l2tp: Add CHAP auth information in ICCN
To support proxy auth.
This commit is contained in:
Samuel Thibault
parent
12cc3c39b0
commit
75144a546c
4 changed files with 26 additions and 4 deletions
15
l2tpns.c
15
l2tpns.c
|
|
@ -4863,7 +4863,6 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr, uint16_t indexu
|
||||||
sess_local[s].lcp_last_sent_confreq_n = 0;
|
sess_local[s].lcp_last_sent_confreq_n = 0;
|
||||||
sess_local[s].auth_type = 0;
|
sess_local[s].auth_type = 0;
|
||||||
sess_local[s].auth_name[0] = 0;
|
sess_local[s].auth_name[0] = 0;
|
||||||
sess_local[s].auth_resp[0] = 0;
|
|
||||||
|
|
||||||
STAT(session_created);
|
STAT(session_created);
|
||||||
break;
|
break;
|
||||||
|
|
@ -4927,6 +4926,20 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr, uint16_t indexu
|
||||||
controlb(c, 33, sess_local[fs].auth_resp,
|
controlb(c, 33, sess_local[fs].auth_resp,
|
||||||
strlen((const char*) sess_local[fs].auth_resp), 0);
|
strlen((const char*) sess_local[fs].auth_resp), 0);
|
||||||
}
|
}
|
||||||
|
else if (sess_local[fs].auth_type == 2) // CHAP
|
||||||
|
{
|
||||||
|
// Proxy Authentication Type
|
||||||
|
control16(c, 29, sess_local[fs].auth_type, 0);
|
||||||
|
// Proxy Authentication Name
|
||||||
|
controlb(c, 30, sess_local[fs].auth_name,
|
||||||
|
strlen((const char*) sess_local[fs].auth_name), 0);
|
||||||
|
// Proxy Authentication Challenge
|
||||||
|
controlb(c, 31, sess_local[fs].auth_chall, 16, 0);
|
||||||
|
// Proxy Authentication Id
|
||||||
|
control16(c, 32, sess_local[fs].auth_id, 0);
|
||||||
|
// Proxy Authentication Response
|
||||||
|
controlb(c, 33, sess_local[fs].auth_resp, 16, 0);
|
||||||
|
}
|
||||||
|
|
||||||
controladd(c, asession, t); // send the message
|
controladd(c, asession, t); // send the message
|
||||||
LOG(3, s, t, "Sending ICCN\n");
|
LOG(3, s, t, "Sending ICCN\n");
|
||||||
|
|
|
||||||
2
l2tpns.h
2
l2tpns.h
|
|
@ -432,6 +432,8 @@ typedef struct
|
||||||
uint16_t auth_id;
|
uint16_t auth_id;
|
||||||
// Negotiated authentication name
|
// Negotiated authentication name
|
||||||
uint8_t auth_name[64];
|
uint8_t auth_name[64];
|
||||||
|
// Negotiated authentication challenge
|
||||||
|
uint8_t auth_chall[16];
|
||||||
// Negotiated authentication response
|
// Negotiated authentication response
|
||||||
uint8_t auth_resp[64];
|
uint8_t auth_resp[64];
|
||||||
|
|
||||||
|
|
|
||||||
5
ppp.c
5
ppp.c
|
|
@ -285,6 +285,9 @@ void processchap(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
|
||||||
strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
|
strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
|
||||||
memcpy(radius[r].pass, packet.password, 16);
|
memcpy(radius[r].pass, packet.password, 16);
|
||||||
|
|
||||||
|
strncpy((char *) sess_local[s].auth_name, packet.username, sizeof(sess_local[s].auth_name) - 1);
|
||||||
|
memcpy(sess_local[s].auth_resp, packet.password, 16);
|
||||||
|
|
||||||
free(packet.username);
|
free(packet.username);
|
||||||
free(packet.password);
|
free(packet.password);
|
||||||
}
|
}
|
||||||
|
|
@ -432,7 +435,6 @@ void lcp_restart(sessionidt s)
|
||||||
sess_local[s].lcp_last_sent_confreq_n = 0;
|
sess_local[s].lcp_last_sent_confreq_n = 0;
|
||||||
sess_local[s].auth_type = 0;
|
sess_local[s].auth_type = 0;
|
||||||
sess_local[s].auth_name[0] = 0;
|
sess_local[s].auth_name[0] = 0;
|
||||||
sess_local[s].auth_resp[0] = 0;
|
|
||||||
// This-Layer-Down
|
// This-Layer-Down
|
||||||
change_state(s, ipcp, Initial);
|
change_state(s, ipcp, Initial);
|
||||||
change_state(s, ipv6cp, Initial);
|
change_state(s, ipv6cp, Initial);
|
||||||
|
|
@ -2566,6 +2568,7 @@ void sendchap(sessionidt s, tunnelidt t)
|
||||||
q[1] = radius[r].id; // ID
|
q[1] = radius[r].id; // ID
|
||||||
q[4] = 16; // value size (size of challenge)
|
q[4] = 16; // value size (size of challenge)
|
||||||
memcpy(q + 5, radius[r].auth, 16); // challenge
|
memcpy(q + 5, radius[r].auth, 16); // challenge
|
||||||
|
memcpy(sess_local[s].auth_chall, radius[r].auth, 16);
|
||||||
strcpy((char *) q + 21, config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname); // our name
|
strcpy((char *) q + 21, config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname); // our name
|
||||||
*(uint16_t *) (q + 2) = htons(strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21); // length
|
*(uint16_t *) (q + 2) = htons(strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21); // length
|
||||||
tunnelsend(b, strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21 + (q - b), t); // send it
|
tunnelsend(b, strlen(config->multi_n_hostname[tunnel[t].indexudp][0]?config->multi_n_hostname[tunnel[t].indexudp]:hostname) + 21 + (q - b), t); // send it
|
||||||
|
|
|
||||||
8
radius.c
8
radius.c
|
|
@ -1046,11 +1046,15 @@ void processrad(uint8_t *buf, int len, char socket_index)
|
||||||
|
|
||||||
LOG(3, s, session[s].tunnel, "Select Tunnel Remote LNS for assignment_id == %s\n", assignment_id);
|
LOG(3, s, session[s].tunnel, "Select Tunnel Remote LNS for assignment_id == %s\n", assignment_id);
|
||||||
|
|
||||||
if (!radius[r].chap)
|
if (radius[r].chap)
|
||||||
|
{
|
||||||
|
sess_local[s].auth_type = 2; // PAP
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
sess_local[s].auth_type = 3; // PAP
|
sess_local[s].auth_type = 3; // PAP
|
||||||
sess_local[s].auth_id = radius[r].id;
|
|
||||||
}
|
}
|
||||||
|
sess_local[s].auth_id = radius[r].id;
|
||||||
|
|
||||||
if (lac_rad_forwardtoremotelns(s, assignment_id, session[s].user))
|
if (lac_rad_forwardtoremotelns(s, assignment_id, session[s].user))
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue