summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitry Kozlov <xeb@mail.ru>2010-10-25 16:21:25 +0400
committerDmitry Kozlov <xeb@mail.ru>2010-10-25 16:21:25 +0400
commit788923a042b90bc5ff1922b9b46648c4f4c0218c (patch)
tree70ef58296a98960975d07dbeda504999396802ef
parent5d039c59acb58eb90f8d1256245b2c99aea129b0 (diff)
downloadaccel-ppp-788923a042b90bc5ff1922b9b46648c4f4c0218c.tar.gz
accel-ppp-788923a042b90bc5ff1922b9b46648c4f4c0218c.zip
implemented chap-secrets module which reads username,password and ip address from pppd compatible chap-secrets file
-rw-r--r--accel-pptpd/CMakeLists.txt10
-rw-r--r--accel-pptpd/accel-pptp.conf1
-rw-r--r--accel-pptpd/auth/auth_chap_md5.c1
-rw-r--r--accel-pptpd/auth/auth_mschap_v1.c3
-rw-r--r--accel-pptpd/auth/auth_mschap_v2.c4
-rw-r--r--accel-pptpd/auth/auth_pap.c3
-rw-r--r--accel-pptpd/extra/CMakeLists.txt3
-rw-r--r--accel-pptpd/extra/chap-secrets.c217
-rw-r--r--accel-pptpd/extra/pppd_compat.c17
-rw-r--r--accel-pptpd/extra/shaper_tbf.c24
10 files changed, 269 insertions, 14 deletions
diff --git a/accel-pptpd/CMakeLists.txt b/accel-pptpd/CMakeLists.txt
index 8a629cbf..270f0a6c 100644
--- a/accel-pptpd/CMakeLists.txt
+++ b/accel-pptpd/CMakeLists.txt
@@ -15,10 +15,18 @@ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -fvisibility=hidden -D_GNU_SOURCE -DGC
INCLUDE_DIRECTORIES(include)
+IF (NOT DEFINED RADIUS)
+ SET(RADIUS TRUE)
+ENDIF (NOT DEFINED RADIUS)
+
+IF (RADIUS)
+ ADD_DEFINITIONS("-DRADIUS")
+ ADD_SUBDIRECTORY(radius)
+ENDIF (RADIUS)
+
ADD_SUBDIRECTORY(triton)
ADD_SUBDIRECTORY(ctrl)
ADD_SUBDIRECTORY(auth)
-ADD_SUBDIRECTORY(radius)
ADD_SUBDIRECTORY(logs)
ADD_SUBDIRECTORY(extra)
diff --git a/accel-pptpd/accel-pptp.conf b/accel-pptpd/accel-pptp.conf
index 24b560a7..bff0f876 100644
--- a/accel-pptpd/accel-pptp.conf
+++ b/accel-pptpd/accel-pptp.conf
@@ -14,6 +14,7 @@ ippool
sigchld
pppd_compat
#shaper_tbf
+#chap-secrets
[core]
log-error=/var/log/accel-pptp/core.log
diff --git a/accel-pptpd/auth/auth_chap_md5.c b/accel-pptpd/auth/auth_chap_md5.c
index 0e22908c..a29cedb0 100644
--- a/accel-pptpd/auth/auth_chap_md5.c
+++ b/accel-pptpd/auth/auth_chap_md5.c
@@ -316,7 +316,6 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
auth_successed(ad->ppp, name);
}
}
- _free(name);
_free(passwd);
} else if (r == PWDB_DENIED) {
chap_send_failure(ad);
diff --git a/accel-pptpd/auth/auth_mschap_v1.c b/accel-pptpd/auth/auth_mschap_v1.c
index d1dccef0..d74f8e92 100644
--- a/accel-pptpd/auth/auth_mschap_v1.c
+++ b/accel-pptpd/auth/auth_mschap_v1.c
@@ -307,7 +307,8 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
r = pwdb_check(ad->ppp, name, PPP_CHAP, MSCHAP_V1, ad->id, ad->val, VALUE_SIZE, msg->lm_hash, msg->nt_hash, msg->flags);
if (r == PWDB_NO_IMPL)
- r = chap_check_response(ad, msg, name);
+ if (chap_check_response(ad, msg, name))
+ r = PWDB_DENIED;
if (r == PWDB_DENIED) {
chap_send_failure(ad);
diff --git a/accel-pptpd/auth/auth_mschap_v2.c b/accel-pptpd/auth/auth_mschap_v2.c
index 3b2da7b6..8e4a7c08 100644
--- a/accel-pptpd/auth/auth_mschap_v2.c
+++ b/accel-pptpd/auth/auth_mschap_v2.c
@@ -384,7 +384,9 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
