diff options
| -rw-r--r-- | accel-pppd/accel-ppp.conf | 2 | ||||
| -rw-r--r-- | accel-pppd/accel-ppp.conf.5 | 12 | ||||
| -rw-r--r-- | accel-pppd/radius/radius.c | 36 |
3 files changed, 36 insertions, 14 deletions
diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf index 7302a342..8ea405bc 100644 --- a/accel-pppd/accel-ppp.conf +++ b/accel-pppd/accel-ppp.conf @@ -214,6 +214,8 @@ verbose=1 #acct-on=0 #acct-interim-interval=0 #acct-interim-jitter=0 +#default-realm= +#strip-realm=0 #attr-tunnel-type=My-Tunnel-Type [client-ip-range] diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 0854d6fe..d9ed7f4f 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -869,15 +869,21 @@ Specifies timeout of accounting interim update. .BI "acct-delay-time=" 0|1 Specifies whether radius client should include Acct-Delay-Time attribute to accounting requests (default 0). .TP -.BI "default-realm=" realm -Append specified realm to username. -.TP .BI "acct-on=" 0|1 Specifies whether radius client should send Account-Request with Acct-Status-Type=Accounting-On on startup and Acct-Status-Type=Accounting-Off on shutdown. .TP .BI "attr-tunnel-type=" name Specifies custom attribute name to be used to send tunnel type (as string). .TP +.BI "default-realm=" realm +Appends specified realm to username if there was no realm already. +.TP +.BI "strip-realm=" 0|1 +Strips realm from username, can be used along with +.B +default-realm +option for realm substitution. +.TP .BI "sid-in-auth=0|1" Specifies should accel-ppp generate and send Acct-Session-Id on Access-Request packet. .SH [log] diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c index e3fe4b3f..6a5e553f 100644 --- a/accel-pppd/radius/radius.c +++ b/accel-pppd/radius/radius.c @@ -49,6 +49,7 @@ int conf_req_limit; static const char *conf_default_realm; static int conf_default_realm_len; +static int conf_strip_realm; const char *conf_attr_tunnel_type; @@ -411,18 +412,27 @@ static int rad_pwdb_check(struct pwdb_t *pwdb, struct ap_session *ses, pwdb_call struct radius_pd_t *rpd = find_pd(ses); char username1[256]; - if (conf_default_realm && !strchr(username, '@')) { - int len = strlen(username); - if (len + conf_default_realm_len >= 256 - 2) { - log_ppp_error("radius: username is too large to append realm\n"); - return PWDB_DENIED; + if (conf_strip_realm || conf_default_realm) { + int len = strchrnul(username, '@') - username; + if (conf_strip_realm && username[len]) { + if (len > sizeof(username1) - 1) { + log_ppp_error("radius: username is too large to strip realm\n"); + return PWDB_DENIED; + } + username = memcpy(username1, username, len); + username1[len] = '\0'; + } + if (conf_default_realm && username[len] == '\0') { + if (len + conf_default_realm_len > sizeof(username1) - 2) { + log_ppp_error("radius: username is too large to append realm\n"); + return PWDB_DENIED; + } + if (username != username1) + username = memcpy(username1, username, len); + username1[len++] = '@'; + memcpy(username1 + len, conf_default_realm, conf_default_realm_len); + username1[len + conf_default_realm_len] = '\0'; } - - memcpy(username1, username, len); - username1[len] = '@'; - memcpy(username1 + len + 1, conf_default_realm, conf_default_realm_len); - username1[len + 1 + conf_default_realm_len] = 0; - username = username1; } rpd->auth_ctx = mempool_alloc(auth_ctx_pool); @@ -989,6 +999,10 @@ static int load_config(void) if (conf_default_realm) conf_default_realm_len = strlen(conf_default_realm); + opt = conf_get_opt("radius", "strip-realm"); + if (opt && atoi(opt) >= 0) + conf_strip_realm = atoi(opt) > 0; + return 0; } |