radius: use Framed-Route and Framed-IPv6-Route

That is read and if format is the expected, they are forwarded to client.

doc/README.radius

@@ -33,11 +33,13 @@ ATTRIBUTE	Password		2	string
 ATTRIBUTE	Framed-Protocol		7	integer
 ATTRIBUTE	Framed-IP-Address	8	ipaddr
 ATTRIBUTE	Framed-IP-Netmask	9	ipaddr
+ATTRIBUTE       Framed-Route            22      string
 ATTRIBUTE	Acct-Input-Octets	42	integer
 ATTRIBUTE	Acct-Output-Octets	43	integer
 ATTRIBUTE	Acct-Session-Id		44	string
 ATTRIBUTE	Acct-Input-Gigawords	52	integer
 ATTRIBUTE	Acct-Output-Gigawords	53	integer
+ATTRIBUTE       Framed-IPv6-Route       99      string
 
 #	IPv6 attributes
 ATTRIBUTE	Framed-IPv6-Address	168	ipv6addr

src/auth/radius.c

@@ -121,6 +121,35 @@ static int radius_auth_user(void *ctx, char *username, int username_size)
 	return -1;
 }
 
+static void append_route(struct radius_ctx_st *pctx, const char *route, unsigned len)
+{
+	unsigned i;
+	char *p;
+
+	/* accept route/mask */
+	if (strchr(route, '/') == 0)
+		return;
+
+	p = strchr(route, ' ');
+	if (p != NULL) {
+		len = p - route;
+	}
+
+	if (pctx->routes_size == 0) {
+		pctx->routes = talloc_size(pctx, sizeof(char*));
+	} else {
+		pctx->routes = talloc_realloc_size(pctx, pctx->routes,
+						   (pctx->routes_size+1)*sizeof(char*));
+	}
+
+	if (pctx->routes != NULL) {
+		i = pctx->routes_size;
+		pctx->routes[i] = talloc_strndup(pctx, route, len);
+		if (pctx->routes[i] != NULL)
+			pctx->routes_size++;
+	}
+}
+
 /* Returns 0 if the user is successfully authenticated, and sets the appropriate group name.
  */
 static int radius_auth_pass(void *ctx, const char *pass, unsigned pass_len)
@@ -202,6 +231,12 @@ static int radius_auth_pass(void *ctx, const char *pass, unsigned pass_len)
 				/* MS-Secondary-DNS-Server */
 				ip = htonl(vp->lvalue);
 				inet_ntop(AF_INET, &ip, pctx->ipv4_dns2, sizeof(pctx->ipv4_dns2));
+			} else if (vp->attribute == PW_FRAMED_ROUTE && vp->type == PW_TYPE_STRING) {
+				/* Framed-Route */
+				append_route(pctx, vp->strvalue, vp->lvalue);
+			} else if (vp->attribute == PW_FRAMED_IPV6_ROUTE && vp->type == PW_TYPE_STRING) {
+				/* Framed-IPv6-Route */
+				append_route(pctx, vp->strvalue, vp->lvalue);
 			} else {
 				syslog(LOG_DEBUG, "radius: ignoring server's value %u of type %u", (int)vp->attribute, (int)vp->type);
 			}

src/auth/radius.h

@@ -42,6 +42,9 @@ struct radius_ctx_st {
 	char ipv6_dns1[MAX_IP_STR];
 	char ipv6_dns2[MAX_IP_STR];
 
+	char **routes;
+	unsigned routes_size;
+
 	const char *config;	/* radius config file */
 	const char *pass_msg;
 	unsigned retries;

src/sup-config/radius.c

@@ -42,7 +42,7 @@ static int get_sup_config(struct cfg_st *cfg, client_entry_st *entry,
 			  SecAuthSessionReplyMsg *msg, void *pool)
 {
 	struct radius_ctx_st *pctx = entry->auth_ctx;
-	unsigned dns = 0;
+	unsigned dns = 0, i;
 
 	if (pctx == NULL)
 		return 0;
@@ -55,6 +55,16 @@ static int get_sup_config(struct cfg_st *cfg, client_entry_st *entry,
 		msg->ipv4_netmask = talloc_strdup(pool, pctx->ipv4_mask);
 	}
 
+	if (pctx->routes_size > 0) {
+		msg->routes = talloc_size(pool, pctx->routes_size*sizeof(char*));
+		if (msg->routes != NULL) {
+			for (i=0;i<pctx->routes_size;i++) {
+				msg->routes[i] = talloc_strdup(pool, pctx->routes[i]);
+			}
+			msg->n_routes = pctx->routes_size;
+		}
+	}
+
 	if (pctx->ipv4_dns1[0] != 0)
 		dns++;
 	if (pctx->ipv4_dns2[0] != 0)