |
break; |
break; |
} |
} |
Line 1501 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1535 RadiusGetParams(AuthData auth, int eap_proxy)
|
j = 0; |
j = 0; |
SLIST_FOREACH(r1, &auth->params.routes, next) { |
SLIST_FOREACH(r1, &auth->params.routes, next) { |
if (!u_rangecompare(&r->dest, &r1->dest)) { |
if (!u_rangecompare(&r->dest, &r1->dest)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Duplicate route %s", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Duplicate route %s", |
auth->info.lnkname, route)); |
auth->info.lnkname, route)); |
j = 1; |
j = 1; |
} |
} |
Line 1516 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1550 RadiusGetParams(AuthData auth, int eap_proxy)
|
|
|
case RAD_SESSION_TIMEOUT: |
case RAD_SESSION_TIMEOUT: |
auth->params.session_timeout = rad_cvt_int(data); |
auth->params.session_timeout = rad_cvt_int(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_SESSION_TIMEOUT: %u ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_SESSION_TIMEOUT: %u", |
auth->info.lnkname, auth->params.session_timeout)); |
auth->info.lnkname, auth->params.session_timeout)); |
break; |
break; |
|
|
case RAD_IDLE_TIMEOUT: |
case RAD_IDLE_TIMEOUT: |
auth->params.idle_timeout = rad_cvt_int(data); |
auth->params.idle_timeout = rad_cvt_int(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_IDLE_TIMEOUT: %u ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_IDLE_TIMEOUT: %u", |
auth->info.lnkname, auth->params.idle_timeout)); |
auth->info.lnkname, auth->params.idle_timeout)); |
break; |
break; |
|
|
case RAD_ACCT_INTERIM_INTERVAL: |
case RAD_ACCT_INTERIM_INTERVAL: |
auth->params.acct_update = rad_cvt_int(data); |
auth->params.acct_update = rad_cvt_int(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_ACCT_INTERIM_INTERVAL: %u ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_ACCT_INTERIM_INTERVAL: %u", |
auth->info.lnkname, auth->params.acct_update)); |
auth->info.lnkname, auth->params.acct_update)); |
break; |
break; |
|
|
case RAD_FRAMED_MTU: |
case RAD_FRAMED_MTU: |
i = rad_cvt_int(data); |
i = rad_cvt_int(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_MTU: %u ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_MTU: %u", |
auth->info.lnkname, i)); |
auth->info.lnkname, i)); |
if (i < IFACE_MIN_MTU || i > IFACE_MAX_MTU) { |
if (i < IFACE_MIN_MTU || i > IFACE_MAX_MTU) { |
Log(LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_MTU: invalid MTU: %u ", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Get RAD_FRAMED_MTU: invalid MTU: %u", |
auth->info.lnkname, i)); |
auth->info.lnkname, i)); |
auth->params.mtu = 0; |
auth->params.mtu = 0; |
break; |
break; |
Line 1564 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1598 RadiusGetParams(AuthData auth, int eap_proxy)
|
break; |
break; |
|
|
case RAD_FILTER_ID: |
case RAD_FILTER_ID: |
|
Freee(auth->params.filter_id); |
|
auth->params.filter_id = NULL; |
|
if (len == 0) |
|
break; |
tmpval = rad_cvt_string(data, len); |
tmpval = rad_cvt_string(data, len); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get (RAD_FILTER_ID: %s)", | auth->params.filter_id = Mdup(MB_AUTH, tmpval, len + 1); |
auth->info.lnkname, tmpval)); | |
free(tmpval); |
free(tmpval); |
|
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FILTER_ID: %s", |
|
auth->info.lnkname, auth->params.filter_id)); |
break; |
break; |
|
|
case RAD_SERVICE_TYPE: |
case RAD_SERVICE_TYPE: |
Line 1576 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1615 RadiusGetParams(AuthData auth, int eap_proxy)
|
break; |
break; |
|
|
case RAD_REPLY_MESSAGE: |
case RAD_REPLY_MESSAGE: |
|
Freee(auth->reply_message); |
|
auth->reply_message = NULL; |
|
if (len == 0) |
|
break; |
tmpval = rad_cvt_string(data, len); |
tmpval = rad_cvt_string(data, len); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_REPLY_MESSAGE: %s ", |
|
auth->info.lnkname, tmpval)); |
|
auth->reply_message = Mdup(MB_AUTH, tmpval, len + 1); |
auth->reply_message = Mdup(MB_AUTH, tmpval, len + 1); |
free(tmpval); |
free(tmpval); |
|
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_REPLY_MESSAGE: %s", |
|
auth->info.lnkname, auth->reply_message)); |
break; |
break; |
|
|
case RAD_FRAMED_POOL: |
case RAD_FRAMED_POOL: |
Line 1588 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1631 RadiusGetParams(AuthData auth, int eap_proxy)
|
/* copy it into the persistent data struct */ |
/* copy it into the persistent data struct */ |
strlcpy(auth->params.ippool, tmpval, sizeof(auth->params.ippool)); |
strlcpy(auth->params.ippool, tmpval, sizeof(auth->params.ippool)); |
free(tmpval); |
free(tmpval); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_POOL: %s ", | Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_FRAMED_POOL: %s", |
auth->info.lnkname, auth->params.ippool)); |
auth->info.lnkname, auth->params.ippool)); |
break; |
break; |
|
|
case RAD_VENDOR_SPECIFIC: |
case RAD_VENDOR_SPECIFIC: |
if ((res = rad_get_vendor_attr(&vendor, &data, &len)) == -1) { |
if ((res = rad_get_vendor_attr(&vendor, &data, &len)) == -1) { |
Log(LG_RADIUS, ("[%s] RADIUS: Get vendor attr failed: %s ", | Log(LG_RADIUS, ("[%s] RADIUS: Get vendor attr failed: %s", |
auth->info.lnkname, rad_strerror(auth->radius.handle))); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); |
return RAD_NACK; |
return RAD_NACK; |
} |
} |
Line 1653 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1696 RadiusGetParams(AuthData auth, int eap_proxy)
|
|
|
case RAD_MICROSOFT_MS_CHAP_DOMAIN: |
case RAD_MICROSOFT_MS_CHAP_DOMAIN: |
Freee(auth->params.msdomain); |
Freee(auth->params.msdomain); |
|
auth->params.msdomain = NULL; |
|
if (len == 0) |
|
break; |
tmpval = rad_cvt_string(data, len); |
tmpval = rad_cvt_string(data, len); |
auth->params.msdomain = Mdup(MB_AUTH, tmpval, len + 1); |
auth->params.msdomain = Mdup(MB_AUTH, tmpval, len + 1); |
free(tmpval); |
free(tmpval); |
Line 1667 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1713 RadiusGetParams(AuthData auth, int eap_proxy)
|
auth->info.lnkname)); |
auth->info.lnkname)); |
tmpkey = rad_demangle_mppe_key(auth->radius.handle, data, len, &tmpkey_len); |
tmpkey = rad_demangle_mppe_key(auth->radius.handle, data, len, &tmpkey_len); |
if (!tmpkey) { |
if (!tmpkey) { |
Log(LG_RADIUS, ("[%s] RADIUS: rad_demangle_mppe_key failed: %s", | RadiusLogError(auth, "rad_demangle_mppe_key failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return RAD_NACK; |
