summaryrefslogtreecommitdiff
path: root/accel-pppd
diff options
context:
space:
mode:
Diffstat (limited to 'accel-pppd')
-rw-r--r--accel-pppd/accel-ppp.conf2
-rw-r--r--accel-pppd/accel-ppp.conf.512
-rw-r--r--accel-pppd/radius/radius.c36
3 files changed, 36 insertions, 14 deletions
diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf
index 7302a342..8ea405bc 100644
--- a/accel-pppd/accel-ppp.conf
+++ b/accel-pppd/accel-ppp.conf
@@ -214,6 +214,8 @@ verbose=1
#acct-on=0
#acct-interim-interval=0
#acct-interim-jitter=0
+#default-realm=
+#strip-realm=0
#attr-tunnel-type=My-Tunnel-Type
[client-ip-range]
diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5
index 0854d6fe..d9ed7f4f 100644
--- a/accel-pppd/accel-ppp.conf.5
+++ b/accel-pppd/accel-ppp.conf.5
@@ -869,15 +869,21 @@ Specifies timeout of accounting interim update.
.BI "acct-delay-time=" 0|1
Specifies whether radius client should include Acct-Delay-Time attribute to accounting requests (default 0).
.TP
-.BI "default-realm=" realm
-Append specified realm to username.
-.TP
.BI "acct-on=" 0|1
Specifies whether radius client should send Account-Request with Acct-Status-Type=Accounting-On on startup and Acct-Status-Type=Accounting-Off on shutdown.
.TP
.BI "attr-tunnel-type=" name
Specifies custom attribute name to be used to send tunnel type (as string).
.TP
+.BI "default-realm=" realm
+Appends specified realm to username if there was no realm already.
+.TP
+.BI "strip-realm=" 0|1
+Strips realm from username, can be used along with
+.B
+default-realm
+option for realm substitution.
+.TP
.BI "sid-in-auth=0|1"
Specifies should accel-ppp generate and send Acct-Session-Id on Access-Request packet.
.SH [log]
diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c
index e3fe4b3f..6a5e553f 100644
--- a/accel-pppd/radius/radius.c
+++ b/accel-pppd/radius/radius.c
@@ -49,6 +49,7 @@ int conf_req_limit;
static const char *conf_default_realm;
static int conf_default_realm_len;
+static int conf_strip_realm;
const char *conf_attr_tunnel_type;
@@ -411,18 +412,27 @@ static int rad_pwdb_check(struct pwdb_t *pwdb, struct ap_session *ses, pwdb_call
struct radius_pd_t *rpd = find_pd(ses);
char username1[256];
- if (conf_default_realm && !strchr(username, '@')) {
- int len = strlen(username);
- if (len + conf_default_realm_len >= 256 - 2) {
- log_ppp_error("radius: username is too large to append realm\n");
- return PWDB_DENIED;
+ if (conf_strip_realm || conf_default_realm) {
+ int len = strchrnul(username, '@') - username;
+ if (conf_strip_realm && username[len]) {
+ if (len > sizeof(username1) - 1) {
+ log_ppp_error("radius: username is too large to strip realm\n");
+ return PWDB_DENIED;
+ }
+ username = memcpy(username1, username, len);
+ username1[len] = '\0';
+ }
+ if (conf_default_realm && username[len] == '\0') {
+ if (len + conf_default_realm_len > sizeof(username1) - 2) {
+ log_ppp_error("radius: username is too large to append realm\n");
+ return PWDB_DENIED;
+ }
+ if (username != username1)
+ username = memcpy(username1, username, len);
+ username1[len++] = '@';
+ memcpy(username1 + len, conf_default_realm, conf_default_realm_len);
+ username1[len + conf_default_realm_len] = '\0';
}
-
- memcpy(username1, username, len);
- username1[len] = '@';
- memcpy(username1 + len + 1, conf_default_realm, conf_default_realm_len);
- username1[len + 1 + conf_default_realm_len] = 0;
- username = username1;
}
rpd->auth_ctx = mempool_alloc(auth_ctx_pool);
@@ -989,6 +999,10 @@ static int load_config(void)
if (conf_default_realm)
conf_default_realm_len = strlen(conf_default_realm);
+ opt = conf_get_opt("radius", "strip-realm");
+ if (opt && atoi(opt) >= 0)
+ conf_strip_realm = atoi(opt) > 0;
+
return 0;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-01 06:10:19 +0000