diff options
| -rw-r--r-- | accel-pppd/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | accel-pppd/accel-ppp.conf | 1 | ||||
| -rw-r--r-- | accel-pppd/accel-ppp.conf.5 | 4 | ||||
| -rw-r--r-- | accel-pppd/auth/auth_mschap_v1.c | 75 | ||||
| -rw-r--r-- | accel-pppd/auth/auth_mschap_v2.c | 123 | ||||
| -rw-r--r-- | accel-pppd/ctrl/pppoe/pppoe.c | 82 | ||||
| -rw-r--r-- | accel-pppd/extra/chap-secrets.c | 6 | ||||
| -rw-r--r-- | accel-pppd/extra/shaper_tbf.c | 39 | ||||
| -rw-r--r-- | accel-pppd/ppp/ccp_mppe.c | 32 | ||||
| -rw-r--r-- | accel-pppd/ppp/ppp_auth.c | 4 | ||||
| -rw-r--r-- | accel-pppd/ppp/ppp_ccp.c | 31 | ||||
| -rw-r--r-- | accel-pppd/ppp/ppp_ccp.h | 1 | ||||
| -rw-r--r-- | accel-pppd/ppp/ppp_fsm.c | 11 | ||||
| -rw-r--r-- | accel-pppd/ppp/ppp_ipcp.c | 17 | ||||
| -rw-r--r-- | accel-pppd/radius/auth.c | 18 | ||||
| -rw-r--r-- | cmake/cpack.cmake | 2 |
16 files changed, 265 insertions, 183 deletions
diff --git a/accel-pppd/CMakeLists.txt b/accel-pppd/CMakeLists.txt index c9d05f92..39d57944 100644 --- a/accel-pppd/CMakeLists.txt +++ b/accel-pppd/CMakeLists.txt @@ -24,7 +24,7 @@ IF (EXISTS ${CMAKE_HOME_DIRECTORY}/.git AND NOT DEFINED IGNORE_GIT) ) STRING(STRIP ${ACCEL_PPP_VERSION} ACCEL_PPP_VERSION) ELSE (EXISTS ${CMAKE_HOME_DIRECTORY}/.git AND NOT DEFINED IGNORE_GIT) - SET (ACCEL_PPP_VERSION 1.3.6) + SET (ACCEL_PPP_VERSION 1.3.7) ENDIF (EXISTS ${CMAKE_HOME_DIRECTORY}/.git AND NOT DEFINED IGNORE_GIT) ADD_DEFINITIONS(-DACCEL_PPP_VERSION="${ACCEL_PPP_VERSION}") diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf index c566a504..1630ae17 100644 --- a/accel-pppd/accel-ppp.conf +++ b/accel-pppd/accel-ppp.conf @@ -47,6 +47,7 @@ interface=eth0 #pado-delay=0 #pado-delay=0,100:100,200:200,-1:500 #ifname-in-sid=called-sid +#tr101=1 verbose=1 [l2tp] diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5 index eadb5bc9..76c32a70 100644 --- a/accel-pppd/accel-ppp.conf.5 +++ b/accel-pppd/accel-ppp.conf.5 @@ -216,6 +216,10 @@ If this option is given and .B n is greater of zero then pppoe module will produce verbose logging. .TP +.TP +.BI "tr101=" 0|1 +Specifies whether to handle TR101 tags. +.TP .SH [l2tp] .br Configuration of L2TP module. diff --git a/accel-pppd/auth/auth_mschap_v1.c b/accel-pppd/auth/auth_mschap_v1.c index 8764dfdd..10d5fe8e 100644 --- a/accel-pppd/auth/auth_mschap_v1.c +++ b/accel-pppd/auth/auth_mschap_v1.c @@ -31,15 +31,15 @@ #define VALUE_SIZE 8 #define RESPONSE_VALUE_SIZE (24+24+1) -#define MSG_FAILURE "E=691 R=0" -#define MSG_SUCCESS "Authentication successed" - #define HDR_LEN (sizeof(struct chap_hdr_t)-2) static int conf_timeout = 5; static int conf_interval = 0; static int conf_max_failure = 3; static int conf_any_login = 0; +static char *conf_msg_failure = "E=691 R=0"; +static char *conf_msg_success = "Authentication successed"; +; static int urandom_fd; @@ -69,19 +69,6 @@ struct chap_response_t char name[0]; } __attribute__((packed)); -struct chap_failure_t -{ - struct chap_hdr_t hdr; - char message[sizeof(MSG_FAILURE)]; -} __attribute__((packed)); - -struct chap_success_t -{ - struct chap_hdr_t hdr; - char message[sizeof(MSG_SUCCESS)]; -} __attribute__((packed)); - - struct chap_auth_data_t { struct auth_data_t auth; @@ -210,36 +197,38 @@ static int lcp_recv_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t * return LCP_OPT_NAK; } -static void chap_send_failure(struct chap_auth_data_t *ad) +static void chap_send_failure(struct chap_auth_data_t *ad, char *mschap_error) { - struct chap_failure_t msg = { - .hdr.proto = htons(PPP_CHAP), - .hdr.code = CHAP_FAILURE, - .hdr.id = ad->id, - .hdr.len = htons(sizeof(msg)-1-2), - .message = MSG_FAILURE, - }; - + struct chap_hdr_t *hdr = _malloc(sizeof(*hdr) + strlen(mschap_error) + 1); + hdr->proto = htons(PPP_CHAP); + hdr->code = CHAP_FAILURE; + hdr->id = ad->id; + hdr->len = htons(HDR_LEN + strlen(mschap_error)); + strcpy((char *)(hdr + 1), mschap_error); + if (conf_ppp_verbose) - log_ppp_info2("send [MSCHAP-v1 Failure id=%x \"%s\"]\n", msg.hdr.id, MSG_FAILURE); + log_ppp_info2("send [MSCHAP-v1 Failure id=%x \"%s\"]\n", hdr->id, mschap_error); + + ppp_chan_send(ad->ppp, hdr, ntohs(hdr->len) + 2); - ppp_chan_send(ad->ppp,&msg,ntohs(msg.hdr.len)+2); + _free(hdr); } static void chap_send_success(struct chap_auth_data_t *ad) { - struct chap_success_t msg = { - .hdr.proto = htons(PPP_CHAP), - .hdr.code = CHAP_SUCCESS, - .hdr.id = ad->id, - .hdr.len = htons(sizeof(msg)-1-2), - .message = MSG_SUCCESS, - }; + struct chap_hdr_t *hdr = _malloc(sizeof(*hdr) + strlen(conf_msg_success) + 1); + hdr->proto = htons(PPP_CHAP); + hdr->code = CHAP_SUCCESS; + hdr->id = ad->id; + hdr->len = htons(HDR_LEN + strlen(conf_msg_success)); + strcpy((char *)(hdr + 1), conf_msg_success); if (conf_ppp_verbose) - log_ppp_info2("send [MSCHAP-v1 Success id=%x \"%s\"]\n", msg.hdr.id, MSG_SUCCESS); + log_ppp_info2("send [MSCHAP-v1 Success id=%x \"%s\"]\n", hdr->id, conf_msg_success); - ppp_chan_send(ad->ppp, &msg, ntohs(msg.hdr.len) + 2); + ppp_chan_send(ad->ppp, hdr, ntohs(hdr->len) + 2); + + _free(hdr); } static void chap_send_challenge(struct chap_auth_data_t *ad) @@ -271,6 +260,7 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h { struct chap_response_t *msg = (struct chap_response_t*)hdr; char *name; + char *mschap_error = conf_msg_failure; int r; if (ad->timeout.tpd) @@ -313,7 +303,7 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h if (conf_any_login) { if (ppp_auth_successed(ad->ppp, name)) { - chap_send_failure(ad); + chap_send_failure(ad, mschap_error); ppp_terminate(ad->ppp, TERM_AUTH_ERROR, 0); _free(name); return; @@ -323,13 +313,13 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h return; } - r = pwdb_check(ad->ppp, name, PPP_CHAP, MSCHAP_V1, ad->id, ad->val, VALUE_SIZE, msg->lm_hash, msg->nt_hash, msg->flags); + r = pwdb_check(ad->ppp, name, PPP_CHAP, MSCHAP_V1, ad->id, ad->val, VALUE_SIZE, msg->lm_hash, msg->nt_hash, msg->flags, &mschap_error); if (r == PWDB_NO_IMPL) if (chap_check_response(ad, msg, name)) r = PWDB_DENIED; if (r == PWDB_DENIED) { - chap_send_failure(ad); + chap_send_failure(ad, mschap_error); if (ad->started) ppp_terminate(ad->ppp, TERM_AUTH_ERROR, 0); else @@ -338,7 +328,7 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h } else { if (!ad->started) { if (ppp_auth_successed(ad->ppp, name)) { - chap_send_failure(ad); + chap_send_failure(ad, mschap_error); ppp_terminate(ad->ppp, TERM_AUTH_ERROR, 0); _free(name); } else { @@ -396,7 +386,7 @@ static int chap_check_response(struct chap_auth_data_t *ad, struct chap_response if (!passwd) { if (conf_ppp_verbose) log_ppp_warn("mschap-v1: user not found\n"); - chap_send_failure(ad); + chap_send_failure(ad, conf_msg_failure); return PWDB_DENIED; } @@ -436,8 +426,7 @@ static void set_mppe_keys(struct chap_auth_data_t *ad, uint8_t *z_hash) struct ev_mppe_keys_t ev_mppe = { .ppp = ad->ppp, - .type = 1 << 2, - .policy = 1, + .policy = -1, .recv_key = digest, .send_key = digest, }; diff --git a/accel-pppd/auth/auth_mschap_v2.c b/accel-pppd/auth/auth_mschap_v2.c index f7407e80..ebcffb7a 100644 --- a/accel-pppd/auth/auth_mschap_v2.c +++ b/accel-pppd/auth/auth_mschap_v2.c @@ -31,14 +31,14 @@ #define VALUE_SIZE 16 #define RESPONSE_VALUE_SIZE (16+8+24+1) -#define MSG_FAILURE "E=691 R=0 C=cccccccccccccccccccccccccccccccc V=3 M=Authentication failure" -#define MSG_SUCCESS "S=cccccccccccccccccccccccccccccccccccccccc M=Authentication successed" - #define HDR_LEN (sizeof(struct chap_hdr_t)-2) static int conf_timeout = 5; static int conf_interval = 0; static int conf_max_failure = 3; +static char *conf_msg_failure = "E=691 R=0 V=3"; +static char *conf_msg_failure2 = "Authentication failure"; +static char *conf_msg_success = "Authentication successed"; static int urandom_fd; @@ -69,19 +69,6 @@ struct chap_response_t char name[0]; } __attribute__((packed)); -struct chap_failure_t -{ - struct chap_hdr_t hdr; - char message[sizeof(MSG_FAILURE)]; -} __attribute__((packed)); - -struct chap_success_t -{ - struct chap_hdr_t hdr; - char message[sizeof(MSG_SUCCESS)]; -} __attribute__((packed)); - - struct chap_auth_data_t { struct auth_data_t auth; @@ -211,20 +198,40 @@ static int lcp_recv_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t * return LCP_OPT_NAK; } -static void chap_send_failure(struct chap_auth_data_t *ad) +static void chap_send_failure(struct chap_auth_data_t *ad, char *mschap_error, char *reply_msg) { - struct chap_failure_t msg = { - .hdr.proto = htons(PPP_CHAP), - .hdr.code = CHAP_FAILURE, - .hdr.id = ad->id, - .hdr.len = htons(sizeof(msg) - 1 - 2), - .message = MSG_FAILURE, - }; + struct chap_hdr_t *hdr = _malloc(sizeof(*hdr) + strlen(mschap_error) + strlen(reply_msg) + 4); + hdr->proto = htons(PPP_CHAP); + hdr->code = CHAP_FAILURE; + hdr->id = ad->id; + hdr->len = htons(HDR_LEN + strlen(mschap_error) + strlen(reply_msg) + 3); + + sprintf((char *)(hdr + 1), "%s M=%s", mschap_error, reply_msg); if (conf_ppp_verbose) - log_ppp_info2("send [MSCHAP-v2 Failure id=%x \"%s\"]\n", msg.hdr.id, MSG_FAILURE); + log_ppp_info2("send [MSCHAP-v2 Failure id=%x \"%s\"]\n", hdr->id, hdr + 1); - ppp_chan_send(ad->ppp, &msg, ntohs(msg.hdr.len) + 2); + ppp_chan_send(ad->ppp, hdr, ntohs(hdr->len) + 2); + + _free(hdr); +} + +static void chap_send_success(struct chap_auth_data_t *ad, struct chap_response_t *res_msg, const char *authenticator) +{ + struct chap_hdr_t *hdr = _malloc(sizeof(*hdr) + strlen(conf_msg_success) + 1 + 45); + hdr->proto = htons(PPP_CHAP), + hdr->code = CHAP_SUCCESS, + hdr->id = ad->id, + hdr->len = htons(HDR_LEN + strlen(conf_msg_success) + 45), + + sprintf((char *)(hdr + 1), "S=%s M=%s", authenticator, conf_msg_success); + + if (conf_ppp_verbose) + log_ppp_info2("send [MSCHAP-v2 Success id=%x \"%s\"]\n", hdr->id, hdr + 1); + + ppp_chan_send(ad->ppp, hdr, ntohs(hdr->len) + 2); + + _free(hdr); } static int generate_response(struct chap_auth_data_t *ad, struct chap_response_t *msg, const char *name, char *authenticator) @@ -297,24 +304,6 @@ static int generate_response(struct chap_auth_data_t *ad, struct chap_response_t return 0; } -static void chap_send_success(struct chap_auth_data_t *ad, struct chap_response_t *res_msg, const char *authenticator) -{ - struct chap_success_t msg = { - .hdr.proto = htons(PPP_CHAP), - .hdr.code = CHAP_SUCCESS, - .hdr.id = ad->id, - .hdr.len = htons(sizeof(msg) - 1 - 2), - .message = MSG_SUCCESS, - }; - - memcpy(msg.message + 2, authenticator, 40); - - if (conf_ppp_verbose) - log_ppp_info2("send [MSCHAP-v2 Success id=%x \"%s\"]\n", msg.hdr.id, msg.message); - - ppp_chan_send(ad->ppp, &msg, ntohs(msg.hdr.len) + 2); -} - static void chap_send_challenge(struct chap_auth_data_t *ad) { struct chap_challenge_t msg = { @@ -346,6 +335,10 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h char *name; char authenticator[41]; int r; + char *mschap_error = conf_msg_failure; + char *reply_msg = conf_msg_failure2; + + authenticator[40] = 0; if (ad->timeout.tpd) triton_timer_del(&ad->timeout); @@ -368,7 +361,7 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h if (msg->val_size != RESPONSE_VALUE_SIZE) { log_ppp_error("mschap-v2: incorrect value-size (%i)\n", msg->val_size); - chap_send_failure(ad); + chap_send_failure(ad, mschap_error, reply_msg); if (ad->started) ppp_terminate(ad->ppp, TERM_USER_ERROR, 0); else @@ -386,9 +379,9 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h return; } - r = pwdb_check(ad->ppp, name, PPP_CHAP, MSCHAP_V2, ad->id, ad->val, msg->peer_challenge, msg->reserved, msg->nt_hash, msg->flags, authenticator); + r = pwdb_check(ad->ppp, name, PPP_CHAP, MSCHAP_V2, ad->id, ad->val, msg->peer_challenge, msg->reserved, msg->nt_hash, msg->flags, authenticator, &mschap_error, &reply_msg); - if (r == PWDB_NO_IMPL) { + if (r == PWDB_NO_IMPL) { r = chap_check_response(ad, msg, name); if (r) r = PWDB_DENIED; @@ -397,7 +390,7 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h } if (r == PWDB_DENIED) { - chap_send_failure(ad); + chap_send_failure(ad, mschap_error, reply_msg); if (ad->started) ppp_terminate(ad->ppp, TERM_AUTH_ERROR, 0); else @@ -406,7 +399,7 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h } else { if (!ad->started) { if (ppp_auth_successed(ad->ppp, name)) { - chap_send_failure(ad); + chap_send_failure(ad, mschap_error, reply_msg); ppp_terminate(ad->ppp, TERM_AUTH_ERROR, 0); _free(name); } else { @@ -466,38 +459,37 @@ static int chap_check_response(struct chap_auth_data_t *ad, struct chap_response if (!passwd) { if (conf_ppp_verbose) log_ppp_warn("mschap-v2: user not