return RAD_NACK; |
} |
} |
|
|
Line 1682 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1727 RadiusGetParams(AuthData auth, int eap_proxy)
|
auth->info.lnkname)); |
auth->info.lnkname)); |
tmpkey = rad_demangle_mppe_key(auth->radius.handle, data, len, &tmpkey_len); |
tmpkey = rad_demangle_mppe_key(auth->radius.handle, data, len, &tmpkey_len); |
if (!tmpkey) { |
if (!tmpkey) { |
Log(LG_RADIUS, ("[%s] RADIUS: rad_demangle_mppe_key failed: %s", | RadiusLogError(auth, "rad_demangle_mppe_key failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return RAD_NACK; |
return RAD_NACK; |
} |
} |
memcpy(auth->params.msoft.xmit_key, tmpkey, MPPE_KEY_LEN); |
memcpy(auth->params.msoft.xmit_key, tmpkey, MPPE_KEY_LEN); |
Line 1697 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1741 RadiusGetParams(AuthData auth, int eap_proxy)
|
auth->info.lnkname)); |
auth->info.lnkname)); |
|
|
if (len != 32) { |
if (len != 32) { |
Log(LG_RADIUS, ("[%s] RADIUS: Server returned garbage %d of expected %d Bytes", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Server returned garbage %d of expected %d Bytes", |
auth->info.lnkname, (int)len, 32)); |
auth->info.lnkname, (int)len, 32)); |
return RAD_NACK; |
return RAD_NACK; |
} |
} |
|
|
tmpkey = rad_demangle(auth->radius.handle, data, len); |
tmpkey = rad_demangle(auth->radius.handle, data, len); |
if (tmpkey == NULL) { |
if (tmpkey == NULL) { |
Log(LG_RADIUS, ("[%s] RADIUS: rad_demangle failed: %s", | RadiusLogError(auth, "rad_demangle failed"); |
auth->info.lnkname, rad_strerror(auth->radius.handle))); | |
return RAD_NACK; |
return RAD_NACK; |
} |
} |
memcpy(auth->params.msoft.lm_hash, tmpkey, sizeof(auth->params.msoft.lm_hash)); |
memcpy(auth->params.msoft.lm_hash, tmpkey, sizeof(auth->params.msoft.lm_hash)); |
Line 1724 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1767 RadiusGetParams(AuthData auth, int eap_proxy)
|
|
|
case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: |
case RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: |
{ |
{ |
char buf[64]; | char buf[48]; |
auth->params.msoft.types = rad_cvt_int(data); |
auth->params.msoft.types = rad_cvt_int(data); |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: %d (%s)", |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES: %d (%s)", |
auth->info.lnkname, auth->params.msoft.types, |
auth->info.lnkname, auth->params.msoft.types, |
Line 1757 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1800 RadiusGetParams(AuthData auth, int eap_proxy)
|
break; |
break; |
|
|
default: |
default: |
Log(LG_RADIUS2, ("[%s] RADIUS: Dropping MICROSOFT vendor specific attribute: %d ", | Log(LG_RADIUS2, ("[%s] RADIUS: Dropping MICROSOFT vendor specific attribute: %d", |
auth->info.lnkname, res)); |
auth->info.lnkname, res)); |
break; |
break; |
} |
} |
Line 1843 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1886 RadiusGetParams(AuthData auth, int eap_proxy)
|
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_MPD_FILTER: %s", |
Log(LG_RADIUS2, ("[%s] RADIUS: Get RAD_MPD_FILTER: %s", |
auth->info.lnkname, acl)); |
auth->info.lnkname, acl)); |
