diff options
author | Kozlov Dmitry <xeb@mail.ru> | 2013-01-24 23:58:56 +0400 |
---|---|---|
committer | Kozlov Dmitry <xeb@mail.ru> | 2013-01-24 23:58:56 +0400 |
commit | cf3de06a3346854d770ba147f081e3b22e93c1bc (patch) | |
tree | 0c1a138d292c140c2547361615bf556ff2b98f9f | |
parent | 35b55103979145284d63bc1db4ebd6e9d6666b34 (diff) | |
download | accel-ppp-cf3de06a3346854d770ba147f081e3b22e93c1bc.tar.gz accel-ppp-cf3de06a3346854d770ba147f081e3b22e93c1bc.zip |
backport 1.7
* l2tp: Fix allocation checking when adding octets AVP
* cli, tcp: Fix non-NULL terminated string reception
* Fix va_end() missing calls
* chap-secrets: implemented encryption
* auth_pap: make messages like other auth modules
* cli: check xmit_buf is not null at enter to write function
* pppoe: implemented regular expression support
* chap-secrets: implemented encryption
* ippool: fixed initialization order
* optional shaper compiling
* ppp: dns/wins code cleanup
-rw-r--r-- | CMakeLists.txt | 4 | ||||
-rw-r--r-- | README | 9 | ||||
-rw-r--r-- | accel-pppd/CMakeLists.txt | 9 | ||||
-rw-r--r-- | accel-pppd/accel-ppp.conf | 2 | ||||
-rw-r--r-- | accel-pppd/accel-ppp.conf.5 | 20 | ||||
-rw-r--r-- | accel-pppd/auth/auth_pap.c | 34 | ||||
-rw-r--r-- | accel-pppd/cli/cli.c | 2 | ||||
-rw-r--r-- | accel-pppd/cli/tcp.c | 10 | ||||
-rw-r--r-- | accel-pppd/cli/telnet.c | 5 | ||||
-rw-r--r-- | accel-pppd/ctrl/CMakeLists.txt | 5 | ||||
-rw-r--r-- | accel-pppd/ctrl/l2tp/packet.c | 2 | ||||
-rw-r--r-- | accel-pppd/ctrl/pppoe/pppoe.c | 90 | ||||
-rw-r--r-- | accel-pppd/extra/chap-secrets.c | 475 | ||||
-rw-r--r-- | accel-pppd/extra/ippool.c | 134 | ||||
-rw-r--r-- | accel-pppd/main.c | 3 | ||||
-rw-r--r-- | accel-pppd/ppp/CMakeLists.txt | 1 | ||||
-rw-r--r-- | accel-pppd/ppp/ipcp_opt_dns.c | 111 | ||||
-rw-r--r-- | accel-pppd/ppp/ipcp_opt_wins.c | 60 | ||||
-rw-r--r-- | accel-pppd/pwdb.c | 6 | ||||
-rw-r--r-- | accel-pppd/pwdb.h | 4 | ||||
-rw-r--r-- | accel-pppd/radius/radius.c | 4 | ||||
-rw-r--r-- | accel-pppd/triton/log.c | 2 | ||||
-rw-r--r-- | accel-pppd/triton/triton.h | 2 |
23 files changed, 730 insertions, 264 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index fcb067fc..7a6d8312 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -39,7 +39,3 @@ endif (BUILD_DRIVER OR BUILD_DRIVER_ONLY) if (BUILD_IPOE_DRIVER) add_subdirectory(drivers/ipoe) endif (BUILD_IPOE_DRIVER) - -if (BUILD_OPENVPN_DRIVER) - add_subdirectory(drivers/openvpn) -endif (BUILD_OPENVPN_DRIVER) @@ -153,6 +153,15 @@ snmpset -m +ACCEL-PPP-MIB -v 2c -c local 127.0.0.1 ACCEL-PPP-MIB::termByUsername snmpset -m +ACCEL-PPP-MIB -v 2c -c local 127.0.0.1 ACCEL-PPP-MIB::cli.0 = "shaper change all 1024 temp" +chap-secrets encryption +----------------------- +To enable chap-secrets encryption ablity accel-ppp must be compiled with -DCRYPTO=OPENSSL (which is default). +Username field may be kept as cleartext or hashed through some hash chain. To specify hash chain use username-hash option. +For example, username-hash=md5,sha1 means hash username through md5 and then binary result hash through sha1. +Username have to be specified as hexadecimal dump of digest result. +Password field have to be encrypted using smbencrypt (NT Hash part). +Encryption is incompatible with auth_chap_md5 module. + Warning !!! ----------- diff --git a/accel-pppd/CMakeLists.txt b/accel-pppd/CMakeLists.txt index 141b493d..f7fbdd7f 100644 --- a/accel-pppd/CMakeLists.txt +++ b/accel-pppd/CMakeLists.txt @@ -51,7 +51,14 @@ ADD_SUBDIRECTORY(auth) ADD_SUBDIRECTORY(logs) ADD_SUBDIRECTORY(extra) ADD_SUBDIRECTORY(ipv6) -ADD_SUBDIRECTORY(shaper) + +IF (NOT DEFINED SHAPER) + SET(SHAPER TRUE) +ENDIF (NOT DEFINED SHAPER) + +IF (SHAPER) + ADD_SUBDIRECTORY(shaper) +ENDIF (SHAPER) ADD_EXECUTABLE(accel-pppd session.c diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf index 7792ba71..a3bc3db0 100644 --- a/accel-pppd/accel-ppp.conf +++ b/accel-pppd/accel-ppp.conf @@ -174,6 +174,8 @@ verbose=1 [chap-secrets] gw-ip-address=192.168.100.1 #chap-secrets=/etc/ppp/chap-secrets +#encrypted=0 +#username-hash=md5 [shaper] #attr=Filter-Id diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index 70b6b6be..90f10e18 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -349,10 +349,14 @@ Timeout waiting reply from client in seconds (default 5). .br Configuration of PPPoE module. .TP -.BI "interface=" ethX[,padi-limit=n] +.BI "interface=" [re:]ifname[,padi-limit=n] Specifies interface name to listen/send discovery packets. You may specify multiple .B interface -options. Optional +options. If +.B ifname +is prefixed with +.B re: +then ifname is considered as regular expression. Optional .B padi-limit parameter specifies limit of PADI packets to reply on this interface in 1 second period. .TP @@ -587,6 +591,18 @@ Specifies address to use as local address of ppp interfaces if chap-secrets is u .TP .BI "chap-secrets=" file Specifies alternate chap-secrets file location (default is /etc/ppp/chap-secrets). +.TP +.BI "encrypted=" 0|1 +Specifies either chap-secrets is encrypted (read README). +.TP +.BI "username-hash=" hash1[,hash2] +Specifies hash chain to calculate username hash. +.br +.B hash1 +, +.B hash2 +are openssl known digest names (md5, sha1, etc). +.TP .SH [ip-pool] .br Configuration of ippool module. diff --git a/accel-pppd/auth/auth_pap.c b/accel-pppd/auth/auth_pap.c index 08edbcb7..ebbc64fc 100644 --- a/accel-pppd/auth/auth_pap.c +++ b/accel-pppd/auth/auth_pap.c @@ -215,22 +215,22 @@ static int pap_recv_req(struct pap_auth_data_t *p, struct pap_hdr_t *hdr) r = pwdb_check(&p->ppp->ses, peer_id, PPP_PAP, passwd); if (r == PWDB_NO_IMPL) { passwd2 = pwdb_get_passwd(&p->ppp->ses, peer_id); - if (!passwd2 || strcmp(passwd2, passwd)) + if (!passwd2) { + if (conf_ppp_verbose) + log_ppp_warn("pap: user not found\n"); + goto failed; + } + + if (strcmp(passwd2, passwd)) r = PWDB_DENIED; else r = PWDB_SUCCESS; + _free(passwd2); } + if (r == PWDB_DENIED) { - if (conf_ppp_verbose) - log_ppp_warn("PAP: authentication error\n"); - pap_send_nak(p, hdr->id); - if (p->started) - ap_session_terminate(&p->ppp->ses, TERM_AUTH_ERROR, 0); - else - ppp_auth_failed(p->ppp, peer_id); - ret = -1; - _free(peer_id); + goto failed; } else { if (ppp_auth_succeeded(p->ppp, peer_id)) { pap_send_nak(p, hdr->id); @@ -246,7 +246,19 @@ static int pap_recv_req(struct pap_auth_data_t *p, struct pap_hdr_t *hdr) _free(passwd); - return ret; + return 0; + +failed: + pap_send_nak(p, hdr->id); + if (p->started) + ap_session_terminate(&p->ppp->ses, TERM_AUTH_ERROR, 0); + else + ppp_auth_failed(p->ppp, peer_id); + + _free(passwd); + _free(peer_id); + + return -1; } static void pap_recv(struct ppp_handler_t *h) diff --git a/accel-pppd/cli/cli.c b/accel-pppd/cli/cli.c index 917634c9..90341cd3 100644 --- a/accel-pppd/cli/cli.c +++ b/accel-pppd/cli/cli.c @@ -54,6 +54,8 @@ void __export cli_register_simple_cmd2( c->hdr[i] = va_arg(ap, char *); list_add_tail(&c->entry, &simple_cmd_list); + + va_end(ap); } void __export cli_register_regexp_cmd(struct cli_regexp_cmd_t *cmd) diff --git a/accel-pppd/cli/tcp.c b/accel-pppd/cli/tcp.c index b2ed9105..48fa01a2 100644 --- a/accel-pppd/cli/tcp.c +++ b/accel-pppd/cli/tcp.c @@ -144,7 +144,7 @@ static int cln_read(struct triton_md_handler_t *h) char *d; while (1) { - n = read(h->fd, cln->cmdline + cln->recv_pos, RECV_BUF_SIZE - cln->recv_pos); + n = read(h->fd, cln->cmdline + cln->recv_pos, RECV_BUF_SIZE - 1 - cln->recv_pos); if (n == 0) break; if (n < 0) { @@ -154,11 +154,12 @@ static int cln_read(struct triton_md_handler_t *h) } cln->recv_pos += n; - + cln->cmdline[cln->recv_pos] = '\0'; + while (cln->recv_pos) { d = strchr((char *)cln->cmdline, '\n'); if (!d) { - if (cln->recv_pos == RECV_BUF_SIZE) { + if (cln->recv_pos == RECV_BUF_SIZE - 1) { log_warn("cli: tcp: recv buffer overflow\n"); goto drop; } @@ -192,6 +193,9 @@ static int cln_write(struct triton_md_handler_t *h) struct tcp_client_t *cln = container_of(h, typeof(*cln), hnd); int k; + if (!cln->xmit_buf) + return 0; + while (1) { for (; cln->xmit_pos < cln->xmit_buf->size; cln->xmit_pos += k) { k = write(cln->hnd.fd, cln->xmit_buf->buf + cln->xmit_pos, cln->xmit_buf->size - cln->xmit_pos); diff --git a/accel-pppd/cli/telnet.c b/accel-pppd/cli/telnet.c index 5a42a993..c3aab8c3 100644 --- a/accel-pppd/cli/telnet.c +++ b/accel-pppd/cli/telnet.c @@ -501,7 +501,10 @@ static int cln_write(struct triton_md_handler_t *h) { struct telnet_client_t *cln = container_of(h, typeof(*cln), hnd); int k; - + + if (!cln->xmit_buf) + return 0; + while (1) { for (; cln->xmit_pos < cln->xmit_buf->size; cln->xmit_pos += k) { k = write(cln->hnd.fd, cln->xmit_buf->buf + cln->xmit_pos, cln->xmit_buf->size - cln->xmit_pos); diff --git a/accel-pppd/ctrl/CMakeLists.txt b/accel-pppd/ctrl/CMakeLists.txt index 91d5b36e..9b6a11d6 100644 --- a/accel-pppd/ctrl/CMakeLists.txt +++ b/accel-pppd/ctrl/CMakeLists.txt @@ -2,8 +2,3 @@ ADD_SUBDIRECTORY(pptp) ADD_SUBDIRECTORY(pppoe) ADD_SUBDIRECTORY(l2tp) ADD_SUBDIRECTORY(ipoe) - -if (OPENVPN) - ADD_SUBDIRECTORY(openvpn) -endif (OPENVPN) - diff --git a/accel-pppd/ctrl/l2tp/packet.c b/accel-pppd/ctrl/l2tp/packet.c index c9765ad4..d6eb66c0 100644 --- a/accel-pppd/ctrl/l2tp/packet.c +++ b/accel-pppd/ctrl/l2tp/packet.c @@ -482,7 +482,7 @@ int l2tp_packet_add_octets(struct l2tp_packet_t *pack, int id, const uint8_t *va attr->length = size; attr->val.octets = _malloc(size); - if (!attr->val.string) { + if (!attr->val.octets) { log_emerg("l2tp: out of memory\n"); mempool_free(attr); return -1; diff --git a/accel-pppd/ctrl/pppoe/pppoe.c b/accel-pppd/ctrl/pppoe/pppoe.c index 22fcd62f..b01369dc 100644 --- a/accel-pppd/ctrl/pppoe/pppoe.c +++ b/accel-pppd/ctrl/pppoe/pppoe.c @@ -26,6 +26,7 @@ #include "radius.h" #endif +#include "iputils.h" #include "connlimit.h" #include "pppoe.h" @@ -73,6 +74,13 @@ struct padi_t uint8_t addr[ETH_ALEN]; }; +struct iplink_arg +{ + pcre *re; + const char *opt; + void *cli; +}; + int conf_verbose; char *conf_service_name; char *conf_ac_name; @@ -106,6 +114,7 @@ static void pppoe_send_PADT(struct pppoe_conn_t *conn); static void _server_stop(struct pppoe_serv_t *serv); void pppoe_server_free(struct pppoe_serv_t *serv); static int init_secret(struct pppoe_serv_t *serv); +static void __pppoe_server_start(const char *ifname, const char *opt, void *cli); static void disconnect(struct pppoe_conn_t *conn) { @@ -1109,41 +1118,94 @@ static void pppoe_serv_close(struct triton_context_t *ctx) pthread_mutex_unlock(&serv->lock); } -static int parse_server(const char *opt, char **ifname, int *padi_limit) +static int parse_server(const char *opt, int *padi_limit) { - char *str = _strdup(opt); - char *ptr1, *ptr2, *endptr; + char *ptr, *endptr; - ptr1 = strchr(str, ','); - if (ptr1) { - ptr2 = strstr(ptr1, ",padi-limit="); - *padi_limit = strtol(ptr2 + 12, &endptr, 10); + ptr = strstr(opt, ",padi-limit="); + if (ptr) { + *padi_limit = strtol(ptr + 12, &endptr, 10); if (*endptr != 0 && *endptr != ',') goto out_err; - - *ptr1 = 0; } - *ifname = str; - return 0; out_err: - _free(str); return -1; } +static int __pppoe_add_interface_re(int index, int flags, const char *name, struct iplink_arg *arg) +{ + if (pcre_exec(arg->re, NULL, name, strlen(name), 0, 0, NULL, 0) < 0) + return 0; + + __pppoe_server_start(name, arg->opt, arg->cli); + + return 0; +} + +static void pppoe_add_interface_re(const char *opt, void *cli) +{ + pcre *re = NULL; + const char *pcre_err; + char *pattern; + const char *ptr; + int pcre_offset; + struct iplink_arg arg; + + for (ptr = opt; *ptr && *ptr != ','; ptr++); + + pattern = _malloc(ptr - (opt + 3) + 1); + memcpy(pattern, opt + 3, ptr - (opt + 3)); + pattern[ptr - (opt + 3)] = 0; + + re = pcre_compile2(pattern, 0, NULL, &pcre_err, &pcre_offset, NULL); + + if (!re) { + log_error("pppoe: %s at %i\r\n", pcre_err, pcre_offset); + return; + } + + arg.re = re; + arg.opt = ptr; + arg.cli = cli; + + iplink_list((iplink_list_func)__pppoe_add_interface_re, &arg); + + pcre_free(re); + _free(pattern); +} + void pppoe_server_start(const char *opt, void *cli) { + char name[IFNAMSIZ]; + const char *ptr; + + if (strlen(opt) > 3 && memcmp(opt, "re:", 3) == 0) { + pppoe_add_interface_re(opt, cli); + return; + } + + ptr = strchr(opt, ','); + if (ptr) { + memcpy(name, opt, ptr - opt); + name[ptr - opt] = 0; + __pppoe_server_start(name, ptr, cli); + } else + __pppoe_server_start(opt, opt, cli); +} + +static void __pppoe_server_start(const char *ifname, const char *opt, void *cli) +{ struct pppoe_serv_t *serv; int sock; int f = 1; struct ifreq ifr; struct sockaddr_ll sa; - char *ifname = NULL; int padi_limit = conf_padi_limit; - if (parse_server(opt, &ifname, &padi_limit)) { + if (parse_server(opt, &padi_limit)) { if (cli) cli_sendv(cli, "failed to parse '%s'\r\n", opt); else diff --git a/accel-pppd/extra/chap-secrets.c b/accel-pppd/extra/chap-secrets.c index c0e620b1..47d59830 100644 --- a/accel-pppd/extra/chap-secrets.c +++ b/accel-pppd/extra/chap-secrets.c @@ -2,12 +2,19 @@ #include <stdlib.h> #include <errno.h> #include <string.h> +#include <byteswap.h> #include <netinet/in.h> #include <arpa/inet.h> +#ifdef CRYPTO_OPENSSL +#include "openssl/evp.h" +#include "crypto.h" +#endif + #include "pwdb.h" #include "ipdb.h" #include "ppp.h" +#include "ppp_auth.h" #include "events.h" #include "triton.h" #include "log.h" @@ -16,11 +23,18 @@ static char *def_chap_secrets = "/etc/ppp/chap-secrets"; static char *conf_chap_secrets; +static int conf_encrypted; static in_addr_t conf_gw_ip_address = 0; static void *pd_key; static struct ipdb_t ipdb; +struct hash_chain +{ + struct list_head entry; + const EVP_MD *md; +}; + struct cs_pd_t { struct ap_private pd; @@ -29,6 +43,8 @@ struct cs_pd_t char *rate; }; +static LIST_HEAD(hash_chain); + static char *skip_word(char *ptr) { char quote = 0; @@ -53,15 +69,19 @@ static char *skip_word(char *ptr) } else if (*ptr == ' ' || *ptr == '\t' || *ptr == '\n') break; } + return ptr; } + static char *skip_space(char *ptr) { for(; *ptr; ptr++) if (*ptr != ' ' && *ptr != '\t') break; + return ptr; } + static int split(char *buf, char **ptr) { int i; @@ -98,12 +118,37 @@ static struct cs_pd_t *create_pd(struct ap_session *ses, const char *username) FILE *f; char *buf; char *ptr[5]; - int n; + int n, i; struct cs_pd_t *pd; +#ifdef CRYPTO_OPENSSL + char username_hash[EVP_MAX_MD_SIZE * 2 + 1]; + uint8_t hash[EVP_MAX_MD_SIZE]; + struct hash_chain *hc; + EVP_MD_CTX md_ctx; + char c; +#endif if (!conf_chap_secrets) return NULL; +#ifdef CRYPTO_OPENSSL + if (conf_encrypted && !list_empty(&hash_chain)) { + unsigned int size = 0; + list_for_each_entry(hc, &hash_chain, entry) { + EVP_MD_CTX_init(&md_ctx); + EVP_DigestInit_ex(&md_ctx, hc->md, NULL); + EVP_DigestUpdate(&md_ctx, size == 0 ? (void *)username : (void *)hash, size == 0 ? strlen(username) : size); + EVP_DigestFinal_ex(&md_ctx, hash, &size); + EVP_MD_CTX_cleanup(&md_ctx); + } + + for (n = 0; n < size; n++) + sprintf(username_hash + n*2, "%02x", hash[n]); + + username = username_hash; + } +#endif + f = fopen(conf_chap_secrets, "r"); if (!f) { log_error("chap-secrets: open '%s': %s\n", conf_chap_secrets, strerror(errno)); @@ -138,6 +183,11 @@ out: return NULL; found: +#ifdef CRYPTO_OPENSSL + if (conf_encrypted && strlen(ptr[1]) != 32) + goto out; +#endif + pd = _malloc(sizeof(*pd)); if (!pd) { log_emerg("chap-secrets: out of memory\n"); @@ -146,11 +196,30 @@ found: memset(pd, 0, sizeof(*pd)); pd->pd.key = &pd_key; - pd->passwd = _strdup(ptr[1]); - if (!pd->passwd) { - log_emerg("chap-secrets: out of memory\n"); - _free(pd); - goto out; +#ifdef CRYPTO_OPENSSL + if (conf_encrypted) { + pd->passwd = _malloc(16); + if (!pd->passwd) { + log_emerg("chap-secrets: out of memory\n"); + _free(pd); + goto out; + } + + for (i = 0; i < 16; i++) { + c = ptr[1][i*2 + 2]; + ptr[1][i*2 + 2] = 0; + pd->passwd[i] = strtol(ptr[1] + i*2, NULL, 16); + ptr[1][i*2 + 2] = c; + } + } else +#endif + { + pd->passwd = _strdup(ptr[1]); + if (!pd->passwd) { + log_emerg("chap-secrets: out of memory\n"); + _free(pd); + goto out; + } } pd->ip.addr = conf_gw_ip_address; @@ -234,6 +303,11 @@ static char* get_passwd(struct pwdb_t *pwdb, struct ap_session *ses, const char { struct cs_pd_t *pd = find_pd(ses); +#ifdef CRYPTO_OPENSSL + if (conf_encrypted) + return NULL; +#endif + if (!pd) pd = create_pd(ses, username); @@ -243,14 +317,390 @@ static char* get_passwd(struct pwdb_t *pwdb, struct ap_session *ses, const char return _strdup(pd->passwd); } +#ifdef CRYPTO_OPENSSL +static void des_encrypt(const uint8_t *input, const uint8_t *key, uint8_t *output) +{ + int i, j, parity; + union + { + uint64_t u64; + uint8_t buf[8]; + } p_key; + DES_cblock cb; + DES_cblock res; + DES_key_schedule ks; + + memcpy(p_key.buf, key, 7); + p_key.u64 = bswap_64(p_key.u64); + + for (i = 0; i < 8; i++) { + cb[i] = (((p_key.u64 << (7 * i)) >> 56) & 0xfe); + for( j = 0, parity = 0; j < 7; j++) + if ((cb[i] >> (j + 1)) & 1) + parity++; + cb[i] |= (~parity) & 1; + } + + DES_set_key_checked(&cb, &ks); + memcpy(cb, input, 8); + DES_ecb_encrypt(&cb, &res, &ks, DES_ENCRYPT); + memcpy(output, res, 