summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKozlov Dmitry <xeb@mail.ru>2013-01-24 23:58:56 +0400
committerKozlov Dmitry <xeb@mail.ru>2013-01-24 23:58:56 +0400
commitcf3de06a3346854d770ba147f081e3b22e93c1bc (patch)
tree0c1a138d292c140c2547361615bf556ff2b98f9f
parent35b55103979145284d63bc1db4ebd6e9d6666b34 (diff)
downloadaccel-ppp-cf3de06a3346854d770ba147f081e3b22e93c1bc.tar.gz
accel-ppp-cf3de06a3346854d770ba147f081e3b22e93c1bc.zip
backport 1.7
* l2tp: Fix allocation checking when adding octets AVP * cli, tcp: Fix non-NULL terminated string reception * Fix va_end() missing calls * chap-secrets: implemented encryption * auth_pap: make messages like other auth modules * cli: check xmit_buf is not null at enter to write function * pppoe: implemented regular expression support * chap-secrets: implemented encryption * ippool: fixed initialization order * optional shaper compiling * ppp: dns/wins code cleanup
-rw-r--r--CMakeLists.txt4
-rw-r--r--README9
-rw-r--r--accel-pppd/CMakeLists.txt9
-rw-r--r--accel-pppd/accel-ppp.conf2
-rw-r--r--accel-pppd/accel-ppp.conf.520
-rw-r--r--accel-pppd/auth/auth_pap.c34
-rw-r--r--accel-pppd/cli/cli.c2
-rw-r--r--accel-pppd/cli/tcp.c10
-rw-r--r--accel-pppd/cli/telnet.c5
-rw-r--r--accel-pppd/ctrl/CMakeLists.txt5
-rw-r--r--accel-pppd/ctrl/l2tp/packet.c2
-rw-r--r--accel-pppd/ctrl/pppoe/pppoe.c90
-rw-r--r--accel-pppd/extra/chap-secrets.c475
-rw-r--r--accel-pppd/extra/ippool.c134
-rw-r--r--accel-pppd/main.c3
-rw-r--r--accel-pppd/ppp/CMakeLists.txt1
-rw-r--r--accel-pppd/ppp/ipcp_opt_dns.c111
-rw-r--r--accel-pppd/ppp/ipcp_opt_wins.c60
-rw-r--r--accel-pppd/pwdb.c6
-rw-r--r--accel-pppd/pwdb.h4
-rw-r--r--accel-pppd/radius/radius.c4
-rw-r--r--accel-pppd/triton/log.c2
-rw-r--r--accel-pppd/triton/triton.h2
23 files changed, 730 insertions, 264 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index fcb067fc..7a6d8312 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -39,7 +39,3 @@ endif (BUILD_DRIVER OR BUILD_DRIVER_ONLY)
if (BUILD_IPOE_DRIVER)
add_subdirectory(drivers/ipoe)
endif (BUILD_IPOE_DRIVER)
-
-if (BUILD_OPENVPN_DRIVER)
- add_subdirectory(drivers/openvpn)
-endif (BUILD_OPENVPN_DRIVER)
diff --git a/README b/README
index fe2f5f73..450ba857 100644
--- a/README
+++ b/README
@@ -153,6 +153,15 @@ snmpset -m +ACCEL-PPP-MIB -v 2c -c local 127.0.0.1 ACCEL-PPP-MIB::termByUsername
snmpset -m +ACCEL-PPP-MIB -v 2c -c local 127.0.0.1 ACCEL-PPP-MIB::cli.0 = "shaper change all 1024 temp"
+chap-secrets encryption
+-----------------------
+To enable chap-secrets encryption ablity accel-ppp must be compiled with -DCRYPTO=OPENSSL (which is default).
+Username field may be kept as cleartext or hashed through some hash chain. To specify hash chain use username-hash option.
+For example, username-hash=md5,sha1 means hash username through md5 and then binary result hash through sha1.
+Username have to be specified as hexadecimal dump of digest result.
+Password field have to be encrypted using smbencrypt (NT Hash part).
+Encryption is incompatible with auth_chap_md5 module.
+
Warning !!!
-----------
diff --git a/accel-pppd/CMakeLists.txt b/accel-pppd/CMakeLists.txt
index 141b493d..f7fbdd7f 100644
--- a/accel-pppd/CMakeLists.txt
+++ b/accel-pppd/CMakeLists.txt
@@ -51,7 +51,14 @@ ADD_SUBDIRECTORY(auth)
ADD_SUBDIRECTORY(logs)
ADD_SUBDIRECTORY(extra)
ADD_SUBDIRECTORY(ipv6)
-ADD_SUBDIRECTORY(shaper)
+
+IF (NOT DEFINED SHAPER)
+ SET(SHAPER TRUE)
+ENDIF (NOT DEFINED SHAPER)
+
+IF (SHAPER)
+ ADD_SUBDIRECTORY(shaper)
+ENDIF (SHAPER)
ADD_EXECUTABLE(accel-pppd
session.c
diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf
index 7792ba71..a3bc3db0 100644
--- a/accel-pppd/accel-ppp.conf
+++ b/accel-pppd/accel-ppp.conf
@@ -174,6 +174,8 @@ verbose=1
[chap-secrets]
gw-ip-address=192.168.100.1
#chap-secrets=/etc/ppp/chap-secrets
+#encrypted=0
+#username-hash=md5
[shaper]
#attr=Filter-Id
diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5
index 70b6b6be..90f10e18 100644
--- a/accel-pppd/accel-ppp.conf.5
+++ b/accel-pppd/accel-ppp.conf.5
@@ -349,10 +349,14 @@ Timeout waiting reply from client in seconds (default 5).
.br
Configuration of PPPoE module.
.TP
-.BI "interface=" ethX[,padi-limit=n]
+.BI "interface=" [re:]ifname[,padi-limit=n]
Specifies interface name to listen/send discovery packets. You may specify multiple
.B interface
-options. Optional
+options. If
+.B ifname
+is prefixed with
+.B re:
+then ifname is considered as regular expression. Optional
.B padi-limit
parameter specifies limit of PADI packets to reply on this interface in 1 second period.
.TP
@@ -587,6 +591,18 @@ Specifies address to use as local address of ppp interfaces if chap-secrets is u
.TP
.BI "chap-secrets=" file
Specifies alternate chap-secrets file location (default is /etc/ppp/chap-secrets).
+.TP
+.BI "encrypted=" 0|1
+Specifies either chap-secrets is encrypted (read README).
+.TP
+.BI "username-hash=" hash1[,hash2]
+Specifies hash chain to calculate username hash.
+.br
+.B hash1
+,
+.B hash2
+are openssl known digest names (md5, sha1, etc).
+.TP
.SH [ip-pool]
.br
Configuration of ippool module.
diff --git a/accel-pppd/auth/auth_pap.c b/accel-pppd/auth/auth_pap.c
index 08edbcb7..ebbc64fc 100644
--- a/accel-pppd/auth/auth_pap.c
+++ b/accel-pppd/auth/auth_pap.c
@@ -215,22 +215,22 @@ static int pap_recv_req(struct pap_auth_data_t *p, struct pap_hdr_t *hdr)
r = pwdb_check(&p->ppp->ses, peer_id, PPP_PAP, passwd);
if (r == PWDB_NO_IMPL) {
passwd2 = pwdb_get_passwd(&p->ppp->ses, peer_id);
- if (!passwd2 || strcmp(passwd2, passwd))
+ if (!passwd2) {
+ if (conf_ppp_verbose)
+ log_ppp_warn("pap: user not found\n");
+ goto failed;
+ }
+
+ if (strcmp(passwd2, passwd))
r = PWDB_DENIED;
else
r = PWDB_SUCCESS;
+
_free(passwd2);
}
+
if (r == PWDB_DENIED) {
- if (conf_ppp_verbose)
- log_ppp_warn("PAP: authentication error\n");
- pap_send_nak(p, hdr->id);
- if (p->started)
- ap_session_terminate(&p->ppp->ses, TERM_AUTH_ERROR, 0);
- else
- ppp_auth_failed(p->ppp, peer_id);
- ret = -1;
- _free(peer_id);
+ goto failed;
} else {
if (ppp_auth_succeeded(p->ppp, peer_id)) {
pap_send_nak(p, hdr->id);
@@ -246,7 +246,19 @@ static int pap_recv_req(struct pap_auth_data_t *p, struct pap_hdr_t *hdr)
_free(passwd);
- return ret;
+ return 0;
+
+failed:
+ pap_send_nak(p, hdr->id);
+ if (p->started)
+ ap_session_terminate(&p->ppp->ses, TERM_AUTH_ERROR, 0);
+ else
+ ppp_auth_failed(p->ppp, peer_id);
+
+ _free(passwd);
+ _free(peer_id);
+
+ return -1;
}
static void pap_recv(struct ppp_handler_t *h)
diff --git a/accel-pppd/cli/cli.c b/accel-pppd/cli/cli.c
index 917634c9..90341cd3 100644
--- a/accel-pppd/cli/cli.c
+++ b/accel-pppd/cli/cli.c
@@ -54,6 +54,8 @@ void __export cli_register_simple_cmd2(
c->hdr[i] = va_arg(ap, char *);
list_add_tail(&c->entry, &simple_cmd_list);
+
+ va_end(ap);
}
void __export cli_register_regexp_cmd(struct cli_regexp_cmd_t *cmd)
diff --git a/accel-pppd/cli/tcp.c b/accel-pppd/cli/tcp.c
index b2ed9105..48fa01a2 100644
--- a/accel-pppd/cli/tcp.c
+++ b/accel-pppd/cli/tcp.c
@@ -144,7 +144,7 @@ static int cln_read(struct triton_md_handler_t *h)
char *d;
while (1) {
- n = read(h->fd, cln->cmdline + cln->recv_pos, RECV_BUF_SIZE - cln->recv_pos);
+ n = read(h->fd, cln->cmdline + cln->recv_pos, RECV_BUF_SIZE - 1 - cln->recv_pos);
if (n == 0)
break;
if (n < 0) {
@@ -154,11 +154,12 @@ static int cln_read(struct triton_md_handler_t *h)
}
cln->recv_pos += n;
-
+ cln->cmdline[cln->recv_pos] = '\0';
+
while (cln->recv_pos) {
d = strchr((char *)cln->cmdline, '\n');
if (!d) {
- if (cln->recv_pos == RECV_BUF_SIZE) {
+ if (cln->recv_pos == RECV_BUF_SIZE - 1) {
log_warn("cli: tcp: recv buffer overflow\n");
goto drop;
}
@@ -192,6 +193,9 @@ static int cln_write(struct triton_md_handler_t *h)
struct tcp_client_t *cln = container_of(h, typeof(*cln), hnd);
int k;
+ if (!cln->xmit_buf)
+ return 0;
+
while (1) {
for (; cln->xmit_pos < cln->xmit_buf->size; cln->xmit_pos += k) {
k = write(cln->hnd.fd, cln->xmit_buf->buf + cln->xmit_pos, cln->xmit_buf->size - cln->xmit_pos);
diff --git a/accel-pppd/cli/telnet.c b/accel-pppd/cli/telnet.c
index 5a42a993..c3aab8c3 100644
--- a/accel-pppd/cli/telnet.c
+++ b/accel-pppd/cli/telnet.c
@@ -501,7 +501,10 @@ static int cln_write(struct triton_md_handler_t *h)
{
struct telnet_client_t *cln = container_of(h, typeof(*cln), hnd);
int k;
-
+
+ if (!cln->xmit_buf)
+ return 0;
+
while (1) {
for (; cln->xmit_pos < cln->xmit_buf->size; cln->xmit_pos += k) {
k = write(cln->hnd.fd, cln->xmit_buf->buf + cln->xmit_pos, cln->xmit_buf->size - cln->xmit_pos);
diff --git a/accel-pppd/ctrl/CMakeLists.txt b/accel-pppd/ctrl/CMakeLists.txt
index 91d5b36e..9b6a11d6 100644
--- a/accel-pppd/ctrl/CMakeLists.txt
+++ b/accel-pppd/ctrl/CMakeLists.txt
@@ -2,8 +2,3 @@ ADD_SUBDIRECTORY(pptp)
ADD_SUBDIRECTORY(pppoe)
ADD_SUBDIRECTORY(l2tp)
ADD_SUBDIRECTORY(ipoe)
-
-if (OPENVPN)
- ADD_SUBDIRECTORY(openvpn)
-endif (OPENVPN)
-
diff --git a/accel-pppd/ctrl/l2tp/packet.c b/accel-pppd/ctrl/l2tp/packet.c
index c9765ad4..d6eb66c0 100644
--- a/accel-pppd/ctrl/l2tp/packet.c
+++ b/accel-pppd/ctrl/l2tp/packet.c
@@ -482,7 +482,7 @@ int l2tp_packet_add_octets(struct l2tp_packet_t *pack, int id, const uint8_t *va
attr->length = size;
attr->val.octets = _malloc(size);
- if (!attr->val.string) {
+ if (!attr->val.octets) {
log_emerg("l2tp: out of memory\n");
mempool_free(attr);
return -1;
diff --git a/accel-pppd/ctrl/pppoe/pppoe.c b/accel-pppd/ctrl/pppoe/pppoe.c
index 22fcd62f..b01369dc 100644
--- a/accel-pppd/ctrl/pppoe/pppoe.c
+++ b/accel-pppd/ctrl/pppoe/pppoe.c
@@ -26,6 +26,7 @@
#include "radius.h"
#endif
+#include "iputils.h"
#include "connlimit.h"
#include "pppoe.h"
@@ -73,6 +74,13 @@ struct padi_t
uint8_t addr[ETH_ALEN];
};
+struct iplink_arg
+{
+ pcre *re;
+ const char *opt;
+ void *cli;
+};
+
int conf_verbose;
char *conf_service_name;
char *conf_ac_name;
@@ -106,6 +114,7 @@ static void pppoe_send_PADT(struct pppoe_conn_t *conn);
static void _server_stop(struct pppoe_serv_t *serv);
void pppoe_server_free(struct pppoe_serv_t *serv);
static int init_secret(struct pppoe_serv_t *serv);
+static void __pppoe_server_start(const char *ifname, const char *opt, void *cli);
static void disconnect(struct pppoe_conn_t *conn)
{
@@ -1109,41 +1118,94 @@ static void pppoe_serv_close(struct triton_context_t *ctx)
pthread_mutex_unlock(&serv->lock);
}
-static int parse_server(const char *opt, char **ifname, int *padi_limit)
+static int parse_server(const char *opt, int *padi_limit)
{
- char *str = _strdup(opt);
- char *ptr1, *ptr2, *endptr;
+ char *ptr, *endptr;
- ptr1 = strchr(str, ',');
- if (ptr1) {
- ptr2 = strstr(ptr1, ",padi-limit=");
- *padi_limit = strtol(ptr2 + 12, &endptr, 10);
+ ptr = strstr(opt, ",padi-limit=");
+ if (ptr) {
+ *padi_limit = strtol(ptr + 12, &endptr, 10);
if (*endptr != 0 && *endptr != ',')
goto out_err;
-
- *ptr1 = 0;
}