if (r == PWDB_NO_IMPL) {
r = chap_check_response(ad, msg, name);
- if (generate_response(ad, msg, name, authenticator))
+ if (r)
+ r = PWDB_DENIED;
+ else if (generate_response(ad, msg, name, authenticator))
r = PWDB_DENIED;
}
diff --git a/accel-pptpd/auth/auth_pap.c b/accel-pptpd/auth/auth_pap.c
index e1b48bde..814d02db 100644
--- a/accel-pptpd/auth/auth_pap.c
+++ b/accel-pptpd/auth/auth_pap.c
@@ -170,7 +170,7 @@ static int pap_recv_req(struct pap_auth_data_t *p, struct pap_hdr_t *hdr)
int ret, r;
char *peer_id;
char *passwd;
- const char *passwd2;
+ char *passwd2;
int peer_id_len;
int passwd_len;
uint8_t *ptr = (uint8_t*)(hdr + 1);
@@ -204,6 +204,7 @@ static int pap_recv_req(struct pap_auth_data_t *p, struct pap_hdr_t *hdr)
r = PWDB_DENIED;
else
r = PWDB_SUCCESS;
+ _free(passwd2);
}
if (r == PWDB_DENIED) {
if (conf_ppp_verbose)
diff --git a/accel-pptpd/extra/CMakeLists.txt b/accel-pptpd/extra/CMakeLists.txt
index c354c043..dc55840e 100644
--- a/accel-pptpd/extra/CMakeLists.txt
+++ b/accel-pptpd/extra/CMakeLists.txt
@@ -1,8 +1,9 @@
ADD_LIBRARY(pppd_compat SHARED pppd_compat.c)
ADD_LIBRARY(ippool SHARED ippool.c)
ADD_LIBRARY(sigchld SHARED sigchld.c)
+ADD_LIBRARY(chap-secrets SHARED chap-secrets.c)
-INSTALL(TARGETS pppd_compat ippool sigchld
+INSTALL(TARGETS pppd_compat ippool sigchld chap-secrets
LIBRARY DESTINATION usr/lib/accel-pptp
)
diff --git a/accel-pptpd/extra/chap-secrets.c b/accel-pptpd/extra/chap-secrets.c
new file mode 100644
index 00000000..d60ceb79
--- /dev/null
+++ b/accel-pptpd/extra/chap-secrets.c
@@ -0,0 +1,217 @@
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "pwdb.h"
+#include "ipdb.h"
+#include "ppp.h"
+#include "events.h"
+#include "triton.h"
+#include "log.h"
+
+#include "memdebug.h"
+
+static const char *conf_chap_secrets = "/etc/ppp/chap-secrets";
+static in_addr_t conf_gw_ip_address = 0;
+
+static void *pd_key;
+static struct ipdb_t ipdb;
+
+struct cs_pd_t
+{
+ struct ppp_pd_t pd;
+ struct ipdb_item_t ip;
+ char *passwd;
+};
+
+static char *skip_word(char *ptr)
+{
+ for(; *ptr; ptr++)
+ if (*ptr == ' ' || *ptr == '\t' || *ptr == '\n')
+ break;
+ return ptr;
+}
+static char *skip_space(char *ptr)
+{
+ for(; *ptr; ptr++)
+ if (*ptr != ' ' && *ptr != '\t')
+ break;
+ return ptr;
+}
+static int split(char *buf, char **ptr)
+{
+ int i;
+
+ for (i = 0; i < 3; i++) {
+ buf = skip_word(buf);
+ if (!*buf)
+ return i;
+
+ *buf = 0;
+
+ buf = skip_space(buf + 1);
+ if (!*buf)
+ return i;
+
+ ptr[i] = buf;
+ }
+
+ buf = skip_word(buf);
+ //if (*buf == '\n')
+ *buf = 0;
+ //else if (*buf)
+ // return -1;
+
+ return i;
+}
+
+
+static struct cs_pd_t *create_pd(struct ppp_t *ppp, const char *username)
+{
+ FILE *f;
+ char *buf;
+ char *ptr[4];
+ int n;
+ struct cs_pd_t *pd;
+
+ if (!conf_chap_secrets)
+ return NULL;
+
+ f = fopen(conf_chap_secrets, "r");
+ if (!f) {
+ log_error("chap-secrets: open '%s': %s\n", conf_chap_secrets, strerror(errno));
+ return NULL;
+ }
+
+ buf = _malloc(4096);
+ if (!buf) {
+ log_emerg("chap-secrets: out of memory\n");
+ fclose(f);
+ return NULL;
+ }
+
+ while (fgets(buf, 4096, f)) {
+ n = split(buf, ptr);
