diff options
| author | Mykhaylo Yehorov <yehorov@gmail.com> | 2015-07-26 22:46:00 +0300 |
|---|---|---|
| committer | Mykhaylo Yehorov <yehorov@gmail.com> | 2015-07-26 22:46:00 +0300 |
| commit | 7772ee119ee0d2adb4d48e675cc0c4785b464475 (patch) | |
| tree | c01a29c613ababbaee0c726c3ad54107b43adb6f | |
| parent | 7e0026808496d1397a99290e0216bf72a659c989 (diff) | |
Add the possibility to send the Virtual Hub Name to a RADIUS server as NAS-Identifier
| -rw-r--r-- | src/Cedar/Hub.c | 2 | ||||
| -rw-r--r-- | src/Cedar/Hub.h | 1 | ||||
| -rw-r--r-- | src/Cedar/Protocol.c | 4 | ||||
| -rw-r--r-- | src/Cedar/Radius.c | 11 | ||||
| -rw-r--r-- | src/Cedar/Radius.h | 2 | ||||
| -rw-r--r-- | src/Cedar/Server.c | 4 | ||||
| -rw-r--r-- | src/bin/hamcore/strtable_en.stb | 1 |
7 files changed, 24 insertions, 1 deletions
diff --git a/src/Cedar/Hub.c b/src/Cedar/Hub.c index cb7eec15..ac0ca065 100644 --- a/src/Cedar/Hub.c +++ b/src/Cedar/Hub.c @@ -602,6 +602,7 @@ void DataToHubOptionStruct(HUB_OPTION *o, RPC_ADMIN_OPTION *ao) GetHubAdminOptionDataAndSet(ao, "DetectDormantSessionInterval", &o->DetectDormantSessionInterval);
GetHubAdminOptionDataAndSet(ao, "NoPhysicalIPOnPacketLog", &o->NoPhysicalIPOnPacketLog);
GetHubAdminOptionDataAndSet(ao, "UseHubNameAsDhcpUserClassOption", &o->UseHubNameAsDhcpUserClassOption);
+ GetHubAdminOptionDataAndSet(ao, "UseHubNameAsRadiusNasId", &o->UseHubNameAsRadiusNasId);
}
// Convert the contents of the HUB_OPTION to data
@@ -672,6 +673,7 @@ void HubOptionStructToData(RPC_ADMIN_OPTION *ao, HUB_OPTION *o, char *hub_name) Add(aol, NewAdminOption("DetectDormantSessionInterval", o->DetectDormantSessionInterval));
Add(aol, NewAdminOption("NoPhysicalIPOnPacketLog", o->NoPhysicalIPOnPacketLog));
Add(aol, NewAdminOption("UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption));
+ Add(aol, NewAdminOption("UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId));
Zero(ao, sizeof(RPC_ADMIN_OPTION));
diff --git a/src/Cedar/Hub.h b/src/Cedar/Hub.h index b041e214..54a5576f 100644 --- a/src/Cedar/Hub.h +++ b/src/Cedar/Hub.h @@ -280,6 +280,7 @@ struct HUB_OPTION UINT DetectDormantSessionInterval; // Interval (seconds) threshold to detect a dormant VPN session
bool NoPhysicalIPOnPacketLog; // Disable saving physical IP address on the packet log
bool UseHubNameAsDhcpUserClassOption; // Add HubName to DHCP request as User-Class option
+ bool UseHubNameAsRadiusNasId; // Add HubName to Radius request as NAS-Identifier attrioption
};
// MAC table entry
diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c index 1d7045fc..fbc86576 100644 --- a/src/Cedar/Protocol.c +++ b/src/Cedar/Protocol.c @@ -1653,6 +1653,10 @@ bool ServerAccept(CONNECTION *c) if (hub->Option != NULL)
{
radius_login_opt.In_CheckVLanId = hub->Option->AssignVLanIdByRadiusAttribute;
+ if (hub->Option->UseHubNameAsRadiusNasId == true)
+ {
+ StrCpy(radius_login_opt.NasId, sizeof(radius_login_opt.NasId), hubname);
+ }
}
// Get the various flags
diff --git a/src/Cedar/Radius.c b/src/Cedar/Radius.c index 7b454368..aa8a9dde 100644 --- a/src/Cedar/Radius.c +++ b/src/Cedar/Radius.c @@ -212,7 +212,16 @@ bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT sec {
// Generate a password packet
BUF *user_password = (is_mschap ? NULL : RadiusCreateUserPassword(encrypted_password->Buf, encrypted_password->Size));
- BUF *nas_id = RadiusCreateNasId(CEDAR_SERVER_STR);
+ BUF *nas_id;
+
+ if (IsEmptyStr(opt->NasId) == true)
+ {
+ nas_id = RadiusCreateNasId(CEDAR_SERVER_STR);
+ }
+ else
+ {
+ nas_id = RadiusCreateNasId(opt->NasId);
+ }
if (is_mschap || user_password != NULL)
{
