Ver.1.4.37: Fix error in radius authentication

author watanaby <>

Tue, 18 Aug 2009 09:08:08 +0000 (09:08 +0000)

committer watanaby <>

Tue, 18 Aug 2009 09:08:08 +0000 (09:08 +0000)
author watanaby <>
Tue, 18 Aug 2009 09:08:08 +0000 (09:08 +0000)
committer watanaby <>
Tue, 18 Aug 2009 09:08:08 +0000 (09:08 +0000)
diff --git a/opengate/conf/rc.firewall.sample b/opengate/conf/rc.firewall.sample

index 2042347..a8a45c9 100644 (file)
--- a/opengate/conf/rc.firewall.sample
+++ b/opengate/conf/rc.firewall.sample
@@ -18,6 +18,9 @@ iip6="2001:2f8:22:802::1"
  
  fwcmd="/sbin/ipfw"
  
+### reset firewall rules
+$fwcmd -q -f flush
+
  ### divert packet to NATD 
  $fwcmd add 1 divert natd ip4 from any to any via ${oif}
  
diff --git a/opengate/doc/Changes.html b/opengate/doc/Changes.html

index 761b5df..733319b 100644 (file)
--- a/opengate/doc/Changes.html
+++ b/opengate/doc/Changes.html
@@ -663,6 +663,11 @@ Ver.1.4.36 at 2008.7.17</DT>
  <DD>\r
  Change value of ActiveCheckInterval. Modify install.html. \r
  </DD>\r
+<DT>\r
+Ver.1.4.37 at 2009.8.18</DT>\r
+<DD>\r
+Fix Radius error. \r
+</DD>\r
  \r
  </DL>\r
  <b>Please see CVS in SourceForge.net to check the file difference between versions.</b>\r
diff --git a/opengate/opengatesrv/Makefile b/opengate/opengatesrv/Makefile

index 19c8146..41c6b32 100644 (file)
--- a/opengate/opengatesrv/Makefile
+++ b/opengate/opengatesrv/Makefile
@@ -13,7 +13,7 @@ DOCUMENTROOT = ${WWWTOP}${DOCDIR}
  INSTALLDOCPATH = ${WWWTOP}${DOCDIR}${OPENGATEDIR}
  INSTALLCGIPATH = ${WWWTOP}${CGIDIR}${OPENGATEDIR}
  
-CFLAGS= -O4 -Wall
+CFLAGS= -g -O4 -Wall
  
  .if exists(/usr/local/include/ldap.h)
  LIBS = -lssl -lcrypto -lradius -lpam -lezxml -L../ezxml -lldap -llber -L/usr/local/lib
diff --git a/opengate/opengatesrv/auth-rad.c b/opengate/opengatesrv/auth-rad.c

index 670478b..8b3f27d 100644 (file)
--- a/opengate/opengatesrv/auth-rad.c
+++ b/opengate/opengatesrv/auth-rad.c
@@ -45,38 +45,68 @@ int authRadius(char *userid, char *passwd)
  
    /* If not set, set default conf file path */
    if(isNull(confFile)){
-    strncpy(confFile, RADIUSCONF, ADDRMAXLN);
+    confFile=RADIUSCONF;
    }
  
    if( !(radh=rad_auth_open()) ){
-    err_msg("ERR at %s#%d: cannot start radius",__FILE__,__LINE__);
+    err_msg("ERR at %s#%d: rad_auth_open",__FILE__,__LINE__);
      return DENY;
    }
  
    if(gethostname(hostname,ADDRMAXLN) < 0){
-    err_msg("ERR at %s#%d: cannot get hostname",__FILE__,__LINE__);
+    err_msg("ERR at %s#%d: gethostname",__FILE__,__LINE__);
+    rad_close(radh);
      return DENY;
    }
      
    if(rad_config(radh,confFile) < 0){
-    err_msg("ERR at %s#%d: cannot open conffile",__FILE__,__LINE__);
+    err_msg("ERR at %s#%d: rad_config: %s",__FILE__,__LINE__,  
+           rad_strerror(radh));
+    rad_close(radh);
      return DENY;
    }
  
    if(rad_create_request(radh, RAD_ACCESS_REQUEST) < 0){
-    err_msg("ERR at %s#%d: cannot create radius request",__FILE__,__LINE__);
+    err_msg("ERR at %s#%d: rad_ceate_request: %s",__FILE__,__LINE__,
+           rad_strerror(radh));
+    rad_close(radh);
      return DENY;
    }
  
