summaryrefslogtreecommitdiff
path: root/accel-pppd/ctrl/sstp
diff options
context:
space:
mode:
authorVladislav Grishenko <themiron@mail.ru>2018-06-03 23:12:07 +0500
committerVladislav Grishenko <themiron@mail.ru>2018-06-03 23:12:07 +0500
commitb990f248e336eff6e787356ed6d393ca8222374a (patch)
treeab032b2090fd49de2fef0814ac7a2c0046f2598c /accel-pppd/ctrl/sstp
parent6a08f5d4644780381e06a853162682a4788d9ed8 (diff)
downloadaccel-ppp-b990f248e336eff6e787356ed6d393ca8222374a.tar.gz
accel-ppp-b990f248e336eff6e787356ed6d393ca8222374a.zip
sstp: add disconnection reason logging
Diffstat (limited to 'accel-pppd/ctrl/sstp')
-rw-r--r--accel-pppd/ctrl/sstp/sstp.c25
1 files changed, 18 insertions, 7 deletions
diff --git a/accel-pppd/ctrl/sstp/sstp.c b/accel-pppd/ctrl/sstp/sstp.c
index 83176e7d..68bec394 100644
--- a/accel-pppd/ctrl/sstp/sstp.c
+++ b/accel-pppd/ctrl/sstp/sstp.c
@@ -1520,24 +1520,33 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct
return sstp_abort(conn, 0);
}
- if (conn->nonce && memcmp(msg->attr.nonce, conn->nonce, SSTP_NONCE_SIZE) != 0)
+ if (conn->nonce && memcmp(msg->attr.nonce, conn->nonce, SSTP_NONCE_SIZE) != 0) {
+ log_ppp_error("sstp: invalid Nonce");
return sstp_abort(conn, 0);
+ }
hash = msg->attr.hash_protocol_bitmask & conf_hash_protocol;
if (hash & CERT_HASH_PROTOCOL_SHA256) {
len = SHA256_DIGEST_LENGTH;
if (conf_hash_sha256.len == len &&
- memcmp(msg->attr.cert_hash, conf_hash_sha256.hash, len) != 0)
+ memcmp(msg->attr.cert_hash, conf_hash_sha256.hash, len) != 0) {
+ log_ppp_error("sstp: invalid SHA256 Cert Hash");
return sstp_abort(conn, 0);
+ }
evp = EVP_sha256();
} else if (hash & CERT_HASH_PROTOCOL_SHA1) {
len = SHA_DIGEST_LENGTH;
if (conf_hash_sha1.len == len &&
- memcmp(msg->attr.cert_hash, conf_hash_sha1.hash, len) != 0)
+ memcmp(msg->attr.cert_hash, conf_hash_sha1.hash, len) != 0) {
+ log_ppp_error("sstp: invalid SHA1 Cert Hash");
return sstp_abort(conn, 0);
+ }
evp = EVP_sha1();
- } else
+ } else {
+ log_ppp_error("sstp: invalid Hash Protocol 0x%02x\n",
+ msg->attr.hash_protocol_bitmask);
return sstp_abort(conn, 0);
+ }
if (conn->hlak_key) {
ptr = mempcpy(md, SSTP_CMK_SEED, SSTP_CMK_SEED_SIZE);
@@ -1551,8 +1560,10 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct
memset(buf.attr.compound_mac, 0, sizeof(buf.attr.compound_mac));
HMAC(evp, md, mdlen, (void *)&buf, sizeof(buf), buf.attr.compound_mac, &len);
- if (memcmp(msg->attr.compound_mac, buf.attr.compound_mac, len) != 0)
+ if (memcmp(msg->attr.compound_mac, buf.attr.compound_mac, len) != 0) {
+ log_ppp_error("sstp: invalid Compound MAC");
return sstp_abort(conn, 0);
+ }
}
conn->sstp_state = STATE_SERVER_CALL_CONNECTED;
@@ -1798,7 +1809,7 @@ static int sstp_recv_packet(struct sstp_conn_t *conn, struct sstp_hdr *hdr)
case SSTP_MSG_ECHO_RESPONSE:
return sstp_recv_msg_echo_response(conn);
default:
- log_ppp_warn("recv [SSTP unknown message type %04x]\n", ntohs(msg->message_type));
+ log_ppp_warn("recv [SSTP unknown message type 0x%04x]\n", ntohs(msg->message_type));
return 0;
}
}
@@ -1811,7 +1822,7 @@ static int sstp_handler(struct sstp_conn_t *conn, struct buffer_t *buf)
while (buf->len >= sizeof(*hdr)) {
hdr = (struct sstp_hdr *)buf->head;
if (hdr->version != SSTP_VERSION) {
- log_ppp_error("recv [SSTP invalid version]\n");
+ log_ppp_error("recv [SSTP invalid version 0x%02x]\n", hdr->version);
return -1;
}