tac_plus-ng/packet.c et al.: support RADIUS Status-Server code

mavis/spawnd_accepted.c

@@ -142,6 +142,7 @@ void spawnd_accepted(struct spawnd_context *ctx, int cur)
 	memcpy(sd_udp->data, buf, len);
 	sd_udp->sock = cur;
 	sd_udp->type = SCM_UDPDATA;
+	sd_udp->rad_acct = ctx->rad_acct;
 	memcpy(sd_udp->realm, ctx->tag, SCM_REALM_SIZE);
 	sd_udp->protocol = sa.sa.sa_family;
 	switch (sa.sa.sa_family) {

mavis/spawnd_conf.c

@@ -249,8 +249,24 @@ static void parse_listen(struct sym *sym)
 		parse_error_expect(sym, S_count, S_idle, S_interval, S_unknown);
 	    }
 	    break;
+	case S_flag:
+	    sym_get(sym);
+	    parse(sym, S_equal);
+	    switch (sym->code) {
+	    case S_access:
+		ctx->rad_acct = 0;
+		break;
+	    case S_accounting:
+		ctx->rad_acct = 1;
+		break;
+	    default:
+		parse_error_expect(sym, S_access, S_accounting, S_unknown);
+	    }
+	    sym_get(sym);
+	    break;
 	default:
-	    parse_error_expect(sym, S_address, S_path, S_port, S_realm, S_tls, S_userid, S_groupid, S_backlog, S_type, S_protocol, S_retry, S_tcp, S_unknown);
+	    parse_error_expect(sym, S_address, S_path, S_port, S_realm, S_tls, S_userid, S_groupid, S_backlog, S_type, S_protocol, S_retry, S_tcp, S_flag,
+			       S_unknown);
 	}
     }
     if (ctx->overload_backlog > ctx->listen_backlog)

mavis/spawnd_headers.h

@@ -88,6 +88,7 @@ struct spawnd_context {
     u_int dying:1;		/* server only */
     u_int logged_retry:1;	/* server only */
     u_int haproxy:1;		/* server only */
+    u_int rad_acct:1;		/* radius accounting */
     int socktype;		/* SOCK_STREAM, SOCK_SEQPACKET */
     int protocol;		/* IPROTO_IP (default)/_TCP/_SCTP */
     short port;			/* tcp/udp port in network byte order */

mavis/token.pl

@@ -548,3 +548,5 @@
 #
 conn.protocol			S_conn_protocol
 #
+flag				S_flag
+#

tac_plus-ng/headers.h

@@ -945,6 +945,7 @@ struct context {
      BISTATE(use_tls);
      BISTATE(mavis_pending);
      BISTATE(mavis_tried);
+     BISTATE(rad_acct);
     enum token mavis_result;
     enum token aaa_protocol;
     u_int id;

tac_plus-ng/main.c

@@ -1451,6 +1451,7 @@ static void accept_control_udp(int s __attribute__((unused)), struct scm_data_ac
 
     struct context *ctx = new_context(common_data.io, r);
     ctx->sock = sd_ext->sd_udp.sock;
+    ctx->rad_acct = sd_ext->sd_udp.rad_acct;
     context_lru_append(ctx);
     ctx->aaa_protocol = S_radius;
 

tac_plus-ng/packet.c

@@ -918,6 +918,12 @@ void rad_read(struct context *ctx, int cur)
     case RADIUS_CODE_ACCOUNTING_REQUEST:
 	rad_acct(session);
 	break;
+    case RADIUS_CODE_STATUS_SERVER:
+	if (ctx->rad_acct)
+	    rad_send_acct_reply(session);
+	else
+	    rad_send_authen_reply(session, RADIUS_CODE_ACCESS_ACCEPT, NULL);
+	break;
     default:
 	report(session, LOG_ERR, ~0, "%s: code %d is unsupported", ctx->device_addr_ascii, pak->code);
 	cleanup_session(session);
@@ -960,10 +966,16 @@ void rad_udp_inject(struct context *ctx)
     switch (pak->code) {
     case RADIUS_CODE_ACCESS_REQUEST:
 	rad_authen(session);
-	break;
+	return;
     case RADIUS_CODE_ACCOUNTING_REQUEST:
 	rad_acct(session);
-	break;
+	return;
+    case RADIUS_CODE_STATUS_SERVER:
+	if (ctx->rad_acct)
+	    rad_send_acct_reply(session);
+	else
+	    rad_send_authen_reply(session, RADIUS_CODE_ACCESS_ACCEPT, NULL);
+	return;
     default:
 	report(session, LOG_ERR, ~0, "%s: code %d is unsupported", ctx->device_addr_ascii, pak->code);
 	cleanup(ctx, -1);
@@ -1030,10 +1042,10 @@ struct type_s {
 static struct type_s types[] = {
     { "", 0 },
 #define S "authen"
-    { S, sizeof(S)  - 1},
+    { S, sizeof(S) - 1 },
 #undef S
 #define S "author"
-    { S, sizeof(S)  - 1},
+    { S, sizeof(S) - 1 },
 #undef S
 #define S "acct"
     { S, sizeof(S) - 1 },

tac_plus-ng/sample/tac_plus-ng-radius.cfg

@@ -5,7 +5,7 @@ id = spawnd {
 #	single process = yes
 	listen { port = 4949 } # TACACS+, non-standart port
 	listen { port = 1812 protocol = UDP } # RADIUS
-	listen { port = 1813 protocol = UDP } # RADIUS
+	listen { port = 1813 protocol = UDP flag = accounting } # RADIUS
 	spawn {
 		instances min = 1
 		instances max = 32