l2tp: Add PAP auth information in ICCN

To support proxy auth.
2025-03-23 03:17:41 +01:00 · 2025-03-23 03:17:41 +01:00 · 40796d2adb
commit 40796d2adb
parent e701644d37
4 changed files with 37 additions and 0 deletions
--- a/l2tpns.c
+++ b/l2tpns.c
@ -4862,6 +4862,9 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr, uint16_t indexu
 						session[s].ppp.lcp = Starting;
 						sess_local[s].lcp_last_received_confreq_n = 0;
 						sess_local[s].lcp_last_sent_confreq_n = 0;
+						sess_local[s].auth_type = 0;
+						sess_local[s].auth_name[0] = 0;
+						sess_local[s].auth_resp[0] = 0;

 						STAT(session_created);
 						break;
@ -4912,6 +4915,20 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr, uint16_t indexu
 						controlb(c, 28, sess_local[fs].lcp_last_received_confreq,
 						                sess_local[fs].lcp_last_received_confreq_n, 0);

+					if (sess_local[fs].auth_type == 3) // PAP
+					{
+						// Proxy Authentication Type
+						control16(c, 29, sess_local[fs].auth_type, 0);
+						// Proxy Authentication Name
+						controlb(c, 30, sess_local[fs].auth_name,
+										strlen((const char*) sess_local[fs].auth_name), 0);
+						// Proxy Authentication Id
+						control16(c, 32, sess_local[fs].auth_id, 0);
+						// Proxy Authentication Response
+						controlb(c, 33, sess_local[fs].auth_resp,
+										strlen((const char*) sess_local[fs].auth_resp), 0);
+					}
+
 					controladd(c, asession, t); // send the message
 					LOG(3, s, t, "Sending ICCN\n");
 				}
--- a/l2tpns.h
+++ b/l2tpns.h
@ -425,6 +425,14 @@ typedef struct
 	// Last Sent LCP ConfReq and its length
 	uint8_t lcp_last_sent_confreq[MAXLCPLENGTH];
 	int lcp_last_sent_confreq_n;
+	// Negotiated authentication type
+	uint16_t auth_type;
+	// Negotiated authentication ID
+	uint16_t auth_id;
+	// Negotiated authentication name
+	uint8_t auth_name[64];
+	// Negotiated authentication response
+	uint8_t auth_resp[64];

 	// our MRU
 	uint16_t ppp_mru;
--- a/ppp.c
+++ b/ppp.c
@ -155,6 +155,9 @@ void processpap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
 		strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
 		strncpy(radius[r].pass, packet.password, sizeof(radius[r].pass) - 1);

+		strncpy((char *) sess_local[s].auth_name, packet.username, sizeof(sess_local[s].auth_name) - 1);
+		strncpy((char *) sess_local[s].auth_resp, packet.password, sizeof(sess_local[s].auth_resp) - 1);
+
 		free(packet.username);
 		free(packet.password);

@ -427,6 +430,9 @@ void lcp_restart(sessionidt s)
 	session[s].ppp.phase = Establish;
 	sess_local[s].lcp_last_received_confreq_n = 0;
 	sess_local[s].lcp_last_sent_confreq_n = 0;
+	sess_local[s].auth_type = 0;
+	sess_local[s].auth_name[0] = 0;
+	sess_local[s].auth_resp[0] = 0;
 	// This-Layer-Down
 	change_state(s, ipcp, Initial);
 	change_state(s, ipv6cp, Initial);
--- a/radius.c
+++ b/radius.c
@ -1046,6 +1046,12 @@ void processrad(uint8_t *buf, int len, char socket_index)

 				LOG(3, s, session[s].tunnel, "Select Tunnel Remote LNS for assignment_id == %s\n", assignment_id);

+				if (!radius[r].chap)
+				{
+					sess_local[s].auth_type = 3; // PAP
+					sess_local[s].auth_id = radius[r].id;
+				}
+
 				if (lac_rad_forwardtoremotelns(s, assignment_id, session[s].user))
 				{
 					int ro;