acl2 = strsep(&acl1, "#"); |
acl2 = strsep(&acl1, "#"); |
i = atol(acl2); | i = atoi(acl2); |
if (i <= 0 || i > ACL_FILTERS) { |
if (i <= 0 || i > ACL_FILTERS) { |
Log(LG_RADIUS, ("[%s] RADIUS: Wrong filter number: %i", | Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: Wrong filter number: %i", |
auth->info.lnkname, i)); |
auth->info.lnkname, i)); |
free(acl); |
free(acl); |
break; |
break; |
Line 1861 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1904 RadiusGetParams(AuthData auth, int eap_proxy)
|
} else if (strcasecmp(acl2, "out") == 0) { |
} else if (strcasecmp(acl2, "out") == 0) { |
i = 1; |
i = 1; |
} else { |
} else { |
Log(LG_ERR, ("[%s] RADIUS: Wrong limit direction: '%s'", | Log(LG_ERR|LG_ERR, ("[%s] RADIUS: Wrong limit direction: '%s'", |
auth->info.lnkname, acl2)); |
auth->info.lnkname, acl2)); |
free(acl); |
free(acl); |
break; |
break; |
Line 1892 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1935 RadiusGetParams(AuthData auth, int eap_proxy)
|
} |
} |
#if defined(USE_NG_BPF) || defined(USE_IPFW) |
#if defined(USE_NG_BPF) || defined(USE_IPFW) |
if (acl1 == NULL) { |
if (acl1 == NULL) { |
Log(LG_ERR, ("[%s] RADIUS: Incorrect acl!", | Log(LG_ERR, ("[%s] RADIUS: Incorrect acl!", auth->info.lnkname)); |
auth->info.lnkname)); | |
free(acl); |
free(acl); |
break; |
break; |
} |
} |
| |
acl3 = acl1; |
acl3 = acl1; |
strsep(&acl3, "="); |
strsep(&acl3, "="); |
acl2 = acl1; |
acl2 = acl1; |
strsep(&acl2, "#"); |
strsep(&acl2, "#"); |
i = atol(acl1); | i = atoi(acl1); |
if (i <= 0) { |
if (i <= 0) { |
Log(LG_ERR, ("[%s] RADIUS: Wrong acl number: %i", |
Log(LG_ERR, ("[%s] RADIUS: Wrong acl number: %i", |
auth->info.lnkname, i)); |
auth->info.lnkname, i)); |
Line 1933 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1975 RadiusGetParams(AuthData auth, int eap_proxy)
|
} else if (((*acls)->number == acls1->number) && |
} else if (((*acls)->number == acls1->number) && |
(res != RAD_MPD_TABLE) && |
(res != RAD_MPD_TABLE) && |
(res != RAD_MPD_TABLE_STATIC)) { |
(res != RAD_MPD_TABLE_STATIC)) { |
Log(LG_ERR, ("[%s] RADIUS: Duplicate acl", | Log(LG_ERR, ("[%s] RADIUS: Duplicate acl", auth->info.lnkname)); |
auth->info.lnkname)); | |
Freee(acls1); |
Freee(acls1); |
free(acl); |
free(acl); |
break; |
break; |
Line 1948 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 1989 RadiusGetParams(AuthData auth, int eap_proxy)
|
#endif /* USE_NG_BPF or USE_IPFW */ |
#endif /* USE_NG_BPF or USE_IPFW */ |
|
|
default: |
default: |
Log(LG_RADIUS2, ("[%s] RADIUS: Dropping vendor %d attribute: %d ", | Log(LG_RADIUS2, ("[%s] RADIUS: Dropping vendor %d attribute: %d", |
auth->info.lnkname, vendor, res)); |
auth->info.lnkname, vendor, res)); |
break; |
break; |
} |
} |
break; |
break; |
|
|
default: |
default: |
Log(LG_RADIUS2, ("[%s] RADIUS: Dropping attribute: %d ", | Log(LG_RADIUS2, ("[%s] RADIUS: Dropping attribute: %d", |
auth->info.lnkname, res)); |
auth->info.lnkname, res)); |
break; |
break; |
} |
} |
Line 1966 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 2007 RadiusGetParams(AuthData auth, int eap_proxy)
|
/* sanity check, this happens when FreeRADIUS has no msoft-dictionary loaded */ |
