The OpenNET Project / Index page

[ новости/++ | форум | wiki | теги | ]

Cistron radius patch. (radius callback)


<< Предыдущая ИНДЕКС Поиск в статьях src Установить закладку Перейти на закладку Следующая >>
Ключевые слова: radius, callback,  (найти похожие документы)
From: Kyle Hasselbacher <kyle@toehold.com> To: miquels@cistron.nl Subject: Cistron radius patch. Message-ID: <19990801113634.A19645@carefree.toehold.com> We want to proxy RADIUS requests based on what phone number the user called. The CALLED_STATION_REALM_HACK does that. The Cistron server running as a proxy ONLY proxies, and we want to assign static IPs to some users, and the allowed proxy attributes was interfering with that. That's why I did the DANGEROUS_TRANSPARENT_PROXY thing. If you could look these over and tell me whether I've done this totally wrong, I'd appreciate it. I made these hacks late at night, and I can't say I've looked over the whole of the code in any way. I'm afraid I might be leaking memory or doing some other rude thing, but it's been running for a while now without trouble. Thanks. If I'm feeling really ambitious I might make these things user configurable instead of compiled right into the program. An 'allowall' option in the realms file could do the DANGEROUS_TRANSPARENT_PROXY thing, but I don't know the "right" way to support CALLED_STATION_REALM_HACK. Thanks for your time, and thanks for the server! *** proxy.c.dist Sun Aug 1 11:28:14 1999 --- proxy.c Sun Aug 1 02:16:00 1999 *************** *** 266,271 **** --- 266,286 ---- namepair->strvalue[sizeof(namepair->strvalue) - 1] = 0; } + /* If we got a Called-Station-Id, we're going to stick that + on the end of the user name as if it's a realm. That way + we can do different things with different users based on + which number they called. */ + #ifdef CALLED_STATION_REALM_HACK + if ((vp = pairfind(authreq->request, PW_CALLED_STATION_ID)) + && sizeof(namepair->strvalue) > strlen(namepair->strvalue) + + strlen(vp->strvalue) + 1) { + strcat(namepair->strvalue, "@"); + strcat(namepair->strvalue, vp->strvalue); + namepair->length = strlen(namepair->strvalue); + log(L_PROXY, "Added realm %s: %s", vp->strvalue, namepair->strvalue); + } + #endif + /* * Now check if we know this realm! * A NULL realm is OK. *************** *** 648,653 **** --- 663,669 ---- vp->length = strlen(vp->strvalue); #endif + #ifndef DANGEROUS_TRANSPARENT_PROXY /* * Only allow some attributes to be propagated from * the remote server back to the NAS, for security. *************** *** 656,667 **** for(i = 0; allowed[i]; i++) pairmove2(&allowed_pairs, &(authreq->request), allowed[i]); pairfree(authreq->request); ! /* * Now rebuild the AUTHREQ struct, so that the * normal functions can process it. */ oldreq->server_reply = allowed_pairs; oldreq->server_code = authreq->code; oldreq->validated = 1; memcpy(authreq->data, oldreq->data, oldreq->data_len); --- 672,687 ---- for(i = 0; allowed[i]; i++) pairmove2(&allowed_pairs, &(authreq->request), allowed[i]); pairfree(authreq->request); ! #endif /* * Now rebuild the AUTHREQ struct, so that the * normal functions can process it. */ + #ifdef DANGEROUS_TRANSPARENT_PROXY + oldreq->server_reply = authreq->request; + #else oldreq->server_reply = allowed_pairs; + #endif oldreq->server_code = authreq->code; oldreq->validated = 1; memcpy(authreq->data, oldreq->data, oldreq->data_len); -- Kyle Hasselbacher Dumber than advertised! kyle@toehold.com

<< Предыдущая ИНДЕКС Поиск в статьях src Установить закладку Перейти на закладку Следующая >>

Ваш комментарий
Имя:         
E-Mail:      
Заголовок:
Текст:




  Закладки на сайте
  Проследить за страницей
Created 1996-2017 by Maxim Chirkov  
ДобавитьРекламаВебмастеруГИД  
Hosting by Ihor