From 605c797873ceee12a7eb3561d6e3e7682ded943b Mon Sep 17 00:00:00 2001 From: Kozlov Dmitry Date: Tue, 9 Nov 2010 13:21:32 +0300 Subject: radius: introduced dae-server option to configure Dynamic Authorization Extenstion (DM/CoA) instead of dm_coa_secret --- accel-pptpd/accel-pptp.conf | 7 ++++--- accel-pptpd/accel-pptp.conf.5 | 9 ++++++--- accel-pptpd/radius/dm_coa.c | 6 +++--- accel-pptpd/radius/radius.c | 26 ++++++++++++++++++++------ accel-pptpd/radius/radius_p.h | 2 ++ 5 files changed, 35 insertions(+), 15 deletions(-) (limited to 'accel-pptpd') diff --git a/accel-pptpd/accel-pptp.conf b/accel-pptpd/accel-pptp.conf index f6b43aac..bddfa272 100644 --- a/accel-pptpd/accel-pptp.conf +++ b/accel-pptpd/accel-pptp.conf @@ -59,9 +59,10 @@ verbose=1 nas-identifier=accel-pptp nas-ip-address=127.0.0.1 gw-ip-address=192.168.100.1 -auth_server=127.0.0.1:1812,testing123 -acct_server=127.0.0.1:1813,testing123 -dm_coa_secret=testing123 +auth-server=127.0.0.1:1812,testing123 +acct-server=127.0.0.1:1813,testing123 +dae-server=127.0.0.1:3799,testing123 +#dm_coa_secret=testing123 (deprecated) verbose=1 [client-ip-range] diff --git a/accel-pptpd/accel-pptp.conf.5 b/accel-pptpd/accel-pptp.conf.5 index 25fa25e2..6083944f 100644 --- a/accel-pptpd/accel-pptp.conf.5 +++ b/accel-pptpd/accel-pptp.conf.5 @@ -207,13 +207,16 @@ Also DM/CoA server will bind to that address. .BI "gw-ip-address=" x.x.x.x Specifies address to use as local address of ppp interfaces if Framed-IP-Address received from RADIUS server. .TP -.BI "auth_server=" x.x.x.x:port,secret +.BI "auth-server=" x.x.x.x:port,secret Specifies IP address, port and secret of authentication RADIUS server. .TP -.BI "acct_server=" x.x.x.x:port,secret +.BI "acct-server=" x.x.x.x:port,secret Specifies IP address, port and secret of accounting RADIUS server. .TP -.BI "dm_coa_secret=" secret +.BI "dae-server=" x.x.x.x:port,secret +Specifies IP address, port to bind and secret for Dynamic Authorization Extension server (DM/CoA). +.TP +.BI "dm_coa_secret=" secret (deprecated, use dae-server instead) Specifies secret to use in DM/CoA communication. .TP .SH [log] diff --git a/accel-pptpd/radius/dm_coa.c b/accel-pptpd/radius/dm_coa.c index e66a3b39..4b89449d 100644 --- a/accel-pptpd/radius/dm_coa.c +++ b/accel-pptpd/radius/dm_coa.c @@ -261,9 +261,9 @@ static void __init init(void) return; } addr.sin_family = AF_INET; - addr.sin_port = htons (PD_COA_PORT); - if (conf_nas_ip_address) - addr.sin_addr.s_addr = conf_nas_ip_address; + addr.sin_port = htons (conf_dm_coa_port); + if (conf_dm_coa_server) + addr.sin_addr.s_addr = inet_addr(conf_dm_coa_server); else addr.sin_addr.s_addr = htonl (INADDR_ANY); if (bind (serv.hnd.fd, (struct sockaddr *) &addr, sizeof (addr)) < 0) { diff --git a/accel-pptpd/radius/radius.c b/accel-pptpd/radius/radius.c index 0a9f2da4..784361b1 100644 --- a/accel-pptpd/radius/radius.c +++ b/accel-pptpd/radius/radius.c @@ -37,6 +37,8 @@ char *conf_auth_secret; char *conf_acct_server; int conf_acct_server_port = 1813; char *conf_acct_secret; +char *conf_dm_coa_server; +int conf_dm_coa_port = 3799; char *conf_dm_coa_secret; int conf_sid_in_auth = 0; @@ -391,24 +393,36 @@ static void __init radius_init(void) else if (conf_nas_ip_address) conf_bind = conf_nas_ip_address; - opt = conf_get_opt("radius", "auth_server"); + opt = conf_get_opt("radius", "auth-server"); + if (!opt) + opt = conf_get_opt("radius", "auth_server"); if (!opt) { - log_emerg("radius: auth_server not specified\n"); + log_emerg("radius: auth-server not specified\n"); _exit(EXIT_FAILURE); } else if (parse_server(opt, &conf_auth_server, &conf_auth_server_port, &conf_auth_secret)) { log_emerg("radius: failed to parse auth_server\n"); _exit(EXIT_FAILURE); } - opt = conf_get_opt("radius", "acct_server"); + opt = conf_get_opt("radius", "acct-server"); + if (!opt) + opt = conf_get_opt("radius", "acct_server"); + if (!opt) + log_emerg("radius: acct-server not specified\n"); if (opt && parse_server(opt, &conf_acct_server, &conf_acct_server_port, &conf_acct_secret)) { log_emerg("radius: failed to parse acct_server\n"); _exit(EXIT_FAILURE); } - opt = conf_get_opt("radius", "dm_coa_secret"); - if (opt) - conf_dm_coa_secret = opt; + opt = conf_get_opt("radius", "dae-server"); + if (opt && parse_server(opt, &conf_dm_coa_server, &conf_dm_coa_port, &conf_dm_coa_secret)) { + log_emerg("radius: failed to parse dae-server\n"); + _exit(EXIT_FAILURE); + } else { + opt = conf_get_opt("radius", "dm_coa_secret"); + if (opt) + conf_dm_coa_secret = opt; + } opt = conf_get_opt("radius", "dictionary"); if (opt) diff --git a/accel-pptpd/radius/radius_p.h b/accel-pptpd/radius/radius_p.h index 984f4800..7d9799cb 100644 --- a/accel-pptpd/radius/radius_p.h +++ b/accel-pptpd/radius/radius_p.h @@ -70,6 +70,8 @@ extern int conf_acct_server_port; extern char *conf_dm_coa_secret; extern int conf_sid_in_auth; extern int conf_require_nas_ident; +extern char *conf_dm_coa_server; +extern int conf_dm_coa_port; int rad_check_nas_pack(struct rad_packet_t *pack); struct radius_pd_t *rad_find_session(const char *sessionid, const char *username, int port_id, in_addr_t ipaddr, const char *csid); -- cgit v1.2.3