- *ifname = str;
-
return 0;
out_err:
- _free(str);
return -1;
}
+static int __pppoe_add_interface_re(int index, int flags, const char *name, struct iplink_arg *arg)
+{
+ if (pcre_exec(arg->re, NULL, name, strlen(name), 0, 0, NULL, 0) < 0)
+ return 0;
+
+ __pppoe_server_start(name, arg->opt, arg->cli);
+
+ return 0;
+}
+
+static void pppoe_add_interface_re(const char *opt, void *cli)
+{
+ pcre *re = NULL;
+ const char *pcre_err;
+ char *pattern;
+ const char *ptr;
+ int pcre_offset;
+ struct iplink_arg arg;
+
+ for (ptr = opt; *ptr && *ptr != ','; ptr++);
+
+ pattern = _malloc(ptr - (opt + 3) + 1);
+ memcpy(pattern, opt + 3, ptr - (opt + 3));
+ pattern[ptr - (opt + 3)] = 0;
+
+ re = pcre_compile2(pattern, 0, NULL, &pcre_err, &pcre_offset, NULL);
+
+ if (!re) {
+ log_error("pppoe: %s at %i\r\n", pcre_err, pcre_offset);
+ return;
+ }
+
+ arg.re = re;
+ arg.opt = ptr;
+ arg.cli = cli;
+
+ iplink_list((iplink_list_func)__pppoe_add_interface_re, &arg);
+
+ pcre_free(re);
+ _free(pattern);
+}
+
void pppoe_server_start(const char *opt, void *cli)
{
+ char name[IFNAMSIZ];
+ const char *ptr;
+
+ if (strlen(opt) > 3 && memcmp(opt, "re:", 3) == 0) {
+ pppoe_add_interface_re(opt, cli);
+ return;
+ }
+
+ ptr = strchr(opt, ',');
+ if (ptr) {
+ memcpy(name, opt, ptr - opt);
+ name[ptr - opt] = 0;
+ __pppoe_server_start(name, ptr, cli);
+ } else
+ __pppoe_server_start(opt, opt, cli);
+}
+
+static void __pppoe_server_start(const char *ifname, const char *opt, void *cli)
+{
struct pppoe_serv_t *serv;
int sock;
int f = 1;
struct ifreq ifr;
struct sockaddr_ll sa;
- char *ifname = NULL;
int padi_limit = conf_padi_limit;
- if (parse_server(opt, &ifname, &padi_limit)) {
+ if (parse_server(opt, &padi_limit)) {
if (cli)
cli_sendv(cli, "failed to parse '%s'\r\n", opt);
else
diff --git a/accel-pppd/extra/chap-secrets.c b/accel-pppd/extra/chap-secrets.c
index c0e620b1..47d59830 100644
--- a/accel-pppd/extra/chap-secrets.c
+++ b/accel-pppd/extra/chap-secrets.c
@@ -2,12 +2,19 @@
#include <stdlib.h>
#include <errno.h>
#include <string.h>
+#include <byteswap.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+#ifdef CRYPTO_OPENSSL
+#include "openssl/evp.h"
+#include "crypto.h"
+#endif
+
#include "pwdb.h"
#include "ipdb.h"
#include "ppp.h"
+#include "ppp_auth.h"
#include "events.h"
#include "triton.h"
#include "log.h"
@@ -16,11 +23,18 @@
static char *def_chap_secrets = "/etc/ppp/chap-secrets";
static char *conf_chap_secrets;
+static int conf_encrypted;
static in_addr_t conf_gw_ip_address = 0;
static void *pd_key;
static struct ipdb_t ipdb;
+struct hash_chain
+{
+ struct list_head entry;
+ const EVP_MD *md;
+};
+
struct cs_pd_t
{
struct ap_private pd;
@@ -29,6 +43,8 @@ struct cs_pd_t
char *rate;
};
+static LIST_HEAD(hash_chain);
+
static char *skip_word(char *ptr)
{
char quote = 0;
@@ -53,15 +69,19 @@ static char *skip_word(char *ptr)
} else if (*ptr == ' ' || *ptr == '\t' || *ptr == '\n')
break;
}
+
return ptr;
}
+
static char *skip_space(char *ptr)
{
for(; *ptr; ptr++)
if (*ptr != ' ' && *ptr != '\t')
break;
+
return ptr;
}
+
static int split(char *buf, char **ptr)
{
int i;
@@ -98,12 +118,37 @@ static struct cs_pd_t *create_pd(struct ap_session *ses, const char *username)
FILE *f;
char *buf;
char *ptr[5];
- int n;
+ int n, i;
struct cs_pd_t *pd;
+#ifdef CRYPTO_OPENSSL
+ char username_hash[EVP_MAX_MD_SIZE * 2 + 1];
+ uint8_t hash[EVP_MAX_MD_SIZE];
+ struct hash_chain *hc;
+ EVP_MD_CTX md_ctx;
+ char c;
+#endif
if (!conf_chap_secrets)
return NULL;
+#ifdef CRYPTO_OPENSSL
+ if (conf_encrypted && !list_empty(&hash_chain)) {
+ unsigned int size = 0;
+ list_for_each_entry(hc, &hash_chain, entry) {
+ EVP_MD_CTX_init(&md_ctx);
+ EVP_DigestInit_ex(&md_ctx, hc->md, NULL);
+ EVP_DigestUpdate(&md_ctx, size == 0 ? (void *)username : (void *)hash, size == 0 ? strlen(username) : size);
+ EVP_DigestFinal_ex(&md_ctx, hash, &size);
+ EVP_MD_CTX_cleanup(&md_ctx);
+ }
+
+ for (n = 0; n < size; n++)
+ sprintf(username_hash + n*2, "%02x", hash[n]);
+
+ username = username_hash;
+ }
+#endif
+
f = fopen(conf_chap_secrets, "r");
if (!f) {
log_error("chap-secrets: open '%s': %s\n", conf_chap_secrets, strerror(errno));
@@ -138,6 +183,11 @@ out:
return NULL;
found:
+#ifdef CRYPTO_OPENSSL
+ if (conf_encrypted && strlen(ptr[1]) != 32)
+ goto out;
+#endif
+
pd = _malloc(sizeof(*pd));
if (!pd) {
log_emerg("chap-secrets: out of memory\n");
@@ -146,11 +196,30 @@ found:
memset(pd, 0, sizeof(*pd));
pd->pd.key = &pd_key;
- pd->passwd = _strdup(ptr[1]);
- if (!pd->passwd) {
- log_emerg("chap-secrets: out of memory\n");
- _free(pd);
- goto out;
+#ifdef CRYPTO_OPENSSL
+ if (conf_encrypted) {
+ pd->passwd = _malloc(16);
+ if (!pd->passwd) {
+ log_emerg("chap-secrets: out of memory\n");
+ _free(pd);
+ goto out;
+ }
+
+ for (i = 0; i < 16; i++) {
+ c = ptr[1][i*2 + 2];
+ ptr[1][i*2 + 2] = 0;
+ pd->passwd[i] = strtol(ptr[1] + i*2, NULL, 16);
+ ptr[1][i*2 + 2] = c;
+ }
+ } else
+#endif
+ {
+ pd->passwd = _strdup(ptr[1]);
+ if (!pd->passwd) {
+ log_emerg("chap-secrets: out of memory\n");
+ _free(pd);
+ goto out;
+ }
}
pd->ip.addr = conf_gw_ip_address;
@@ -234,6 +303,11 @@ static char* get_passwd(struct pwdb_t *pwdb, struct ap_session *ses, const char
{
struct cs_pd_t *pd = find_pd(ses);
+#ifdef CRYPTO_OPENSSL
+ if (conf_encrypted)
+ return NULL;
+#endif
+
if (!pd)
pd = create_pd(ses, username);
@@ -243,14 +317,390 @@ static char* get_passwd(struct pwdb_t *pwdb, struct ap_session *ses, const char
return _strdup(pd->passwd);
}
+#ifdef CRYPTO_OPENSSL
+static void des_encrypt(const uint8_t *input, const uint8_t *key, uint8_t *output)
+{
+ int i, j, parity;
+ union
+ {
+ uint64_t u64;
+ uint8_t buf[8];
+ } p_key;
+ DES_cblock cb;
+ DES_cblock res;
+ DES_key_schedule ks;
+
+ memcpy(p_key.buf, key, 7);
+ p_key.u64 = bswap_64(p_key.u64);