+ if (n < 3)
+ continue;
+ if (!strcmp(buf, username))
+ goto found;
+ }
+
+out:
+ fclose(f);
+ _free(buf);
+ return NULL;
+
+found:
+ pd = _malloc(sizeof(*pd));
+ if (!pd) {
+ log_emerg("chap-secrets: out of memory\n");
+ goto out;
+ }
+
+ memset(pd, 0, sizeof(*pd));
+ pd->pd.key = &pd_key;
+ pd->passwd = _strdup(ptr[1]);
+ if (!pd->passwd) {
+ log_emerg("chap-secrets: out of memory\n");
+ _free(pd);
+ goto out;
+ }
+
+ pd->ip.addr = conf_gw_ip_address;
+ if (n == 3)
+ pd->ip.peer_addr = inet_addr(ptr[2]);
+ pd->ip.owner = &ipdb;
+
+ list_add_tail(&pd->pd.entry, &ppp->pd_list);
+
+ fclose(f);
+ _free(buf);
+
+ return pd;
+}
+
+static struct cs_pd_t *find_pd(struct ppp_t *ppp)
+{
+ struct ppp_pd_t *pd;
+
+ list_for_each_entry(pd, &ppp->pd_list, entry) {
+ if (pd->key == &pd_key) {
+ return container_of(pd, typeof(struct cs_pd_t), pd);
+ }
+ }
+
+ return NULL;
+}
+
+static void ev_ppp_finished(struct ppp_t *ppp)
+{
+ struct cs_pd_t *pd = find_pd(ppp);
+
+ if (!pd)
+ return;
+
+ list_del(&pd->pd.entry);
+ _free(pd->passwd);
+ _free(pd);
+}
+
+static struct ipdb_item_t *get_ip(struct ppp_t *ppp)
+{
+ struct cs_pd_t *pd;
+
+ if (!conf_gw_ip_address)
+ return NULL;
+
+ pd = find_pd(ppp);
+
+ if (!pd)
+ return NULL;
+
+ if (!pd->ip.addr)
+ return NULL;
+
+ return &pd->ip;
+}
+
+static char* get_passwd(struct pwdb_t *pwdb, struct ppp_t *ppp, const char *username)
+{
+ struct cs_pd_t *pd = find_pd(ppp);
+
+ if (!pd)
+ pd = create_pd(ppp, username);
+
+ if (!pd)
+ return NULL;
+
+ return _strdup(pd->passwd);
+}
+
+static struct ipdb_t ipdb = {
+ .get = get_ip,
+};
+
+static struct pwdb_t pwdb = {
+ .get_passwd = get_passwd,
+};
+
+static void __init init(void)
+{
+ const char *opt;
+
+ opt = conf_get_opt("chap-secrets", "chap-secrets");
+ if (opt)
+ conf_chap_secrets = opt;
+
+ opt = conf_get_opt("chap-secrets", "gw-ip-address");
+ if (opt)
+ conf_gw_ip_address = inet_addr(opt);
+
+ pwdb_register(&pwdb);
+ ipdb_register(&ipdb);
+
+ triton_event_register_handler(EV_PPP_FINISHED, (triton_event_func)ev_ppp_finished);
+}
diff --git a/accel-pptpd/extra/pppd_compat.c b/accel-pptpd/extra/pppd_compat.c
index db46dd47..d50c9290 100644
--- a/accel-pptpd/extra/pppd_compat.c
+++ b/accel-pptpd/extra/pppd_compat.c
@@ -15,10 +15,13 @@
#include "events.h"
#include "ppp.h"
#include "log.h"
-#include "radius.h"
#include "utils.h"
#include "sigchld.h"
+#ifdef RADIUS
+#include "radius.h"
+#endif
+
#include "memdebug.h"
static char *conf_ip_up = "/etc/ppp/ip-up";
@@ -38,18 +41,22 @@ struct pppd_compat_pd_t
struct sigchld_handler_t ip_up_hnd;
struct sigchld_handler_t ip_change_hnd;
struct sigchld_handler_t ip_down_hnd;
+#ifdef RADIUS
int radattr_saved:1;
+#endif
int started:1;
int res;
int bytes_sent;
int bytes_rcvd;
};
-static void remove_radattr(struct ppp_t *ppp);
static struct pppd_compat_pd_t *find_pd(struct ppp_t *ppp);
static void fill_argv(char **argv, struct ppp_t *ppp, char *path);
static void fill_env(char **env, struct pppd_compat_pd_t *pd);
+#ifdef RADIUS
+static void remove_radattr(struct ppp_t *ppp);
static void write_radattr(struct ppp_t *ppp, struct rad_packet_t *pack, int save_old);