-  rad_put_string(radh,RAD_USER_NAME,userid);
-  rad_put_string(radh,RAD_USER_PASSWORD,passwd);
-  rad_put_string(radh,RAD_NAS_IDENTIFIER,hostname);
-  rad_put_int(radh,RAD_SERVICE_TYPE,RAD_LOGIN);
+  if(rad_put_string(radh,RAD_USER_NAME,userid)<0){
+    err_msg("ERR at %s#%d: rad_put_string: %s",__FILE__,__LINE__,
+           rad_strerror(radh));
+    rad_close(radh);
+    return DENY;
+  }
+  if(rad_put_string(radh,RAD_USER_PASSWORD,passwd)<0){
+    err_msg("ERR at %s#%d: rad_put_string: %s",__FILE__,__LINE__,
+           rad_strerror(radh));
+    rad_close(radh);
+    return DENY;
+  }
+  if(rad_put_string(radh,RAD_NAS_IDENTIFIER,hostname)<0){
+    err_msg("ERR at %s#%d: rad_put_string: %s",__FILE__,__LINE__,
+           rad_strerror(radh));
+    rad_close(radh);
+    return DENY;
+  }
+  if(rad_put_int(radh,RAD_SERVICE_TYPE,RAD_LOGIN)<0){
+    err_msg("ERR at %s#%d: rad_put_int: %s",__FILE__,__LINE__,
+           rad_strerror(radh));
+    rad_close(radh);
+    return DENY;
+  }
  
    switch(rad_send_request(radh)){
    case RAD_ACCESS_ACCEPT:
      authResult=ACCEPT;
      break;
+  case -1:
+    err_msg("ERR at %s#%d: rad_send_request: %s",__FILE__,__LINE__,
+           rad_strerror(radh));
+    authResult=DENY;
+    break; 
    case RAD_ACCESS_REJECT:
    case RAD_ACCESS_CHALLENGE:
    case RAD_ACCOUNTING_RESPONSE:
@@ -84,7 +114,7 @@ int authRadius(char *userid, char *passwd)
      authResult=DENY;
      break;
    }
-
+  rad_close(radh);
    return authResult;
  }
    
diff --git a/opengate/opengatesrv/comm-ipfw.c b/opengate/opengatesrv/comm-ipfw.c

index c44314c..261bdbf 100644 (file)
--- a/opengate/opengatesrv/comm-ipfw.c
+++ b/opengate/opengatesrv/comm-ipfw.c
@@ -149,7 +149,7 @@ void delIpfwRule(char *ruleNumber){
    if(count>0){
      /* exec ipfw del */
      /* [ipfw del rule] deletes all rule of the rule number at one call */
-    if(Systeml(1, GetConfValue("IpfwPath"),"del",ruleNumber,(char *)0) != 0){
+    if(Systeml(1, GetConfValue("IpfwPath"),"delete",ruleNumber,(char *)0) != 0){
        err_msg("ERR at %s#%d: exec ipfw del error",__FILE__,__LINE__);
      }
    }
author	watanaby <>
	Tue, 18 Aug 2009 09:08:08 +0000 (09:08 +0000)
committer	watanaby <>
	Tue, 18 Aug 2009 09:08:08 +0000 (09:08 +0000)
opengate/conf/rc.firewall.sample		patch \| blob \| history
opengate/doc/Changes.html		patch \| blob \| history
opengate/opengatesrv/Makefile		patch \| blob \| history
opengate/opengatesrv/auth-rad.c		patch \| blob \| history
opengate/opengatesrv/comm-ipfw.c		patch \| blob \| history