+
+ for (i = 0; i < 8; i++) {
+ cb[i] = (((p_key.u64 << (7 * i)) >> 56) & 0xfe);
+ for( j = 0, parity = 0; j < 7; j++)
+ if ((cb[i] >> (j + 1)) & 1)
+ parity++;
+ cb[i] |= (~parity) & 1;
+ }
+
+ DES_set_key_checked(&cb, &ks);
+ memcpy(cb, input, 8);
+ DES_ecb_encrypt(&cb, &res, &ks, DES_ENCRYPT);
+ memcpy(output, res, 8);
+}
+
+static int auth_pap(struct cs_pd_t *pd, const char *username, va_list args)
+{
+ const char *passwd = va_arg(args, const char *);
+ MD4_CTX md4_ctx;
+ unsigned char z_hash[21];
+ char *u_passwd;
+ int i, len = strlen(passwd);
+
+ u_passwd = _malloc(len * 2);
+ for (i = 0; i< len; i++) {
+ u_passwd[i * 2] = passwd[i];
+ u_passwd[i * 2 + 1] = 0;
+ }
+
+ memset(z_hash, 0, sizeof(z_hash));
+ MD4_Init(&md4_ctx);
+ MD4_Update(&md4_ctx, u_passwd, len * 2);
+ MD4_Final(z_hash, &md4_ctx);
+
+ _free(u_passwd);
+
+ /*des_encrypt(ad->val, z_hash, nt_hash);
+ des_encrypt(ad->val, z_hash + 7, nt_hash + 8);
+ des_encrypt(ad->val, z_hash + 14, nt_hash + 16);*/
+
+ if (memcmp(z_hash, pd->passwd, 16))
+ return PWDB_DENIED;
+
+ return PWDB_SUCCESS;
+}
+
+static int auth_chap_md5(struct cs_pd_t *pd, const char *username, va_list args)
+{
+ /*int id = va_arg(args, int);
+ uint8_t *challenge = va_arg(args, uint8_t *);
+ int challenge_len = va_arg(args, int);
+ uint8_t *response = va_arg(args, uint8_t *);*/
+
+ return PWDB_NO_IMPL;
+}
+
+static void derive_mppe_keys_mschap_v1(struct ap_session *ses, const uint8_t *z_hash, const uint8_t *challenge, int challenge_len)
+{
+ MD4_CTX md4_ctx;
+ SHA_CTX sha_ctx;
+ uint8_t digest[20];
+ struct ppp_t *ppp = container_of(ses, typeof(*ppp), ses);
+
+ struct ev_mppe_keys_t ev_mppe = {
+ .ppp = ppp,
+ .policy = -1,
+ .recv_key = digest,
+ .send_key = digest,
+ };
+
+ //NtPasswordHashHash
+ MD4_Init(&md4_ctx);
+ MD4_Update(&md4_ctx, z_hash, 16);
+ MD4_Final(digest, &md4_ctx);
+
+ //Get_Start_Key
+ SHA1_Init(&sha_ctx);
+ SHA1_Update(&sha_ctx, digest, 16);
+ SHA1_Update(&sha_ctx, digest, 16);
+ SHA1_Update(&sha_ctx, challenge, challenge_len);
+ SHA1_Final(digest, &sha_ctx);
+
+ triton_event_fire(EV_MPPE_KEYS, &ev_mppe);
+}
+
+int auth_mschap_v1(struct ap_session *ses, struct cs_pd_t *pd, const char *username, va_list args)
+{
+ int id __unused = va_arg(args, int);
+ const uint8_t *challenge = va_arg(args, const uint8_t *);
+ int challenge_len = va_arg(args, int);
+ const uint8_t *lm_response __unused = va_arg(args, const uint8_t *);
+ const uint8_t *nt_response = va_arg(args, const uint8_t *);
+ int flags __unused = va_arg(args, int);
+ uint8_t z_hash[21];
+ uint8_t nt_hash[24];
+
+ memcpy(z_hash, pd->passwd, 16);
+ memset(z_hash + 16, 0, sizeof(z_hash) - 16);
+
+ des_encrypt(challenge, z_hash, nt_hash);
+ des_encrypt(challenge, z_hash + 7, nt_hash + 8);
+ des_encrypt(challenge, z_hash + 14, nt_hash + 16);
+
+ if (memcmp(nt_hash, nt_response, 24))
+ return PWDB_DENIED;
+
+ if (ses->ctrl->ppp)
+ derive_mppe_keys_mschap_v1(ses, z_hash, challenge, challenge_len);
+
+ return PWDB_SUCCESS;
+}
+
+static void generate_mschap_response(const uint8_t *nt_response, const uint8_t *c_hash, const uint8_t *z_hash, char *authenticator)
+{
+ MD4_CTX md4_ctx;
+ SHA_CTX sha_ctx;
+ uint8_t pw_hash[MD4_DIGEST_LENGTH];
+ uint8_t response[SHA_DIGEST_LENGTH];
+ int i;
+
+ uint8_t magic1[39] =
+ {0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
+ 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
+ 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
+ 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74};
+ uint8_t magic2[41] =
+ {0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
+ 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
+ 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
+ 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
+ 0x6E};
+
+
+ MD4_Init(&md4_ctx);
+ MD4_Update(&md4_ctx, z_hash, 16);
+ MD4_Final(pw_hash, &md4_ctx);
+
+ SHA1_Init(&sha_ctx);
+ SHA1_Update(&sha_ctx, pw_hash, 16);
+ SHA1_Update(&sha_ctx, nt_response, 24);
+ SHA1_Update(&sha_ctx, magic1, 39);
+ SHA1_Final(response, &sha_ctx);
+
+ SHA1_Init(&sha_ctx);
+ SHA1_Update(&sha_ctx, response, 20);
+ SHA1_Update(&sha_ctx, c_hash, 8);
+ SHA1_Update(&sha_ctx, magic2, 41);
+ SHA1_Final(response, &sha_ctx);
+
+ for (i = 0; i < 20; i++)
+ sprintf(authenticator + i*2, "%02X", response[i]);
+}
+
+static void derive_mppe_keys_mschap_v2(struct ap_session *ses, const uint8_t *z_hash, const uint8_t *nt_hash)
+{
+ struct ppp_t *ppp = container_of(ses, typeof(*ppp), ses);
+ MD4_CTX md4_ctx;
+ SHA_CTX sha_ctx;
+ uint8_t digest[20];
+ uint8_t send_key[20];
+ uint8_t recv_key[20];
+
+ uint8_t pad1[40] =
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+
+ uint8_t pad2[40] =
+ {0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2};
+
+ uint8_t magic1[27] =
+ {0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
+ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
+ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79};
+
+ uint8_t magic2[84] =
+ {0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
+ 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
+ 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e};
+
+ uint8_t magic3[84] =
+ {0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
+ 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e};
+
+ struct ev_mppe_keys_t ev_mppe = {
+ .ppp = ppp,
+ .policy = -1,
+ .recv_key = recv_key,
+ .send_key = send_key,
+ };
+
+ //NtPasswordHashHash
+ MD4_Init(&md4_ctx);
+ MD4_Update(&md4_ctx, z_hash, 16);
+ MD4_Final(digest, &md4_ctx);
+
+ //GetMasterKey
+ SHA1_Init(&sha_ctx);
+ SHA1_Update(&sha_ctx, digest, 16);
+ SHA1_Update(&sha_ctx, nt_hash, 24);
+ SHA1_Update(&sha_ctx, magic1, sizeof(magic1));
+ SHA1_Final(digest, &sha_ctx);
+
+ //send key
+ SHA1_Init(&sha_ctx);
+ SHA1_Update(&sha_ctx, digest, 16);