+#endif
static void ip_pre_up_handler(struct sigchld_handler_t *h, int status)
{
@@ -287,13 +294,16 @@ static void ev_ppp_finished(struct ppp_t *ppp)
pthread_mutex_unlock(&pd->ip_up_hnd.lock);
skip:
+#ifdef RADIUS
if (pd->radattr_saved)
remove_radattr(ppp);
+#endif
list_del(&pd->pd.entry);
_free(pd);
}
+#ifdef RADIUS
static void ev_radius_access_accept(struct ev_radius_t *ev)
{
struct pppd_compat_pd_t *pd = find_pd(ev->ppp);
@@ -432,6 +442,7 @@ static void write_radattr(struct ppp_t *ppp, struct rad_packet_t *pack, int save
if (save_old)
_free(fname2);
}
+#endif
static struct pppd_compat_pd_t *find_pd(struct ppp_t *ppp)
{
@@ -506,7 +517,9 @@ static void __init init(void)
triton_event_register_handler(EV_PPP_STARTED, (triton_event_func)ev_ppp_started);
triton_event_register_handler(EV_PPP_FINISHING, (triton_event_func)ev_ppp_finishing);
triton_event_register_handler(EV_PPP_FINISHED, (triton_event_func)ev_ppp_finished);
+#ifdef RADIUS
triton_event_register_handler(EV_RADIUS_ACCESS_ACCEPT, (triton_event_func)ev_radius_access_accept);
triton_event_register_handler(EV_RADIUS_COA, (triton_event_func)ev_radius_coa);
+#endif
}
diff --git a/accel-pptpd/extra/shaper_tbf.c b/accel-pptpd/extra/shaper_tbf.c
index cd1a88a6..9c8e761d 100644
--- a/accel-pptpd/extra/shaper_tbf.c
+++ b/accel-pptpd/extra/shaper_tbf.c
@@ -18,9 +18,13 @@
#include "triton.h"
#include "events.h"
-#include "radius.h"
#include "log.h"
#include "ppp.h"
+
+#ifdef RADIUS
+#include "radius.h"
+#endif
+
#include "memdebug.h"
#define TIME_UNITS_PER_SEC 1000000
@@ -481,6 +485,7 @@ out_err:
return -1;
}
+#ifdef RADIUS
static int parse_attr(struct rad_attr_t *attr)
{
if (attr->attr->type == ATTR_TYPE_STRING)
@@ -560,6 +565,7 @@ static void ev_radius_coa(struct ev_radius_t *ev)
}
}
}
+#endif
static void ev_ctrl_finished(struct ppp_t *ppp)
{
@@ -606,6 +612,7 @@ static int clock_init(void)
return 0;
}
+#ifdef RADIUS
static int parse_attr_opt(const char *opt)
{
struct rad_dict_attr_t *attr;
@@ -616,6 +623,7 @@ static int parse_attr_opt(const char *opt)
return atoi(opt);
}
+#endif
static void __init init(void)
{
@@ -624,6 +632,7 @@ static void __init init(void)
if (clock_init())
return;
+#ifdef RADIUS
opt = conf_get_opt("tbf", "attr");
if (opt) {
conf_attr_down = parse_attr_opt(opt);
@@ -637,6 +646,12 @@ static void __init init(void)
opt = conf_get_opt("tbf", "attr-up");
if (opt)
conf_attr_up = parse_attr_opt(opt);
+
+ if (conf_attr_up <= 0 || conf_attr_down <= 0) {
+ log_emerg("tbf: incorrect attribute(s), tbf disabled...\n");
+ return;
+ }
+#endif
opt = conf_get_opt("tbf", "burst-factor");
if (opt)
@@ -654,13 +669,10 @@ static void __init init(void)
if (opt && atoi(opt) > 0)
conf_verbose = 1;
- if (conf_attr_up <= 0 || conf_attr_down <= 0) {
- log_emerg("tbf: incorrect attribute(s), tbf disabled...\n");
- return;
- }
-
+#ifdef RADIUS
triton_event_register_handler(EV_RADIUS_ACCESS_ACCEPT, (triton_event_func)ev_radius_access_accept);
triton_event_register_handler(EV_RADIUS_COA, (triton_event_func)ev_radius_coa);
+#endif
triton_event_register_handler(EV_CTRL_FINISHED, (triton_event_func)ev_ctrl_finished);
}