summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian <brian@cvs.openbsd.org>2001-02-04 01:14:31 +0000
committerbrian <brian@cvs.openbsd.org>2001-02-04 01:14:31 +0000
commitd0a91153f021394d06c770eee6aa6e88cef1368f (patch)
treea5ad531ccb8ffd313081945b519c4620b2f63ad7
parent27bf0003f280162da09e8f4ae3c2d2f411ab4724 (diff)
Don't send an authentication failure response if we fail sending
a radius accounting packet.
-rw-r--r--usr.sbin/ppp/ppp/radius.c41
1 files changed, 27 insertions, 14 deletions
diff --git a/usr.sbin/ppp/ppp/radius.c b/usr.sbin/ppp/ppp/radius.c
index a7347c3f3ea..4c961988752 100644
--- a/usr.sbin/ppp/ppp/radius.c
+++ b/usr.sbin/ppp/ppp/radius.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: radius.c,v 1.10 2001/01/26 01:41:04 brian Exp $
+ * $OpenBSD: radius.c,v 1.11 2001/02/04 01:14:30 brian Exp $
*
*/
@@ -96,43 +96,56 @@ radius_Process(struct radius *r, int got)
struct in_range dest;
struct in_addr gw;
const void *data;
+ const char *stype;
r->cx.fd = -1; /* Stop select()ing */
+ stype = r->cx.auth ? "auth" : "acct";
switch (got) {
case RAD_ACCESS_ACCEPT:
- log_Printf(LogPHASE, "Radius: ACCEPT received\n");
+ log_Printf(LogPHASE, "Radius(%s): ACCEPT received\n", stype);
+ if (!r->cx.auth) {
+ rad_close(r->cx.rad);
+ return;
+ }
break;
case RAD_ACCESS_REJECT:
- log_Printf(LogPHASE, "Radius: REJECT received\n");
- auth_Failure(r->cx.auth);
+ log_Printf(LogPHASE, "Radius(%s): REJECT received\n", stype);
+ if (r->cx.auth)
+ auth_Failure(r->cx.auth);
rad_close(r->cx.rad);
return;
case RAD_ACCESS_CHALLENGE:
/* we can't deal with this (for now) ! */
log_Printf(LogPHASE, "Radius: CHALLENGE received (can't handle yet)\n");
- auth_Failure(r->cx.auth);
+ if (r->cx.auth)
+ auth_Failure(r->cx.auth);
rad_close(r->cx.rad);
return;
case RAD_ACCOUNTING_RESPONSE:
- log_Printf(LogPHASE, "Radius: Accounting response received\n");
+ log_Printf(LogPHASE, "Radius(%s): Accounting response received\n", stype);
+ if (r->cx.auth)
+ auth_Failure(r->cx.auth); /* unexpected !!! */
+
/* No further processing for accounting requests, please */
rad_close(r->cx.rad);
return;
case -1:
- log_Printf(LogPHASE, "radius: %s\n", rad_strerror(r->cx.rad));
- auth_Failure(r->cx.auth);
+ log_Printf(LogPHASE, "radius(%s): %s\n", stype, rad_strerror(r->cx.rad));
+ if (r->cx.auth)
+ auth_Failure(r->cx.auth);
rad_close(r->cx.rad);
return;
default:
- log_Printf(LogERROR, "rad_send_request: Failed %d: %s\n",
+ log_Printf(LogERROR, "rad_send_request(%s): Failed %d: %s\n", stype,
got, rad_strerror(r->cx.rad));
- auth_Failure(r->cx.auth);
+ if (r->cx.auth)
+ auth_Failure(r->cx.auth);
rad_close(r->cx.rad);
return;
}
@@ -455,6 +468,7 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,
}
+ r->cx.auth = authp;
if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))
radius_Process(r, got);
else {
@@ -462,9 +476,8 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name,
log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout);
r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
r->cx.timer.func = radius_Timeout;
- r->cx.timer.name = "radius";
+ r->cx.timer.name = "radius auth";
r->cx.timer.arg = r;
- r->cx.auth = authp;
timer_Start(&r->cx.timer);
}
}
@@ -609,15 +622,15 @@ radius_Account(struct radius *r, struct radacct *ac, struct datalink *dl,
return;
}
+ r->cx.auth = NULL; /* Not valid for accounting requests */
if ((got = rad_init_send_request(r->cx.rad, &r->cx.fd, &tv)))
radius_Process(r, got);
else {
log_Printf(LogDEBUG, "Using radius_Timeout [%p]\n", radius_Timeout);
r->cx.timer.load = tv.tv_usec / TICKUNIT + tv.tv_sec * SECTICKS;
r->cx.timer.func = radius_Timeout;
- r->cx.timer.name = "radius";
+ r->cx.timer.name = "radius acct";
r->cx.timer.arg = r;
- r->cx.auth = NULL; /* Not valid for accounting requests */
timer_Start(&r->cx.timer);
}
}