summaryrefslogtreecommitdiff
path: root/accel-pppd/auth
diff options
context:
space:
mode:
authorVladislav Grishenko <themiron@mail.ru>2022-05-13 15:44:34 +0500
committerVladislav Grishenko <themiron@mail.ru>2022-05-13 16:33:07 +0500
commit3c95746caceeebe38c3640ba8986d7b0c8eb7b91 (patch)
treeac32325f1f9c7fd6be9f9755fbe62fdc7027fd9f /accel-pppd/auth
parentc347e2fbb8ea489242b227fa3f4abc1d233f1a19 (diff)
downloadaccel-ppp-3c95746caceeebe38c3640ba8986d7b0c8eb7b91.tar.gz
accel-ppp-3c95746caceeebe38c3640ba8986d7b0c8eb7b91.zip
auth: discard unphased PAP Authenticate-Request packets
Per https://datatracker.ietf.org/doc/html/rfc1334#section-2.2.1: Implementation Note: Because the Authenticate-Ack might be lost, the authenticator MUST allow repeated Authenticate- Request packets after completing the Authentication phase. Protocol phase MUST return the same reply Code returned when the Authentication phase completed (the message portion MAY be different). Any Authenticate-Request packets received during any other phase MUST be silently discarded.
Diffstat (limited to 'accel-pppd/auth')
-rw-r--r--accel-pppd/auth/auth_pap.c23
1 files changed, 18 insertions, 5 deletions
diff --git a/accel-pppd/auth/auth_pap.c b/accel-pppd/auth/auth_pap.c
index 40921019..f31be8b4 100644
--- a/accel-pppd/auth/auth_pap.c
+++ b/accel-pppd/auth/auth_pap.c
@@ -43,6 +43,7 @@ struct pap_auth_data {
char *peer_id;
int req_id;
unsigned int started:1;
+ unsigned int active:1;
};
struct pap_hdr {
@@ -76,6 +77,10 @@ static struct auth_data_t* auth_data_init(struct ppp_t *ppp)
d->auth.len = 0;
d->ppp = ppp;
+ d->h.proto = PPP_PAP;
+ d->h.recv = pap_recv;
+ ppp_register_chan_handler(ppp, &d->h);
+
return &d->auth;
}
@@ -83,6 +88,11 @@ static void auth_data_free(struct ppp_t *ppp, struct auth_data_t *auth)
{
struct pap_auth_data *d = container_of(auth, typeof(*d), auth);
+ if (d->timeout.tpd)
+ triton_timer_del(&d->timeout);
+
+ ppp_unregister_handler(ppp, &d->h);
+
_free(d);
}
@@ -90,14 +100,12 @@ static int pap_start(struct ppp_t *ppp, struct auth_data_t *auth)
{
struct pap_auth_data *d = container_of(auth, typeof(*d), auth);
- d->h.proto = PPP_PAP;
- d->h.recv = pap_recv;
d->timeout.expire = pap_timeout;
d->timeout.period = conf_timeout * 1000;
triton_timer_add(ppp->ses.ctrl->ctx, &d->timeout, 0);
- ppp_register_chan_handler(ppp, &d->h);
+ d->active = 1;
return 0;
}
@@ -105,14 +113,14 @@ static int pap_finish(struct ppp_t *ppp, struct auth_data_t *auth)
{
struct pap_auth_data *d = container_of(auth, typeof(*d), auth);
+ d->active = 0;
+
if (d->timeout.tpd)
triton_timer_del(&d->timeout);
if (d->peer_id)
_free(d->peer_id);
- ppp_unregister_handler(ppp, &d->h);
-
return 0;
}
@@ -200,6 +208,11 @@ static int pap_recv_req(struct pap_auth_data *p, struct pap_hdr *hdr)
int passwd_len;
uint8_t *ptr = (uint8_t*)(hdr + 1);
+ if (!p->active) {
+ log_ppp_debug("PAP: unexpected packet received\n");
+ return 0;
+ }
+
if (p->timeout.tpd)
triton_timer_del(&p->timeout);