8); +} + +static int auth_pap(struct cs_pd_t *pd, const char *username, va_list args) +{ + const char *passwd = va_arg(args, const char *); + MD4_CTX md4_ctx; + unsigned char z_hash[21]; + char *u_passwd; + int i, len = strlen(passwd); + + u_passwd = _malloc(len * 2); + for (i = 0; i< len; i++) { + u_passwd[i * 2] = passwd[i]; + u_passwd[i * 2 + 1] = 0; + } + + memset(z_hash, 0, sizeof(z_hash)); + MD4_Init(&md4_ctx); + MD4_Update(&md4_ctx, u_passwd, len * 2); + MD4_Final(z_hash, &md4_ctx); + + _free(u_passwd); + + /*des_encrypt(ad->val, z_hash, nt_hash); + des_encrypt(ad->val, z_hash + 7, nt_hash + 8); + des_encrypt(ad->val, z_hash + 14, nt_hash + 16);*/ + + if (memcmp(z_hash, pd->passwd, 16)) + return PWDB_DENIED; + + return PWDB_SUCCESS; +} + +static int auth_chap_md5(struct cs_pd_t *pd, const char *username, va_list args) +{ + /*int id = va_arg(args, int); + uint8_t *challenge = va_arg(args, uint8_t *); + int challenge_len = va_arg(args, int); + uint8_t *response = va_arg(args, uint8_t *);*/ + + return PWDB_NO_IMPL; +} + +static void derive_mppe_keys_mschap_v1(struct ap_session *ses, const uint8_t *z_hash, const uint8_t *challenge, int challenge_len) +{ + MD4_CTX md4_ctx; + SHA_CTX sha_ctx; + uint8_t digest[20]; + struct ppp_t *ppp = container_of(ses, typeof(*ppp), ses); + + struct ev_mppe_keys_t ev_mppe = { + .ppp = ppp, + .policy = -1, + .recv_key = digest, + .send_key = digest, + }; + + //NtPasswordHashHash + MD4_Init(&md4_ctx); + MD4_Update(&md4_ctx, z_hash, 16); + MD4_Final(digest, &md4_ctx); + + //Get_Start_Key + SHA1_Init(&sha_ctx); + SHA1_Update(&sha_ctx, digest, 16); + SHA1_Update(&sha_ctx, digest, 16); + SHA1_Update(&sha_ctx, challenge, challenge_len); + SHA1_Final(digest, &sha_ctx); + + triton_event_fire(EV_MPPE_KEYS, &ev_mppe); +} + +int auth_mschap_v1(struct ap_session *ses, struct cs_pd_t *pd, const char *username, va_list args) +{ + int id __unused = va_arg(args, int); + const uint8_t *challenge = va_arg(args, const uint8_t *); + int challenge_len = va_arg(args, int); + const uint8_t *lm_response __unused = va_arg(args, const uint8_t *); + const uint8_t *nt_response = va_arg(args, const uint8_t *); + int flags __unused = va_arg(args, int); + uint8_t z_hash[21]; + uint8_t nt_hash[24]; + + memcpy(z_hash, pd->passwd, 16); + memset(z_hash + 16, 0, sizeof(z_hash) - 16); + + des_encrypt(challenge, z_hash, nt_hash); + des_encrypt(challenge, z_hash + 7, nt_hash + 8); + des_encrypt(challenge, z_hash + 14, nt_hash + 16); + + if (memcmp(nt_hash, nt_response, 24)) + return PWDB_DENIED; + + if (ses->ctrl->ppp) + derive_mppe_keys_mschap_v1(ses, z_hash, challenge, challenge_len); + + return PWDB_SUCCESS; +} + +static void generate_mschap_response(const uint8_t *nt_response, const uint8_t *c_hash, const uint8_t *z_hash, char *authenticator) +{ + MD4_CTX md4_ctx; + SHA_CTX sha_ctx; + uint8_t pw_hash[MD4_DIGEST_LENGTH]; + uint8_t response[SHA_DIGEST_LENGTH]; + int i; + + uint8_t magic1[39] = + {0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, + 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74}; + uint8_t magic2[41] = + {0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, + 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, + 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, + 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, + 0x6E}; + + + MD4_Init(&md4_ctx); + MD4_Update(&md4_ctx, z_hash, 16); + MD4_Final(pw_hash, &md4_ctx); + + SHA1_Init(&sha_ctx); + SHA1_Update(&sha_ctx, pw_hash, 16); + SHA1_Update(&sha_ctx, nt_response, 24); + SHA1_Update(&sha_ctx, magic1, 39); + SHA1_Final(response, &sha_ctx); + + SHA1_Init(&sha_ctx); + SHA1_Update(&sha_ctx, response, 20); + SHA1_Update(&sha_ctx, c_hash, 8); + SHA1_Update(&sha_ctx, magic2, 41); + SHA1_Final(response, &sha_ctx); + + for (i = 0; i < 20; i++) + sprintf(authenticator + i*2, "%02X", response[i]); +} + +static void derive_mppe_keys_mschap_v2(struct ap_session *ses, const uint8_t *z_hash, const uint8_t *nt_hash) +{ + struct ppp_t *ppp = container_of(ses, typeof(*ppp), ses); + MD4_CTX md4_ctx; + SHA_CTX sha_ctx; + uint8_t digest[20]; + uint8_t send_key[20]; + uint8_t recv_key[20]; + + uint8_t pad1[40] = + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + + uint8_t pad2[40] = + {0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2}; + + uint8_t magic1[27] = + {0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, + 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79}; + + uint8_t magic2[84] = + {0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, + 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, + 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x2e}; + + uint8_t magic3[84] = + {0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, + 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, + 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, + 0x6b, 0x65, 0x79, 0x2e}; + + struct ev_mppe_keys_t ev_mppe = { + .ppp = ppp, + .policy = -1, + .recv_key = recv_key, + .send_key = send_key, + }; + + //NtPasswordHashHash + MD4_Init(&md4_ctx); + MD4_Update(&md4_ctx, z_hash, 16); + MD4_Final(digest, &md4_ctx); + + //GetMasterKey + SHA1_Init(&sha_ctx); + SHA1_Update(&sha_ctx, digest, 16); + SHA1_Update(&sha_ctx, nt_hash, 24); + SHA1_Update(&sha_ctx, magic1, sizeof(magic1)); + SHA1_Final(digest, &sha_ctx); + + //send key + SHA1_Init(&sha_ctx); + SHA1_Update(&sha_ctx, digest, 16); + SHA1_Update(&sha_ctx, pad1, sizeof(pad1)); + SHA1_Update(&sha_ctx, magic3, sizeof(magic2)); + SHA1_Update(&sha_ctx, pad2, sizeof(pad2)); + SHA1_Final(send_key, &sha_ctx); + + //recv key + SHA1_Init(&sha_ctx); + SHA1_Update(&sha_ctx, digest, 