GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

radius: added support for Framed-IPv6-Prefix

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2014-12-29 20:00:39 +02:00
parent 73726d13a3
commit 90b0ac7932
5 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/auth/radius.c
View File

@@ -77,7 +77,7 @@ static int radius_auth_init(void **ctx, void *pool, const char *username, const
pctx->pass_msg = pass_msg_first;
default_realm = rc_conf_str(rh, "default_realm");
if ((strchr(username, '@') == NULL) && default_realm &&
default_realm[0] != 0) {
snprintf(pctx->username, sizeof(pctx->username), "%s@%s", username, default_realm);
@@ -209,6 +209,14 @@ static int radius_auth_pass(void *ctx, const char *pass, unsigned pass_len)
} else if (vp->attribute == PW_FRAMED_IPV6_ADDRESS && vp->type == PW_TYPE_IPV6ADDR) {
/* Framed-IPv6-Address */
inet_ntop(AF_INET6, vp->strvalue, pctx->ipv6, sizeof(pctx->ipv6));
} else if (vp->attribute == PW_FRAMED_IPV6_PREFIX && vp->type == PW_TYPE_IPV6PREFIX) {
uint8_t ip[16];
/* Framed-IPv6-Prefix */
pctx->ipv6_prefix = (unsigned char)vp->strvalue[1];
memset(ip, 0, sizeof(ip));
memcpy(ip, vp->strvalue+2, vp->lvalue-2);
inet_ntop(AF_INET6, ip, pctx->ipv6_net, sizeof(pctx->ipv6_net));
} else if (vp->attribute == PW_DNS_SERVER_IPV6_ADDRESS && vp->type == PW_TYPE_IPV6ADDR) {
/* DNS-Server-IPv6-Address */
if (pctx->ipv6_dns1[0] == 0)

1
src/auth/radius.h
View File

@@ -38,6 +38,7 @@ struct radius_ctx_st {
char ipv4_dns2[MAX_IP_STR];
char ipv6[MAX_IP_STR];
char ipv6_net[MAX_IP_STR];
uint16_t ipv6_prefix;
char ipv6_dns1[MAX_IP_STR];
char ipv6_dns2[MAX_IP_STR];

4
src/ocserv-args.def
View File

@@ -100,8 +100,8 @@ An example configuration file follows.
# file. If the groupconfig option is set, then config-per-user will be overriden,
# and all configuration will be read from radius. The supported atributes for
# radius configuration are:
# Group-Name, Framed-IPv6-Address, DNS-Server-IPv6-Address, Framed-IP-Address,
# Framed-IP-Netmask, MS-Primary-DNS-Server, MS-Secondary-DNS-Server
# Group-Name, Framed-IPv6-Address, Framed-IPv6-Prefix, DNS-Server-IPv6-Address,
# Framed-IP-Address, Framed-IP-Netmask, MS-Primary-DNS-Server, MS-Secondary-DNS-Server
#auth = "radius[/etc/radiusclient/radiusclient.conf,groupconfig]"
# Whether to enable seccomp worker isolation. That restricts the number of

4
src/sup-config/radius.c
View File

@@ -95,6 +95,10 @@ static int get_sup_config(struct cfg_st *cfg, client_entry_st *entry,
msg->explicit_ipv6 = talloc_strdup(pool, pctx->ipv6);
}
if (pctx->ipv6_net[0] != 0) {
msg->ipv6_net = talloc_strdup(pool, pctx->ipv6_net);
}
if (pctx->ipv6_prefix != 0) {
msg->ipv6_prefix = pctx->ipv6_prefix;
msg->has_ipv6_prefix = 1;