From 05428a068fd31cfb16645b33cb12db8a727b81b5 Mon Sep 17 00:00:00 2001 From: aland Date: Thu, 23 Sep 2004 17:44:40 +0000 Subject: [PATCH] Added a few more "magic" server-side expansions: %{:Packet-Src-IP-Address}, Dst-IP-address, Src-Port, Dst-Port --- doc/variables.txt | 20 +++++++++++++++++--- share/dictionary | 6 +++++- src/include/radius.h | 6 +++++- src/main/xlat.c | 30 ++++++++++++++++++++++++++++-- 4 files changed, 55 insertions(+), 7 deletions(-) diff --git a/doc/variables.txt b/doc/variables.txt index b0ac641..5e14ead 100644 --- a/doc/variables.txt +++ b/doc/variables.txt @@ -15,9 +15,23 @@ %{proxy-reply:Attribute-Name} The value of the given Attribute-Name in the proxy reply packet (if it exists) - The above variable expansions also support the meta-attribute -Packet-Type as well. See the RADIUS dictionary for details on its -values. + The above variable expansions also support the following +meta-attributes. These are not normal RADIUS attributes, but are +created by the server to be used like them, for ease of use. They can +only be queried, and cannot be assigned. + + Packet-Type RADIUS packet type (Access-Request, etc.) + + Packet-Src-IP-Address IP address from which the packet was sent + + Packet-Dst-IP-Address IP address to which the packet was sent + This may be "0.0.0.0", if the server + was configured with "bind_address = *". + + Packet-Src-Port UDP port from which the packet was sent + + Packet-Dst-Port UDP port to which the packet was sent. + %{check:Attribute-Name} Corresponding value for Attribute-Name in check items for request diff --git a/share/dictionary b/share/dictionary index 8407497..75ea1c6 100644 --- a/share/dictionary +++ b/share/dictionary @@ -298,9 +298,13 @@ ATTRIBUTE Module-Failure-Message 1076 string ATTRIBUTE Rewrite-Rule 1078 string ATTRIBUTE Sql-Group 1079 string ATTRIBUTE Response-Packet-Type 1080 integer -ATTRIBUTE Packet-Dst-Port 1081 integer +# 1081 unused ATTRIBUTE MS-CHAP-Use-NTLM-Auth 1082 integer ATTRIBUTE NTLM-User-Name 1083 string +ATTRIBUTE Packet-Src-IP-Address 1084 ipaddr +ATTRIBUTE Packet-Dst-IP-Address 1085 ipaddr +ATTRIBUTE Packet-Src-Port 1086 integer +ATTRIBUTE Packet-Dst-Port 1087 integer # # Range: 1084-1199 diff --git a/src/include/radius.h b/src/include/radius.h index cf2e438..ed1a22e 100644 --- a/src/include/radius.h +++ b/src/include/radius.h @@ -183,8 +183,12 @@ #define PW_REWRITE_RULE 1078 #define PW_SQL_GROUP 1079 #define PW_RESPONSE_PACKET_TYPE 1080 -#define PW_PACKET_DST_PORT 1081 +/* 1081 unused */ #define PW_MS_CHAP_USE_NTLM_AUTH 1082 +#define PW_PACKET_SRC_IP_ADDRESS 1084 +#define PW_PACKET_DST_IP_ADDRESS 1085 +#define PW_PACKET_SRC_PORT 1086 +#define PW_PACKET_DST_PORT 1087 /* * Integer Translations diff --git a/src/main/xlat.c b/src/main/xlat.c index 3ad808a..6805312 100644 --- a/src/main/xlat.c +++ b/src/main/xlat.c @@ -229,10 +229,10 @@ static int xlat_packet(void *instance, REQUEST *request, /* * Some "magic" handlers, which are never in VP's, but * which are in the packet. - * - * FIXME: Add SRC/DST IP address! */ if (packet) { + VALUE_PAIR localvp; + switch (da->attr) { case PW_PACKET_TYPE: { @@ -247,10 +247,36 @@ static int xlat_packet(void *instance, REQUEST *request, return strlen(out); } break; + + case PW_PACKET_SRC_IP_ADDRESS: + localvp.attribute = da->attr; + localvp.lvalue = packet->src_ipaddr; + break; + + case PW_PACKET_DST_IP_ADDRESS: + localvp.attribute = da->attr; + localvp.lvalue = packet->dst_ipaddr; + break; + + case PW_PACKET_SRC_PORT: + localvp.attribute = da->attr; + localvp.lvalue = packet->src_port; + break; + + case PW_PACKET_DST_PORT: + localvp.attribute = da->attr; + localvp.lvalue = packet->dst_port; + break; default: + return 0; /* not found */ break; } + + localvp.strvalue[0] = 0; + localvp.type = da->type; + return valuepair2str(out, outlen, &localvp, + da->type, func); } /* -- 2.1.4