16); + SHA1_Update(&sha_ctx, pad1, sizeof(pad1)); + SHA1_Update(&sha_ctx, magic2, sizeof(magic3)); + SHA1_Update(&sha_ctx, pad2, sizeof(pad2)); + SHA1_Final(recv_key, &sha_ctx); + + triton_event_fire(EV_MPPE_KEYS, &ev_mppe); +} + +int auth_mschap_v2(struct ap_session *ses, struct cs_pd_t *pd, const char *username, va_list args) +{ + int id __unused = va_arg(args, int); + const uint8_t *challenge = va_arg(args, const uint8_t *); + const uint8_t *peer_challenge = va_arg(args, const uint8_t *); + const uint8_t *reserved __unused = va_arg(args, const uint8_t *); + const uint8_t *response = va_arg(args, const uint8_t *); + int flags __unused = va_arg(args, int); + char *authenticator = va_arg(args, char *); + uint8_t z_hash[21]; + uint8_t nt_hash[24]; + uint8_t c_hash[SHA_DIGEST_LENGTH]; + SHA_CTX sha_ctx; + + SHA1_Init(&sha_ctx); + SHA1_Update(&sha_ctx, peer_challenge, 16); + SHA1_Update(&sha_ctx, challenge, 16); + SHA1_Update(&sha_ctx, username, strlen(username)); + SHA1_Final(c_hash, &sha_ctx); + + memcpy(z_hash, pd->passwd, 16); + memset(z_hash + 16, 0, sizeof(z_hash) - 16); + + des_encrypt(c_hash, z_hash, nt_hash); + des_encrypt(c_hash, z_hash + 7, nt_hash + 8); + des_encrypt(c_hash, z_hash + 14, nt_hash + 16); + + if (memcmp(nt_hash, response, 24)) + return PWDB_DENIED; + + if (ses->ctrl->ppp) + derive_mppe_keys_mschap_v2(ses, z_hash, response); + + generate_mschap_response(response, c_hash, z_hash, authenticator); + + return PWDB_SUCCESS; +} + +static int check_passwd(struct pwdb_t *pwdb, struct ap_session *ses, const char *username, int type, va_list _args) +{ + va_list args; + int r = PWDB_NO_IMPL; + struct cs_pd_t *pd; + + if (!conf_encrypted) + return PWDB_NO_IMPL; + + pd = find_pd(ses); + + if (!pd) + pd = create_pd(ses, username); + + if (!pd) + return PWDB_NO_IMPL; + + va_copy(args, _args); + + switch (type) { + case PPP_PAP: + r = auth_pap(pd, username, args); + break; + case PPP_CHAP: + type = va_arg(args, int); + switch (type) { + case CHAP_MD5: + r = auth_chap_md5(pd, username, args); + break; + case MSCHAP_V1: + r = auth_mschap_v1(ses, pd, username, args); + break; + case MSCHAP_V2: + r = auth_mschap_v2(ses, pd, username, args); + break; + } + break; + } + + va_end(args); + + return r; +} +#endif + static struct ipdb_t ipdb = { .get_ipv4 = get_ip, }; static struct pwdb_t pwdb = { .get_passwd = get_passwd, +#ifdef CRYPTO_OPENSSL + .check = check_passwd, +#endif }; +#ifdef CRYPTO_OPENSSL +static void clear_hash_chain(void) +{ + struct hash_chain *hc; + + while (!list_empty(&hash_chain)) { + hc = list_entry(hash_chain.next, typeof(*hc), entry); + list_del(&hc->entry); + _free(hc); + } +} + +static void parse_hash_chain(const char *opt) +{ + char *str = _strdup(opt); + char *ptr1 = str, *ptr2; + struct hash_chain *hc; + int f = 0; + + while (!f) { + for (ptr2 = ptr1 + 1; *ptr2 && *ptr2 != ','; ptr2++); + f = *ptr2 == 0; + *ptr2 = 0; + hc = _malloc(sizeof(*hc)); + hc->md = EVP_get_digestbyname(ptr1); + if (!hc->md) { + log_error("chap-secrets: digest '%s' is unavailable\n", ptr1); + _free(hc); + return; + } + list_add_tail(&hc->entry, &hash_chain); + ptr1 = ptr2 + 1; + } +} +#endif + static void load_config(void) { const char *opt; @@ -266,6 +716,19 @@ static void load_config(void) opt = conf_get_opt("chap-secrets", "gw-ip-address"); if (opt) conf_gw_ip_address = inet_addr(opt); + + opt = conf_get_opt("chap-secrets", "encrypted"); + if (opt) + conf_encrypted = atoi(opt); + else + conf_encrypted = 0; + +#ifdef CRYPTO_OPENSSL + clear_hash_chain(); + opt = conf_get_opt("chap-secrets", "username-hash"); + if (opt) + parse_hash_chain(opt); +#endif } static void init(void) diff --git a/accel-pppd/extra/ippool.c b/accel-pppd/extra/ippool.c index 62c56df1..88688073 100644 --- a/accel-pppd/extra/ippool.c +++ b/accel-pppd/extra/ippool.c @@ -6,14 +6,12 @@ #include <arpa/inet.h> #include "events.h" -#include "log.h" +#include "ipdb.h" #include "list.h" #include "spinlock.h" #include "backup.h" #include "ap_session_backup.h" -#include "ipdb.h" - #ifdef RADIUS #include "radius.h" #endif @@ -29,7 +27,6 @@ struct ippool_t struct list_head items; uint32_t startip; uint32_t endip; - void (*generate)(struct ippool_t *); spinlock_t lock; }; @@ -63,7 +60,6 @@ struct ippool_t *create_pool(const char *name) memset(p, 0, sizeof(*p)); if (name) p->name = strdup(name); - INIT_LIST_HEAD(&p->gw_list); INIT_LIST_HEAD(&p->tunnel_list); INIT_LIST_HEAD(&p->items); @@ -151,7 +147,7 @@ static int parse2(const char *str, uint32_t *begin, uint32_t *end) return 0; } -static void add_range(struct ippool_t *p, struct list_head *list, const char *name, void (*generate)(struct ippool_t *)) +static void add_range(struct ippool_t *p, struct list_head *list, const char *name) { uint32_t i,startip, endip; struct ipaddr_t *ip; @@ -172,10 +168,9 @@ static void add_range(struct ippool_t *p, struct list_head *list, const char *na p->startip = startip; p->endip = endip; - p->generate = generate; } -static void generate_pool_p2p(struct ippool_t *p) +static void generate_pool(struct ippool_t *p) { struct ippool_item_t *it; struct ipaddr_t *addr = NULL; @@ -217,53 +212,6 @@ static void generate_pool_p2p(struct ippool_t *p) } } -static void generate_pool_net30(struct ippool_t *p) -{ - struct ippool_item_t *it; - struct ipaddr_t *addr[4]; - int i; - - while (1) { - memset(addr, 0, sizeof(addr)); - - for (i = 0; i < 4; i++) { - if (list_empty(&p->tunnel_list)) - break; - - addr[i] = list_entry(p->tunnel_list.next, typeof(*addr[i]), entry); - list_del(&addr[i]->entry); - } - - if (!addr[2]) - break; - - - it = malloc(sizeof(*it)); - if (!it) { - log_emerg("ippool: out of memory\n"); - break; - } - - it->pool = p; - it->it.owner = &ipdb; - it->it.addr = addr[1]->addr; - it->it.peer_addr = addr[2]->addr; - - list_add_tail(&it->entry, &p->items); - - for (i = 0; i < 4; i++) { - if (addr[i]) - free(addr[i]); - } - } - - for (i = 0; i < 4; i++) { - if (addr[i]) - free(addr[i]); - } -} - - static struct ipv4db_item_t *get_ip(struct ap_session *ses) { struct ippool_item_t *it; @@ -453,38 +401,17 @@ static int parse_vendor_opt(const char *opt) } #endif -static void parse_options(const char *opt, char **pool_name, char **allocator) +static void ippool_init1(void) { - char *ptr1, *ptr2; - int len; - - ptr1 = strstr(opt, "name="); - if (ptr1) { - for (ptr2 = ptr1 + 5; *ptr2 && *ptr2 != ','; ptr2++); - len = ptr2 - (ptr1 + 5); - *pool_name = _malloc(len + 1); - memcpy(*pool_name, ptr1 + 5, len); - (*pool_name)[len] = 0; - } - - ptr1 = strstr(opt, "allocator="); - if (ptr1) { - for (ptr2 = ptr1 + 10; *ptr2 && *ptr2 != ','; ptr2++); - len = ptr2 - (ptr1 + 10); - *allocator = _malloc(len + 1); - memcpy(*allocator, ptr1 + 10, len); - (*allocator)[len] = 0; - } + ipdb_register(&ipdb); } -static void ippool_init(void) +static void ippool_init2(void) { struct conf_sect_t *s = conf_get_section("ip-pool"); struct conf_option_t *opt; struct ippool_t *p; - char *pool_name = NULL; - char *allocator = NULL; - void (*generate)(struct ippool_t *pool); + char *pool_name; if (!s) return; @@ -508,46 +435,26 @@ static void ippool_init(void) if (!strcmp(opt->name, "gw-ip-address")) parse_gw_ip_address(opt->val); else { - pool_name = NULL; - allocator = NULL; - - parse_options(opt->raw, &pool_name, &allocator); - - if (allocator) { - if (strcmp(allocator, "p2p") == 0) - generate = generate_pool_p2p; - else if (strcmp(allocator, "net30") == 0) - generate = generate_pool_net30; - else { - log_error("ipool: '%s': unknown allocator\n", opt->raw); - } - } else - generate = generate_pool_p2p; + if (opt->val) + pool_name = strchr(opt->val, ','); + else + pool_name = strchr(opt->name, ','); - p = pool_name ? find_pool(pool_name, 1) : def_pool; + p = pool_name ? find_pool(pool_name + 1, 1) : def_pool; if (!strcmp(opt->name, "gw")) - add_range(p, &p->gw_list, opt->val, generate); + add_range(p, &p->gw_list, opt->val); else if (!strcmp(opt->name, "tunnel")) - add_range(p, &p->tunnel_list, opt->val, generate); - else if (!opt->val || strchr(opt->name, ',')) - add_range(p, &p->tunnel_list, opt->name, generate); - - if (pool_name) - _free(pool_name); - - if (allocator) - _free(allocator); + add_range(p, &p->tunnel_list, opt->val); + else if (!opt->val) + add_range(p, &p->tunnel_list, opt->name); } } - - if (def_pool->generate) - def_pool->generate(def_pool); - list_for_each_entry(p, &pool_list, entry) - p->generate(p); + generate_pool(def_pool); - ipdb_register(&ipdb); + list_for_each_entry(p, &pool_list, entry) + generate_pool(p); #ifdef USE_BACKUP backup_register_module(&backup_mod); @@ -559,5 +466,6 @@ static void ippool_init(void) #endif } -DEFINE_INIT(51, ippool_init); +DEFINE_INIT(51, ippool_init1); +DEFINE_INIT2(52, ippool_init2); diff --git a/accel-pppd/main.c b/accel-pppd/main.c index 491e07db..8a75d5d2 100644 --- a/accel-pppd/main.c +++ b/accel-pppd/main.c @@ -35,6 +35,8 @@ static char *conf_dump; static sigset_t orig_set; #ifdef CRYPTO_OPENSSL +#include <openssl/ssl.h> + static pthread_mutex_t *ssl_lock_cs; static unsigned long ssl_thread_id(void) @@ -57,6 +59,7 @@ static void openssl_init(void) SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); + OpenSSL_add_all_digests(); ssl_lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); diff --git a/accel-pppd/ppp/CMakeLists.txt b/accel-pppd/ppp/CMakeLists.txt index f4c0f04a..560f7759 100644 --- a/accel-pppd/ppp/CMakeLists.txt +++ b/accel-pppd/ppp/CMakeLists.txt @@ -11,6 +11,7 @@ SET(sources_c ppp_ipcp.c ipcp_opt_ipaddr.c ipcp_opt_dns.c + ipcp_opt_wins.c ppp_ccp.c ) INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}) diff --git a/accel-pppd/ppp/ipcp_opt_dns.c b/accel-pppd/ppp/ipcp_opt_dns.c index 245960c7..bd5114ac 100644 --- a/accel-pppd/ppp/ipcp_opt_dns.c +++ b/accel-pppd/ppp/ipcp_opt_dns.c @@ -19,8 +19,8 @@ static void dns_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt); static int dns_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr); static int dns_send_conf_nak(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr); static int dns_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr); -static void dns1_print(void (*print)(const char *fmt,...),struct ipcp_option_t*, uint8_t *ptr); -static void dns2_print(void (*print)(const char *fmt,...),struct ipcp_option_t*, uint8_t *ptr); +static void dns1_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *, uint8_t *ptr); +static void dns2_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *, uint8_t *ptr); struct dns_option_t { @@ -28,49 +28,53 @@ struct dns_option_t in_addr_t addr; }; -static struct ipcp_option_handler_t dns1_opt_hnd= +static struct ipcp_option_handler_t dns1_opt_hnd = { - .init=dns1_init, - .send_conf_req=dns_send_conf_req, - .send_conf_nak=dns_send_conf_nak, - .recv_conf_req=dns_recv_conf_req, - .free=dns_free, - .print=dns1_print, + .init = dns1_init, + .send_conf_req = dns_send_conf_req, + .send_conf_nak = dns_send_conf_nak, + .recv_conf_req = dns_recv_conf_req, + .free = dns_free, + .print = dns1_print, }; -static struct ipcp_option_handler_t dns2_opt_hnd= +static struct ipcp_option_handler_t dns2_opt_hnd = { - .init=dns2_init, - .send_conf_req=dns_send_conf_req, - .send_conf_nak=dns_send_conf_nak, - .recv_conf_req=dns_recv_conf_req, - .free=dns_free, - .print=dns2_print, + .init = dns2_init, + .send_conf_req = dns_send_conf_req, + .send_conf_nak = dns_send_conf_nak, + .recv_conf_req = dns_recv_conf_req, + .free = dns_free, + .print = dns2_print, }; static struct ipcp_option_t *dns1_init(struct ppp_ipcp_t *ipcp) { - struct dns_option_t *dns_opt=_malloc(sizeof(*dns_opt)); - memset(dns_opt,0,sizeof(*dns_opt)); - dns_opt->opt.id=CI_DNS1; - dns_opt->opt.len=6; + struct dns_option_t *dns_opt = _malloc(sizeof(*dns_opt)); + + memset(dns_opt, 0, sizeof(*dns_opt)); + dns_opt->opt.id = CI_DNS1; + dns_opt->opt.len = 6; + dns_opt->addr = conf_dns1; return &dns_opt->opt; } static struct ipcp_option_t *dns2_init(struct ppp_ipcp_t *ipcp) { - struct dns_option_t *dns_opt=_malloc(sizeof(*dns_opt)); - memset(dns_opt,0,sizeof(*dns_opt)); - dns_opt->opt.id=CI_DNS2; - dns_opt->opt.len=6; + struct dns_option_t *dns_opt = _malloc(sizeof(*dns_opt)); + + memset(dns_opt, 0, sizeof(*dns_opt)); + dns_opt->opt.id = CI_DNS2; + dns_opt->opt.len = 6; + dns_opt->addr = conf_dns2; return &dns_opt->opt; } static void dns_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt) { - struct dns_option_t *dns_opt=container_of(opt,typeof(*dns_opt),opt); + struct dns_option_t *dns_opt = container_of(opt, typeof(*dns_opt), opt); _free(dns_opt); } @@ -82,62 +86,59 @@ static int dns_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, static int dns_send_conf_nak(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr) { - struct dns_option_t *dns_opt=container_of(opt,typeof(*dns_opt),opt); - struct ipcp_opt32_t *opt32=(struct ipcp_opt32_t*)ptr; - opt32->hdr.id=dns_opt->opt.id; - opt32->hdr.len=6; - opt32->val=dns_opt->addr; + struct dns_option_t *dns_opt = container_of(opt, typeof(*dns_opt), opt); + struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr; + opt32->hdr.id = dns_opt->opt.id; + opt32->hdr.len = 6; + opt32->val = dns_opt->addr; return 6; } static int dns_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr) { - struct dns_option_t *dns_opt=container_of(opt,typeof(*dns_opt),opt); - struct ipcp_opt32_t *opt32=(struct ipcp_opt32_t*)ptr; + struct dns_option_t *dns_opt = container_of(opt, typeof(*dns_opt), opt); + struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr; if (opt32->hdr.len != 6) return IPCP_OPT_REJ; - if (!dns_opt->addr) - { - if (dns_opt->opt.id == CI_DNS1 && conf_dns1) dns_opt->addr=conf_dns1; - else if (dns_opt->opt.id == CI_DNS2 && conf_dns2) dns_opt->addr=conf_dns2; - - if (!dns_opt->addr) - { - dns_opt->addr=opt32->val; - return IPCP_OPT_ACK; - } + if (!dns_opt->addr) { + dns_opt->addr = opt32->val; + return IPCP_OPT_ACK; } - if (dns_opt->addr==opt32->val) + if (dns_opt->addr == opt32->val) return IPCP_OPT_ACK; return IPCP_OPT_NAK; } -static void dns1_print(void (*print)(const char *fmt,...),struct ipcp_option_t *opt, uint8_t *ptr) +static void dns1_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *opt, uint8_t *ptr) { - struct dns_option_t *dns_opt=container_of(opt,typeof(*dns_opt),opt); - struct ipcp_opt32_t *opt32=(struct ipcp_opt32_t*)ptr; + struct dns_option_t *dns_opt = container_of(opt, typeof(*dns_opt), opt); + struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr; struct in_addr in; - if (ptr) in.s_addr=opt32->val; - else in.s_addr=dns_opt->addr; + if (ptr) + in.s_addr = opt32->val; + else + in.s_addr = dns_opt->addr; - print("<dns1 %s>",inet_ntoa(in)); + print("<dns1 %s>", inet_ntoa(in)); } -static void dns2_print(void (*print)(const char *fmt,...),struct ipcp_option_t *opt, uint8_t *ptr) +static void dns2_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *opt, uint8_t *ptr) { - struct dns_option_t *dns_opt=container_of(opt,typeof(*dns_opt),opt); - struct ipcp_opt32_t *opt32=(struct ipcp_opt32_t*)ptr; + struct dns_option_t *dns_opt = container_of(opt, typeof(*dns_opt), opt); + struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr; struct in_addr in; - if (ptr) in.s_addr=opt32->val; - else in.s_addr=dns_opt->addr; + if (ptr) + in.s_addr = opt32->val; + else + in.s_addr = dns_opt->addr; - print("<dns2 %s>",inet_ntoa(in)); + print("<dns2 %s>", inet_ntoa(in)); } static void ev_dns(struct ev_dns_t *ev) diff --git a/accel-pppd/ppp/ipcp_opt_wins.c b/accel-pppd/ppp/ipcp_opt_wins.c index f65b945f..fd69a8cf 100644 --- a/accel-pppd/ppp/ipcp_opt_wins.c +++ b/accel-pppd/ppp/ipcp_opt_wins.c @@ -19,33 +19,31 @@ static void wins_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt); static int wins_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr); static int wins_send_conf_nak(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr); static int wins_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr); -static int wins_recv_conf_rej(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr); -static void wins1_print(void (*print)(const char *fmt,...), struct ipcp_option_t*, uint8_t *ptr); -static void wins2_print(void (*print)(const char *fmt,...), struct ipcp_option_t*, uint8_t *ptr); +static void wins1_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *, uint8_t *ptr); +static void wins2_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *, uint8_t *ptr); struct wins_option_t { struct ipcp_option_t opt; in_addr_t addr; - int rejected; }; -static struct ipcp_option_handler_t wins1_opt_hnd = { +static struct ipcp_option_handler_t wins1_opt_hnd = +{ .init = wins1_init, .send_conf_req = wins_send_conf_req, .send_conf_nak = wins_send_conf_nak, .recv_conf_req = wins_recv_conf_req, - .recv_conf_rej = wins_recv_conf_rej, .free = wins_free, .print = wins1_print, }; -static struct ipcp_option_handler_t wins2_opt_hnd = { +static struct ipcp_option_handler_t wins2_opt_hnd = +{ .init = wins2_init, .send_conf_req = wins_send_conf_req, .send_conf_nak = wins_send_conf_nak, .recv_conf_req = wins_recv_conf_req, - .recv_conf_rej = wins_recv_conf_rej, .free = wins_free, .print = wins2_print, }; @@ -53,9 +51,11 @@ static struct ipcp_option_handler_t wins2_opt_hnd = { static struct ipcp_option_t *wins1_init(struct ppp_ipcp_t *ipcp) { struct wins_option_t *wins_opt = _malloc(sizeof(*wins_opt)); + memset(wins_opt, 0, sizeof(*wins_opt)); wins_opt->opt.id = CI_WINS1; wins_opt->opt.len = 6; + wins_opt->addr = conf_wins1; return &wins_opt->opt; } @@ -63,33 +63,25 @@ static struct ipcp_option_t *wins1_init(struct ppp_ipcp_t *ipcp) static struct ipcp_option_t *wins2_init(struct ppp_ipcp_t *ipcp) { struct wins_option_t *wins_opt = _malloc(sizeof(*wins_opt)); + memset(wins_opt, 0, sizeof(*wins_opt)); wins_opt->opt.id = CI_WINS2; wins_opt->opt.len = 6; + wins_opt->addr = conf_wins2; return &wins_opt->opt; } static void wins_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt) { - struct wins_option_t *wins_opt=container_of(opt,typeof(*wins_opt),opt); + struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt); _free(wins_opt); } static int wins_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr) { - struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt); - struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr; - - if (!wins_opt->addr || wins_opt->rejected) - return 0; - - opt32->hdr.id = wins_opt->opt.id; - opt32->hdr.len = 6; - opt32->val = 0; - - return 6; + return 0; } static int wins_send_conf_nak(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr) @@ -105,21 +97,14 @@ static int wins_send_conf_nak(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt static int wins_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr) { struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt); - struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t*)ptr; + struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr; if (opt32->hdr.len != 6) return IPCP_OPT_REJ; - if (!wins_opt->addr) { - if (wins_opt->opt.id == CI_WINS1 && conf_wins1) - wins_opt->addr=conf_wins1; - else if (wins_opt->opt.id == CI_WINS2 && conf_wins2) - wins_opt->addr=conf_wins2; - - if (!wins_opt->addr) { - wins_opt->addr = opt32->val; - return IPCP_OPT_ACK; - } + if (!wins_opt->addr) { + wins_opt->addr = opt32->val; + return IPCP_OPT_ACK; } if (wins_opt->addr == opt32->val) @@ -128,16 +113,7 @@ static int wins_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt return IPCP_OPT_NAK; } -static int wins_recv_conf_rej(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr) -{ - struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt); - - wins_opt->rejected = 1; - - return 0; -} - -static void wins1_print(void (*print)(const char *fmt,...), struct ipcp_option_t *opt, uint8_t *ptr) +static void wins1_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *opt, uint8_t *ptr) { struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt); struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr; @@ -151,7 +127,7 @@ static void wins1_print(void (*print)(const char *fmt,...), struct ipcp_option_t print("<wins1 %s>", inet_ntoa(in)); } -static void wins2_print(void (*print)(const char *fmt,...), struct ipcp_option_t *opt, uint8_t *ptr) +static void wins2_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *opt, uint8_t *ptr) { struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt); struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr; diff --git a/accel-pppd/pwdb.c b/accel-pppd/pwdb.c index f4440b8f..5626c2c9 100644 --- a/accel-pppd/pwdb.c +++ b/accel-pppd/pwdb.c @@ -22,11 +22,13 @@ int __export pwdb_check(struct ap_session *ses, const char *username, int type, r = pwdb->check(pwdb, ses, username, type, args); if (r == PWDB_NO_IMPL) continue; - if (r == PWDB_SUCCESS) - return PWDB_SUCCESS; res = r; + if (r == PWDB_SUCCESS) + break; } + va_end(args); + return res; } __export char *pwdb_get_passwd(struct ap_session *ses, const char *username) diff --git a/accel-pppd/pwdb.h b/accel-pppd/pwdb.h index 8d8ab408..f7d62d6a 100644 --- a/accel-pppd/pwdb.h +++ b/accel-pppd/pwdb.h @@ -6,6 +6,10 @@ struct ap_session; +#define CHAP_MD5 5 +#define MSCHAP_V1 0x80 +#define MSCHAP_V2 0x81 + #define PWDB_SUCCESS 0 #define PWDB_DENIED 1 #define PWDB_NO_IMPL 2 diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c index 9caf6f0f..5313fe18 100644 --- a/accel-pppd/radius/radius.c +++ b/accel-pppd/radius/radius.c @@ -19,10 +19,6 @@ #include "memdebug.h" -#define CHAP_MD5 5 -#define MSCHAP_V1 0x80 -#define MSCHAP_V2 0x81 - int conf_max_try = 3; int conf_timeout = 3; int conf_acct_timeout = 3; diff --git a/accel-pppd/triton/log.c b/accel-pppd/triton/log.c index 95304284..9226e117 100644 --- a/accel-pppd/triton/log.c +++ b/accel-pppd/triton/log.c @@ -59,6 +59,7 @@ void triton_log_error(const char *fmt,...) va_start(ap, fmt); do_log(f_error, fmt, ap); + va_end(ap); } void triton_log_debug(const char *fmt,...) @@ -70,5 +71,6 @@ void triton_log_debug(const char *fmt,...) va_start(ap, fmt); do_log(f_debug, fmt, ap); + va_end(ap); } diff --git a/accel-pppd/triton/triton.h b/accel-pppd/triton/triton.h index 98955dfc..e47eb369 100644 --- a/accel-pppd/triton/triton.h +++ b/accel-pppd/triton/triton.h @@ -128,6 +128,7 @@ void triton_terminate(void); #define __init __attribute__((constructor)) #define __exit __attribute__((destructor)) #define __export __attribute__((visibility("default"))) +#define __unused __attribute__((unused)) #undef offsetof #ifdef __compiler_offsetof @@ -141,5 +142,6 @@ void triton_terminate(void); (type *)( (char *)__mptr - offsetof(type,member) );}) #define DEFINE_INIT(o, func) static void __init __init__(void){triton_register_init(o,func);} +#define DEFINE_INIT2(o, func) static void __init __init2__(void){triton_register_init(o,func);} #endif |