/* sanity check, this happens when FreeRADIUS has no msoft-dictionary loaded */ |
if (auth->proto == PROTO_CHAP && auth->alg == CHAP_ALG_MSOFTv2 |
if (auth->proto == PROTO_CHAP && auth->alg == CHAP_ALG_MSOFTv2 |
&& auth->mschapv2resp == NULL && auth->status == AUTH_STATUS_SUCCESS) { |
&& auth->mschapv2resp == NULL && auth->status == AUTH_STATUS_SUCCESS) { |
Log(LG_RADIUS, ("[%s] RADIUS: PANIC no MS-CHAP2-Success received from server!", | Log(LG_ERR|LG_RADIUS, |
| ("[%s] RADIUS: PANIC no MS-CHAP2-Success received from server!", |
auth->info.lnkname)); |
auth->info.lnkname)); |
return RAD_NACK; |
return RAD_NACK; |
} |
} |
Line 1975 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 2017 RadiusGetParams(AuthData auth, int eap_proxy)
|
/* print warning, because MPPE doesen't work */ |
/* print warning, because MPPE doesen't work */ |
if (!(auth->params.msoft.has_keys || auth->params.msoft.has_nt_hash || auth->params.msoft.has_lm_hash) && |
if (!(auth->params.msoft.has_keys || auth->params.msoft.has_nt_hash || auth->params.msoft.has_lm_hash) && |
auth->params.msoft.policy != MPPE_POLICY_NONE) { |
auth->params.msoft.policy != MPPE_POLICY_NONE) { |
Log(LG_RADIUS, ("[%s] RADIUS: WARNING no MPPE-Keys received, MPPE will not work", | Log(LG_ERR|LG_RADIUS, |
| ("[%s] RADIUS: WARNING no MPPE-Keys received, MPPE will not work", |
auth->info.lnkname)); |
auth->info.lnkname)); |
} |
} |
|
|
Line 1986 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 2029 RadiusGetParams(AuthData auth, int eap_proxy)
|
(auth->params.msoft.has_keys || auth->params.msoft.has_nt_hash || auth->params.msoft.has_lm_hash)) { |
(auth->params.msoft.has_keys || auth->params.msoft.has_nt_hash || auth->params.msoft.has_lm_hash)) { |
auth->params.msoft.policy = MPPE_POLICY_ALLOWED; |
auth->params.msoft.policy = MPPE_POLICY_ALLOWED; |
auth->params.msoft.types = MPPE_TYPE_40BIT | MPPE_TYPE_128BIT | MPPE_TYPE_56BIT; |
auth->params.msoft.types = MPPE_TYPE_40BIT | MPPE_TYPE_128BIT | MPPE_TYPE_56BIT; |
Log(LG_RADIUS, ("[%s] RADIUS: MPPE-Keys present, but no MPPE-Infos received => allowing MPPE with all types", | Log(LG_ERR|LG_RADIUS, |
| ("[%s] RADIUS: MPPE-Keys present, but no MPPE-Infos received => allowing MPPE with all types", |
auth->info.lnkname)); |
auth->info.lnkname)); |
} |
} |
|
|
Line 2003 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 2047 RadiusGetParams(AuthData auth, int eap_proxy)
|
j = 0; |
j = 0; |
SLIST_FOREACH(r1, &auth->params.routes, next) { |
SLIST_FOREACH(r1, &auth->params.routes, next) { |
if (!u_rangecompare(&r->dest, &r1->dest)) { |
if (!u_rangecompare(&r->dest, &r1->dest)) { |
Log(LG_RADIUS, ("[%s] RADIUS: Duplicate route", auth->info.lnkname)); | Log(LG_ERR|LG_RADIUS, |
| ("[%s] RADIUS: Duplicate route", auth->info.lnkname)); |
j = 1; |
j = 1; |
} |
} |
}; |
}; |
Line 2016 RadiusGetParams(AuthData auth, int eap_proxy)
|
Line 2061 RadiusGetParams(AuthData auth, int eap_proxy)
|
} |
} |
|
|
return (RAD_ACK); |
return (RAD_ACK); |
|
} |
|
|
|
static void |
|
RadiusLogError(AuthData auth, const char *errmsg) |
|
{ |
|
Log(LG_ERR|LG_RADIUS, ("[%s] RADIUS: %s: %s", |
|
auth->info.lnkname, errmsg, rad_strerror(auth->radius.handle))); |
} |
} |