+ SHA1_Update(&sha_ctx, pad1, sizeof(pad1));
+ SHA1_Update(&sha_ctx, magic3, sizeof(magic2));
+ SHA1_Update(&sha_ctx, pad2, sizeof(pad2));
+ SHA1_Final(send_key, &sha_ctx);
+
+ //recv key
+ SHA1_Init(&sha_ctx);
+ SHA1_Update(&sha_ctx, digest, 16);
+ SHA1_Update(&sha_ctx, pad1, sizeof(pad1));
+ SHA1_Update(&sha_ctx, magic2, sizeof(magic3));
+ SHA1_Update(&sha_ctx, pad2, sizeof(pad2));
+ SHA1_Final(recv_key, &sha_ctx);
+
+ triton_event_fire(EV_MPPE_KEYS, &ev_mppe);
+}
+
+int auth_mschap_v2(struct ap_session *ses, struct cs_pd_t *pd, const char *username, va_list args)
+{
+ int id __unused = va_arg(args, int);
+ const uint8_t *challenge = va_arg(args, const uint8_t *);
+ const uint8_t *peer_challenge = va_arg(args, const uint8_t *);
+ const uint8_t *reserved __unused = va_arg(args, const uint8_t *);
+ const uint8_t *response = va_arg(args, const uint8_t *);
+ int flags __unused = va_arg(args, int);
+ char *authenticator = va_arg(args, char *);
+ uint8_t z_hash[21];
+ uint8_t nt_hash[24];
+ uint8_t c_hash[SHA_DIGEST_LENGTH];
+ SHA_CTX sha_ctx;
+
+ SHA1_Init(&sha_ctx);
+ SHA1_Update(&sha_ctx, peer_challenge, 16);
+ SHA1_Update(&sha_ctx, challenge, 16);
+ SHA1_Update(&sha_ctx, username, strlen(username));
+ SHA1_Final(c_hash, &sha_ctx);
+
+ memcpy(z_hash, pd->passwd, 16);
+ memset(z_hash + 16, 0, sizeof(z_hash) - 16);
+
+ des_encrypt(c_hash, z_hash, nt_hash);
+ des_encrypt(c_hash, z_hash + 7, nt_hash + 8);
+ des_encrypt(c_hash, z_hash + 14, nt_hash + 16);
+
+ if (memcmp(nt_hash, response, 24))
+ return PWDB_DENIED;
+
+ if (ses->ctrl->ppp)
+ derive_mppe_keys_mschap_v2(ses, z_hash, response);
+
+ generate_mschap_response(response, c_hash, z_hash, authenticator);
+
+ return PWDB_SUCCESS;
+}
+
+static int check_passwd(struct pwdb_t *pwdb, struct ap_session *ses, const char *username, int type, va_list _args)
+{
+ va_list args;
+ int r = PWDB_NO_IMPL;
+ struct cs_pd_t *pd;
+
+ if (!conf_encrypted)
+ return PWDB_NO_IMPL;
+
+ pd = find_pd(ses);
+
+ if (!pd)
+ pd = create_pd(ses, username);
+
+ if (!pd)
+ return PWDB_NO_IMPL;
+
+ va_copy(args, _args);
+
+ switch (type) {
+ case PPP_PAP:
+ r = auth_pap(pd, username, args);
+ break;
+ case PPP_CHAP:
+ type = va_arg(args, int);
+ switch (type) {
+ case CHAP_MD5:
+ r = auth_chap_md5(pd, username, args);
+ break;
+ case MSCHAP_V1:
+ r = auth_mschap_v1(ses, pd, username, args);
+ break;
+ case MSCHAP_V2:
+ r = auth_mschap_v2(ses, pd, username, args);
+ break;
+ }
+ break;
+ }
+
+ va_end(args);
+
+ return r;
+}
+#endif
+
static struct ipdb_t ipdb = {
.get_ipv4 = get_ip,
};
static struct pwdb_t pwdb = {
.get_passwd = get_passwd,
+#ifdef CRYPTO_OPENSSL
+ .check = check_passwd,
+#endif
};
+#ifdef CRYPTO_OPENSSL
+static void clear_hash_chain(void)
+{
+ struct hash_chain *hc;
+
+ while (!list_empty(&hash_chain)) {
+ hc = list_entry(hash_chain.next, typeof(*hc), entry);
+ list_del(&hc->entry);
+ _free(hc);
+ }
+}
+
+static void parse_hash_chain(const char *opt)
+{
+ char *str = _strdup(opt);
+ char *ptr1 = str, *ptr2;
+ struct hash_chain *hc;
+ int f = 0;
+
+ while (!f) {
+ for (ptr2 = ptr1 + 1; *ptr2 && *ptr2 != ','; ptr2++);
+ f = *ptr2 == 0;
+ *ptr2 = 0;
+ hc = _malloc(sizeof(*hc));
+ hc->md = EVP_get_digestbyname(ptr1);
+ if (!hc->md) {
+ log_error("chap-secrets: digest '%s' is unavailable\n", ptr1);
+ _free(hc);
+ return;
+ }
+ list_add_tail(&hc->entry, &hash_chain);
+ ptr1 = ptr2 + 1;
+ }
+}
+#endif
+
static void load_config(void)
{
const char *opt;
@@ -266,6 +716,19 @@ static void load_config(void)
opt = conf_get_opt("chap-secrets", "gw-ip-address");
if (opt)
conf_gw_ip_address = inet_addr(opt);
+
+ opt = conf_get_opt("chap-secrets", "encrypted");
+ if (opt)
+ conf_encrypted = atoi(opt);
+ else
+ conf_encrypted = 0;
+
+#ifdef CRYPTO_OPENSSL
+ clear_hash_chain();
+ opt = conf_get_opt("chap-secrets", "username-hash");
+ if (opt)
+ parse_hash_chain(opt);
+#endif
}
static void init(void)
diff --git a/accel-pppd/extra/ippool.c b/accel-pppd/extra/ippool.c
index 62c56df1..88688073 100644
--- a/accel-pppd/extra/ippool.c
+++ b/accel-pppd/extra/ippool.c
@@ -6,14 +6,12 @@
#include <arpa/inet.h>
#include "events.h"
-#include "log.h"
+#include "ipdb.h"
#include "list.h"
#include "spinlock.h"
#include "backup.h"
#include "ap_session_backup.h"
-#include "ipdb.h"
-
#ifdef RADIUS
#include "radius.h"
#endif
@@ -29,7 +27,6 @@ struct ippool_t
struct list_head items;
uint32_t startip;
uint32_t endip;
- void (*generate)(struct ippool_t *);
spinlock_t lock;
};
@@ -63,7 +60,6 @@ struct ippool_t *create_pool(const char *name)
memset(p, 0, sizeof(*p));
if (name)
p->name = strdup(name);
-
INIT_LIST_HEAD(&p->gw_list);
INIT_LIST_HEAD(&p->tunnel_list);
INIT_LIST_HEAD(&p->items);
@@ -151,7 +147,7 @@ static int parse2(const char *str, uint32_t *begin, uint32_t *end)
return 0;
}
-static void add_range(struct ippool_t *p, struct list_head *list, const char *name, void (*generate)(struct ippool_t *))
+static void add_range(struct ippool_t *p, struct list_head *list, const char *name)
{
uint32_t i,startip, endip;
struct ipaddr_t *ip;
@@ -172,10 +168,9 @@ static void add_range(struct ippool_t *p, struct list_head *list, const char *na
p->startip = startip;
p->endip = endip;
- p->generate = generate;
}
-static void generate_pool_p2p(struct ippool_t *p)
+static void generate_pool(struct ippool_t *p)
{
struct ippool_item_t *it;
struct ipaddr_t *addr = NULL;
@@ -217,53 +212,6 @@ static void generate_pool_p2p(struct ippool_t *p)
}
}
-static void generate_pool_net30(struct ippool_t *p)
-{
- struct ippool_item_t *it;
- struct ipaddr_t *addr[4];
- int i;
-
- while (1) {
- memset(addr, 0, sizeof(addr));
-
- for (i = 0; i < 4; i++) {
- if (list_empty(&p->tunnel_list))
- break;
-
- addr[i] = list_entry(p->tunnel_list.next, typeof(*addr[i]), entry);