diff --git a/src/Cedar/Radius.h b/src/Cedar/Radius.h index 3d68e17b..2175246d 100644 --- a/src/Cedar/Radius.h +++ b/src/Cedar/Radius.h @@ -121,11 +121,13 @@ // RADIUS attributes
#define RADIUS_ATTRIBUTE_VLAN_ID 81
+#define RADIUS_MAX_NAS_ID_LEN 253
struct RADIUS_LOGIN_OPTION
{
bool In_CheckVLanId;
UINT Out_VLanId;
+ char NasId[RADIUS_MAX_NAS_ID_LEN + 1]; // NAS-Identifier
};
// Function prototype
diff --git a/src/Cedar/Server.c b/src/Cedar/Server.c index 7929baf2..da4d7e1f 100644 --- a/src/Cedar/Server.c +++ b/src/Cedar/Server.c @@ -4107,6 +4107,7 @@ void SiLoadHubOptionCfg(FOLDER *f, HUB_OPTION *o) o->DetectDormantSessionInterval = CfgGetInt(f, "DetectDormantSessionInterval");
o->NoPhysicalIPOnPacketLog = CfgGetBool(f, "NoPhysicalIPOnPacketLog");
o->UseHubNameAsDhcpUserClassOption = CfgGetBool(f, "UseHubNameAsDhcpUserClassOption");
+ o->UseHubNameAsRadiusNasId = CfgGetBool(f, "UseHubNameAsRadiusNasId");
// Enabled by default
if (CfgIsItem(f, "ManageOnlyPrivateIP"))
@@ -4206,6 +4207,7 @@ void SiWriteHubOptionCfg(FOLDER *f, HUB_OPTION *o) CfgAddBool(f, "DisableCheckMacOnLocalBridge", o->DisableCheckMacOnLocalBridge);
CfgAddBool(f, "DisableCorrectIpOffloadChecksum", o->DisableCorrectIpOffloadChecksum);
CfgAddBool(f, "UseHubNameAsDhcpUserClassOption", o->UseHubNameAsDhcpUserClassOption);
+ CfgAddBool(f, "UseHubNameAsRadiusNasId", o->UseHubNameAsRadiusNasId);
}
// Write the user
@@ -7533,6 +7535,7 @@ void SiCalledUpdateHub(SERVER *s, PACK *p) o.DisableCheckMacOnLocalBridge = PackGetBool(p, "DisableCheckMacOnLocalBridge");
o.DisableCorrectIpOffloadChecksum = PackGetBool(p, "DisableCorrectIpOffloadChecksum");
o.UseHubNameAsDhcpUserClassOption = PackGetBool(p, "UseHubNameAsDhcpUserClassOption");
+ o.UseHubNameAsRadiusNasId = PackGetBool(p, "UseHubNameAsRadiusNasId");
save_packet_log = PackGetInt(p, "SavePacketLog");
packet_log_switch_type = PackGetInt(p, "PacketLogSwitchType");
@@ -9384,6 +9387,7 @@ void SiPackAddCreateHub(PACK *p, HUB *h) PackAddData(p, "HashedPassword", h->HashedPassword, SHA1_SIZE);
PackAddData(p, "SecurePassword", h->SecurePassword, SHA1_SIZE);
PackAddBool(p, "UseHubNameAsDhcpUserClassOption", h->Option->UseHubNameAsDhcpUserClassOption);
+ PackAddBool(p, "UseHubNameAsRadiusNasId", h->Option->UseHubNameAsRadiusNasId);
SiAccessListToPack(p, h->AccessList);
diff --git a/src/bin/hamcore/strtable_en.stb b/src/bin/hamcore/strtable_en.stb index e3580b00..0bafa57d 100644 --- a/src/bin/hamcore/strtable_en.stb +++ b/src/bin/hamcore/strtable_en.stb @@ -557,6 +557,7 @@ HUB_AO_SecureNAT_RandomizeAssignIp If you set this option to non-zero value, t HUB_AO_DetectDormantSessionInterval If you set this option to non-zero value, then the Virtual Hub will treat the VPN sessions, which have transmitted no packets for the last specified intervals (in seconds), as Dormant Sessions. The Virtual Hub will not flood packets, which should be flood, to any Dormant Sessions.
HUB_AO_NoPhysicalIPOnPacketLog If you set this option to non-zero value, then the physical IP addresses of VPN clients of either the source VPN session or the destination VPN session will not be recorded on the packet log file.
HUB_AO_UseHubNameAsDhcpUserClassOption If you set this option to non-zero value, then the Virtual Hub Name will be added to a DHCP request to an external DHCP server as the "User-Class" option. This allows to use separate pools of IP addresses for each Virtual Hub.
+HUB_AO_UseHubNameAsRadiusNasId If you set this option to non-zero value, then the NAS-Identidier RADIUS attribute will be set to a name of the Virtual Hub. This allows to determine on Radius server whether access to the Virtual Hub should be granted or denied.
# Concerning failed connection dialogs
|