- list_del(&addr[i]->entry);
- }
-
- if (!addr[2])
- break;
-
-
- it = malloc(sizeof(*it));
- if (!it) {
- log_emerg("ippool: out of memory\n");
- break;
- }
-
- it->pool = p;
- it->it.owner = &ipdb;
- it->it.addr = addr[1]->addr;
- it->it.peer_addr = addr[2]->addr;
-
- list_add_tail(&it->entry, &p->items);
-
- for (i = 0; i < 4; i++) {
- if (addr[i])
- free(addr[i]);
- }
- }
-
- for (i = 0; i < 4; i++) {
- if (addr[i])
- free(addr[i]);
- }
-}
-
-
static struct ipv4db_item_t *get_ip(struct ap_session *ses)
{
struct ippool_item_t *it;
@@ -453,38 +401,17 @@ static int parse_vendor_opt(const char *opt)
}
#endif
-static void parse_options(const char *opt, char **pool_name, char **allocator)
+static void ippool_init1(void)
{
- char *ptr1, *ptr2;
- int len;
-
- ptr1 = strstr(opt, "name=");
- if (ptr1) {
- for (ptr2 = ptr1 + 5; *ptr2 && *ptr2 != ','; ptr2++);
- len = ptr2 - (ptr1 + 5);
- *pool_name = _malloc(len + 1);
- memcpy(*pool_name, ptr1 + 5, len);
- (*pool_name)[len] = 0;
- }
-
- ptr1 = strstr(opt, "allocator=");
- if (ptr1) {
- for (ptr2 = ptr1 + 10; *ptr2 && *ptr2 != ','; ptr2++);
- len = ptr2 - (ptr1 + 10);
- *allocator = _malloc(len + 1);
- memcpy(*allocator, ptr1 + 10, len);
- (*allocator)[len] = 0;
- }
+ ipdb_register(&ipdb);
}
-static void ippool_init(void)
+static void ippool_init2(void)
{
struct conf_sect_t *s = conf_get_section("ip-pool");
struct conf_option_t *opt;
struct ippool_t *p;
- char *pool_name = NULL;
- char *allocator = NULL;
- void (*generate)(struct ippool_t *pool);
+ char *pool_name;
if (!s)
return;
@@ -508,46 +435,26 @@ static void ippool_init(void)
if (!strcmp(opt->name, "gw-ip-address"))
parse_gw_ip_address(opt->val);
else {
- pool_name = NULL;
- allocator = NULL;
-
- parse_options(opt->raw, &pool_name, &allocator);
-
- if (allocator) {
- if (strcmp(allocator, "p2p") == 0)
- generate = generate_pool_p2p;
- else if (strcmp(allocator, "net30") == 0)
- generate = generate_pool_net30;
- else {
- log_error("ipool: '%s': unknown allocator\n", opt->raw);
- }
- } else
- generate = generate_pool_p2p;
+ if (opt->val)
+ pool_name = strchr(opt->val, ',');
+ else
+ pool_name = strchr(opt->name, ',');
- p = pool_name ? find_pool(pool_name, 1) : def_pool;
+ p = pool_name ? find_pool(pool_name + 1, 1) : def_pool;
if (!strcmp(opt->name, "gw"))
- add_range(p, &p->gw_list, opt->val, generate);
+ add_range(p, &p->gw_list, opt->val);
else if (!strcmp(opt->name, "tunnel"))
- add_range(p, &p->tunnel_list, opt->val, generate);
- else if (!opt->val || strchr(opt->name, ','))
- add_range(p, &p->tunnel_list, opt->name, generate);
-
- if (pool_name)
- _free(pool_name);
-
- if (allocator)
- _free(allocator);
+ add_range(p, &p->tunnel_list, opt->val);
+ else if (!opt->val)
+ add_range(p, &p->tunnel_list, opt->name);
}
}
-
- if (def_pool->generate)
- def_pool->generate(def_pool);
- list_for_each_entry(p, &pool_list, entry)
- p->generate(p);
+ generate_pool(def_pool);
- ipdb_register(&ipdb);
+ list_for_each_entry(p, &pool_list, entry)
+ generate_pool(p);
#ifdef USE_BACKUP
backup_register_module(&backup_mod);
@@ -559,5 +466,6 @@ static void ippool_init(void)
#endif
}
-DEFINE_INIT(51, ippool_init);
+DEFINE_INIT(51, ippool_init1);
+DEFINE_INIT2(52, ippool_init2);
diff --git a/accel-pppd/main.c b/accel-pppd/main.c
index 491e07db..8a75d5d2 100644
--- a/accel-pppd/main.c
+++ b/accel-pppd/main.c
@@ -35,6 +35,8 @@ static char *conf_dump;
static sigset_t orig_set;
#ifdef CRYPTO_OPENSSL
+#include <openssl/ssl.h>
+
static pthread_mutex_t *ssl_lock_cs;
static unsigned long ssl_thread_id(void)
@@ -57,6 +59,7 @@ static void openssl_init(void)
SSL_library_init();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
+ OpenSSL_add_all_digests();
ssl_lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
diff --git a/accel-pppd/ppp/CMakeLists.txt b/accel-pppd/ppp/CMakeLists.txt
index f4c0f04a..560f7759 100644
--- a/accel-pppd/ppp/CMakeLists.txt
+++ b/accel-pppd/ppp/CMakeLists.txt
@@ -11,6 +11,7 @@ SET(sources_c
ppp_ipcp.c
ipcp_opt_ipaddr.c
ipcp_opt_dns.c
+ ipcp_opt_wins.c
ppp_ccp.c
)
INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR})
diff --git a/accel-pppd/ppp/ipcp_opt_dns.c b/accel-pppd/ppp/ipcp_opt_dns.c
index 245960c7..bd5114ac 100644
--- a/accel-pppd/ppp/ipcp_opt_dns.c
+++ b/accel-pppd/ppp/ipcp_opt_dns.c
@@ -19,8 +19,8 @@ static void dns_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt);
static int dns_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr);
static int dns_send_conf_nak(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr);
static int dns_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr);
-static void dns1_print(void (*print)(const char *fmt,...),struct ipcp_option_t*, uint8_t *ptr);
-static void dns2_print(void (*print)(const char *fmt,...),struct ipcp_option_t*, uint8_t *ptr);
+static void dns1_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *, uint8_t *ptr);
+static void dns2_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *, uint8_t *ptr);
struct dns_option_t
{
@@ -28,49 +28,53 @@ struct dns_option_t
in_addr_t addr;
};
-static struct ipcp_option_handler_t dns1_opt_hnd=
+static struct ipcp_option_handler_t dns1_opt_hnd =
{
- .init=dns1_init,
- .send_conf_req=dns_send_conf_req,
- .send_conf_nak=dns_send_conf_nak,
- .recv_conf_req=dns_recv_conf_req,
- .free=dns_free,
- .print=dns1_print,
+ .init = dns1_init,
+ .send_conf_req = dns_send_conf_req,
+ .send_conf_nak = dns_send_conf_nak,
+ .recv_conf_req = dns_recv_conf_req,
+ .free = dns_free,
+ .print = dns1_print,
};
-static struct ipcp_option_handler_t dns2_opt_hnd=
+static struct ipcp_option_handler_t dns2_opt_hnd =
{
- .init=dns2_init,
- .send_conf_req=dns_send_conf_req,
- .send_conf_nak=dns_send_conf_nak,
- .recv_conf_req=dns_recv_conf_req,
- .free=dns_free,
- .print=dns2_print,
+ .init = dns2_init,
+ .send_conf_req = dns_send_conf_req,
+ .send_conf_nak = dns_send_conf_nak,
+ .recv_conf_req = dns_recv_conf_req,
+ .free = dns_free,
+ .print = dns2_print,
};
static struct ipcp_option_t *dns1_init(struct ppp_ipcp_t *ipcp)
{
- struct dns_option_t *dns_opt=_malloc(sizeof(*dns_opt));
- memset(dns_opt,0,sizeof(*dns_opt));
- dns_opt->opt.id=CI_DNS1;
- dns_opt->opt.len=6;
+ struct dns_option_t *dns_opt = _malloc(sizeof(*dns_opt));
+
+ memset(dns_opt, 0, sizeof(*dns_opt));
+ dns_opt->opt.id = CI_DNS1;
+ dns_opt->opt.len = 6;
+ dns_opt->addr = conf_dns1;
return &dns_opt->opt;
}
static struct ipcp_option_t *dns2_init(struct ppp_ipcp_t *ipcp)
{
- struct dns_option_t *dns_opt=_malloc(sizeof(*dns_opt));
- memset(dns_opt,0,sizeof(*dns_opt));
- dns_opt->opt.id=CI_DNS2;
- dns_opt->opt.len=6;
+ struct dns_option_t *dns_opt = _malloc(sizeof(*dns_opt));
+
+ memset(dns_opt, 0, sizeof(*dns_opt));
+ dns_opt->opt.id = CI_DNS2;
+ dns_opt->opt.len = 6;
+ dns_opt->addr = conf_dns2;
return &dns_opt->opt;
}
static void dns_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt)
{
- struct dns_option_t *dns_opt=container_of(opt,typeof(*dns_opt),opt);
+ struct dns_option_t *dns_opt = container_of(opt, typeof(*dns_opt), opt);
_free(dns_opt);
}
@@ -82,62 +86,59 @@ static int dns_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt,
static int dns_send_conf_nak(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr)
{
- struct dns_option_t *dns_opt=container_of(opt,typeof(*dns_opt),opt);
- struct ipcp_opt32_t *opt32=(struct ipcp_opt32_t*)ptr;
- opt32->hdr.id=dns_opt->opt.id;
- opt32->hdr.len=6;
- opt32->val=dns_opt->addr;
+ struct dns_option_t *dns_opt = container_of(opt, typeof(*dns_opt), opt);
+ struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr;
+ opt32->hdr.id = dns_opt->opt.id;
+ opt32->hdr.len = 6;
+ opt32->val = dns_opt->addr;
return 6;
}
static int dns_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr)
{
- struct dns_option_t *dns_opt=container_of(opt,typeof(*dns_opt),opt);
- struct ipcp_opt32_t *opt32=(struct ipcp_opt32_t*)ptr;
+ struct dns_option_t *dns_opt = container_of(opt, typeof(*dns_opt), opt);
+ struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr;
if (opt32->hdr.len != 6)
return IPCP_OPT_REJ;
- if (!dns_opt->addr)
- {
- if (dns_opt->opt.id == CI_DNS1 && conf_dns1) dns_opt->addr=conf_dns1;
- else if (dns_opt->opt.id == CI_DNS2 && conf_dns2) dns_opt->addr=conf_dns2;
-
- if (!dns_opt->addr)
- {
- dns_opt->addr=opt32->val;
- return IPCP_OPT_ACK;
- }
+ if (!dns_opt->addr) {
+ dns_opt->addr = opt32->val;
+ return IPCP_OPT_ACK;
}
- if (dns_opt->addr==opt32->val)
+ if (dns_opt->addr == opt32->val)
return IPCP_OPT_ACK;
return IPCP_OPT_NAK;
}
-static void dns1_print(void (*print)(const char *fmt,...),struct ipcp_option_t *opt, uint8_t *ptr)
+static void dns1_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *opt, uint8_t *ptr)
{
- struct dns_option_t *dns_opt=container_of(opt,typeof(*dns_opt),opt);
- struct ipcp_opt32_t *opt32=(struct ipcp_opt32_t*)ptr;
+ struct dns_option_t *dns_opt = container_of(opt, typeof(*dns_opt), opt);
+ struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr;
struct in_addr in;
- if (ptr) in.s_addr=opt32->val;
- else in.s_addr=dns_opt->addr;
+ if (ptr)
+ in.s_addr = opt32->val;
+ else
+ in.s_addr = dns_opt->addr;
- print("<dns1 %s>",inet_ntoa(in));
+ print("<dns1 %s>", inet_ntoa(in));
}
-static void dns2_print(void (*print)(const char *fmt,...),struct ipcp_option_t *opt, uint8_t *ptr)
+static void dns2_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *opt, uint8_t *ptr)
{
- struct dns_option_t *dns_opt=container_of(opt,typeof(*dns_opt),opt);
- struct ipcp_opt32_t *opt32=(struct ipcp_opt32_t*)ptr;
+ struct dns_option_t *dns_opt = container_of(opt, typeof(*dns_opt), opt);
+ struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr;
struct in_addr in;
- if (ptr) in.s_addr=opt32->val;
- else in.s_addr=dns_opt->addr;
+ if (ptr)
+ in.s_addr = opt32->val;
+ else
+ in.s_addr = dns_opt->addr;
- print("<dns2 %s>",inet_ntoa(in));
+ print("<dns2 %s>", inet_ntoa(in));
}
static void ev_dns(struct ev_dns_t *ev)
diff --git a/accel-pppd/ppp/ipcp_opt_wins.c b/accel-pppd/ppp/ipcp_opt_wins.c
index f65b945f..fd69a8cf 100644
--- a/accel-pppd/ppp/ipcp_opt_wins.c
+++ b/accel-pppd/ppp/ipcp_opt_wins.c
@@ -19,33 +19,31 @@ static void wins_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt);
static int wins_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr);
static int wins_send_conf_nak(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr);
static int wins_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr);
-static int wins_recv_conf_rej(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr);
-static void wins1_print(void (*print)(const char *fmt,...), struct ipcp_option_t*, uint8_t *ptr);
-static void wins2_print(void (*print)(const char *fmt,...), struct ipcp_option_t*, uint8_t *ptr);
+static void wins1_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *, uint8_t *ptr);
+static void wins2_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *, uint8_t *ptr);
struct wins_option_t
{
struct ipcp_option_t opt;
in_addr_t addr;
- int rejected;
};
-static struct ipcp_option_handler_t wins1_opt_hnd = {
+static struct ipcp_option_handler_t wins1_opt_hnd =
+{
.init = wins1_init,
.send_conf_req = wins_send_conf_req,
.send_conf_nak = wins_send_conf_nak,
.recv_conf_req = wins_recv_conf_req,
- .recv_conf_rej = wins_recv_conf_rej,
.free = wins_free,
.print = wins1_print,
};
-static struct ipcp_option_handler_t wins2_opt_hnd = {
+static struct ipcp_option_handler_t wins2_opt_hnd =
+{
.init = wins2_init,
.send_conf_req = wins_send_conf_req,
.send_conf_nak = wins_send_conf_nak,
.recv_conf_req = wins_recv_conf_req,
- .recv_conf_rej = wins_recv_conf_rej,
.free = wins_free,
.print = wins2_print,
};
@@ -53,9 +51,11 @@ static struct ipcp_option_handler_t wins2_opt_hnd = {
static struct ipcp_option_t *wins1_init(struct ppp_ipcp_t *ipcp)
{
struct wins_option_t *wins_opt = _malloc(sizeof(*wins_opt));
+
memset(wins_opt, 0, sizeof(*wins_opt));
wins_opt->opt.id = CI_WINS1;
wins_opt->opt.len = 6;
+ wins_opt->addr = conf_wins1;
return &wins_opt->opt;
}
@@ -63,33 +63,25 @@ static struct ipcp_option_t *wins1_init(struct ppp_ipcp_t *ipcp)
static struct ipcp_option_t *wins2_init(struct ppp_ipcp_t *ipcp)
{
struct wins_option_t *wins_opt = _malloc(sizeof(*wins_opt));
+
memset(wins_opt, 0, sizeof(*wins_opt));
wins_opt->opt.id = CI_WINS2;
wins_opt->opt.len = 6;
+ wins_opt->addr = conf_wins2;
return &wins_opt->opt;
}
static void wins_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt)
{
- struct wins_option_t *wins_opt=container_of(opt,typeof(*wins_opt),opt);
+ struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt);
_free(wins_opt);
}
static int wins_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr)
{
- struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt);
- struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr;
-
- if (!wins_opt->addr || wins_opt->rejected)
- return 0;
-
- opt32->hdr.id = wins_opt->opt.id;
- opt32->hdr.len = 6;
- opt32->val = 0;
-
- return 6;
+ return 0;
}
static int wins_send_conf_nak(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr)
@@ -105,21 +97,14 @@ static int wins_send_conf_nak(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt
static int wins_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr)
{
struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt);
- struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t*)ptr;
+ struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr;
if (opt32->hdr.len != 6)
return IPCP_OPT_REJ;
- if (!wins_opt->addr) {
- if (wins_opt->opt.id == CI_WINS1 && conf_wins1)
- wins_opt->addr=conf_wins1;
- else if (wins_opt->opt.id == CI_WINS2 && conf_wins2)
- wins_opt->addr=conf_wins2;
-
- if (!wins_opt->addr) {
- wins_opt->addr = opt32->val;
- return IPCP_OPT_ACK;
- }
+ if (!wins_opt->addr) {
+ wins_opt->addr = opt32->val;
+ return IPCP_OPT_ACK;
}
if (wins_opt->addr == opt32->val)
@@ -128,16 +113,7 @@ static int wins_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt
return IPCP_OPT_NAK;
}
-static int wins_recv_conf_rej(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr)
-{
- struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt);
-
- wins_opt->rejected = 1;
-
- return 0;
-}
-
-static void wins1_print(void (*print)(const char *fmt,...), struct ipcp_option_t *opt, uint8_t *ptr)
+static void wins1_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *opt, uint8_t *ptr)
{
struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt);
struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr;
@@ -151,7 +127,7 @@ static void wins1_print(void (*print)(const char *fmt,...), struct ipcp_option_t
print("<wins1 %s>", inet_ntoa(in));
}
-static void wins2_print(void (*print)(const char *fmt,...), struct ipcp_option_t *opt, uint8_t *ptr)
+static void wins2_print(void (*print)(const char *fmt, ...), struct ipcp_option_t *opt, uint8_t *ptr)
{
struct wins_option_t *wins_opt = container_of(opt, typeof(*wins_opt), opt);
struct ipcp_opt32_t *opt32 = (struct ipcp_opt32_t *)ptr;
diff --git a/accel-pppd/pwdb.c b/accel-pppd/pwdb.c
index f4440b8f..5626c2c9 100644
--- a/accel-pppd/pwdb.c
+++ b/accel-pppd/pwdb.c
@@ -22,11 +22,13 @@ int __export pwdb_check(struct ap_session *ses, const char *username, int type,
r = pwdb->check(pwdb, ses, username, type, args);
if (r == PWDB_NO_IMPL)
continue;
- if (r == PWDB_SUCCESS)
- return PWDB_SUCCESS;
res = r;
+ if (r == PWDB_SUCCESS)
+ break;
}
+ va_end(args);
+
return res;
}
__export char *pwdb_get_passwd(struct ap_session *ses, const char *username)
diff --git a/accel-pppd/pwdb.h b/accel-pppd/pwdb.h
index 8d8ab408..f7d62d6a 100644
--- a/accel-pppd/pwdb.h
+++ b/accel-pppd/pwdb.h
@@ -6,6 +6,10 @@
struct ap_session;
+#define CHAP_MD5 5
+#define MSCHAP_V1 0x80
+#define MSCHAP_V2 0x81
+
#define PWDB_SUCCESS 0
#define PWDB_DENIED 1
#define PWDB_NO_IMPL 2
diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c
index 9caf6f0f..5313fe18 100644
--- a/accel-pppd/radius/radius.c
+++ b/accel-pppd/radius/radius.c
@@ -19,10 +19,6 @@
#include "memdebug.h"
-#define CHAP_MD5 5
-#define MSCHAP_V1 0x80
-#define MSCHAP_V2 0x81
-
int conf_max_try = 3;
int conf_timeout = 3;
int conf_acct_timeout = 3;
diff --git a/accel-pppd/triton/log.c b/accel-pppd/triton/log.c
index 95304284..9226e117 100644
--- a/accel-pppd/triton/log.c
+++ b/accel-pppd/triton/log.c
@@ -59,6 +59,7 @@ void triton_log_error(const char *fmt,...)
va_start(ap, fmt);
do_log(f_error, fmt, ap);
+ va_end(ap);
}
void triton_log_debug(const char *fmt,...)
@@ -70,5 +71,6 @@ void triton_log_debug(const char *fmt,...)
va_start(ap, fmt);
do_log(f_debug, fmt, ap);
+ va_end(ap);
}
diff --git a/accel-pppd/triton/triton.h b/accel-pppd/triton/triton.h
index 98955dfc..e47eb369 100644
--- a/accel-pppd/triton/triton.h
+++ b/accel-pppd/triton/triton.h
@@ -128,6 +128,7 @@ void triton_terminate(void);
#define __init __attribute__((constructor))
#define __exit __attribute__((destructor))
#define __export __attribute__((visibility("default")))
+#define __unused __attribute__((unused))
#undef offsetof
#ifdef __compiler_offsetof
@@ -141,5 +142,6 @@ void triton_terminate(void);
(type *)( (char *)__mptr - offsetof(type,member) );})
#define DEFINE_INIT(o, func) static void __init __init__(void){triton_register_init(o,func);}
+#define DEFINE_INIT2(o, func) static void __init __init2__(void){triton_register_init(o,func);}
#endif