found\n"); - chap_send_failure(ad); + chap_send_failure(ad, conf_msg_failure, conf_msg_failure2); return -1; } - u_passwd=_malloc(strlen(passwd)*2); - for(i=0; i<strlen(passwd); i++) - { + u_passwd = _malloc(strlen(passwd) * 2); + for (i = 0; i < strlen(passwd); i++) { u_passwd[i*2]=passwd[i]; u_passwd[i*2+1]=0; } SHA1_Init(&sha_ctx); - SHA1_Update(&sha_ctx,msg->peer_challenge,16); - SHA1_Update(&sha_ctx,ad->val,16); - SHA1_Update(&sha_ctx,name,strlen(name)); - SHA1_Final(c_hash,&sha_ctx); + SHA1_Update(&sha_ctx, msg->peer_challenge, 16); + SHA1_Update(&sha_ctx, ad->val, 16); + SHA1_Update(&sha_ctx, name, strlen(name)); + SHA1_Final(c_hash, &sha_ctx); - memset(z_hash,0,sizeof(z_hash)); + memset(z_hash, 0, sizeof(z_hash)); MD4_Init(&md4_ctx); - MD4_Update(&md4_ctx,u_passwd,strlen(passwd)*2); - MD4_Final(z_hash,&md4_ctx); + MD4_Update(&md4_ctx, u_passwd, strlen(passwd) * 2); + MD4_Final(z_hash, &md4_ctx); - des_encrypt(c_hash,z_hash,nt_hash); - des_encrypt(c_hash,z_hash+7,nt_hash+8); - des_encrypt(c_hash,z_hash+14,nt_hash+16); + des_encrypt(c_hash, z_hash, nt_hash); + des_encrypt(c_hash, z_hash + 7, nt_hash + 8); + des_encrypt(c_hash, z_hash + 14, nt_hash + 16); set_mppe_keys(ad, z_hash, msg->nt_hash); _free(passwd); _free(u_passwd); - return memcmp(nt_hash,msg->nt_hash,24); + return memcmp(nt_hash, msg->nt_hash, 24); } static void set_mppe_keys(struct chap_auth_data_t *ad, uint8_t *z_hash, uint8_t *nt_hash) @@ -549,8 +541,7 @@ static void set_mppe_keys(struct chap_auth_data_t *ad, uint8_t *z_hash, uint8_t struct ev_mppe_keys_t ev_mppe = { .ppp = ad->ppp, - .type = 1 << 2, - .policy = 1, + .policy = -1, .recv_key = recv_key, .send_key = send_key, }; diff --git a/accel-pppd/ctrl/pppoe/pppoe.c b/accel-pppd/ctrl/pppoe/pppoe.c index cd1d2560..fb288657 100644 --- a/accel-pppd/ctrl/pppoe/pppoe.c +++ b/accel-pppd/ctrl/pppoe/pppoe.c @@ -69,6 +69,7 @@ char *conf_service_name; char *conf_ac_name; int conf_ifname_in_sid; char *conf_pado_delay; +int conf_tr101 = 1; static mempool_t conn_pool; static mempool_t pado_pool; @@ -857,7 +858,8 @@ static void pppoe_recv_PADR(struct pppoe_serv_t *serv, uint8_t *pack, int size) continue; vendor_id = ntohl(*(uint32_t *)tag->tag_data); if (vendor_id == VENDOR_ADSL_FORUM) - tr101_tag = tag; + if (conf_tr101) + tr101_tag = tag; break; } } @@ -1241,6 +1243,56 @@ static int init_secret(struct pppoe_serv_t *serv) return 0; } +static void load_config(void) +{ + char *opt; + + opt = conf_get_opt("pppoe", "verbose"); + if (opt) + conf_verbose = atoi(opt); + + opt = conf_get_opt("pppoe", "ac-name"); + if (!opt) + opt = conf_get_opt("pppoe", "AC-Name"); + if (opt) { + if (conf_ac_name) + _free(conf_ac_name); + conf_ac_name = _strdup(opt); + } else + conf_ac_name = _strdup("accel-ppp"); + + opt = conf_get_opt("pppoe", "service-name"); + if (!opt) + opt = conf_get_opt("pppoe", "Service-Name"); + if (opt) { + if (conf_service_name) + _free(conf_service_name); + conf_service_name = _strdup(opt); + } + + opt = conf_get_opt("pppoe", "ifname-in-sid"); + if (opt) { + if (!strcmp(opt, "called-sid")) + conf_ifname_in_sid = 1; + else if (!strcmp(opt, "calling-sid")) + conf_ifname_in_sid = 2; + else if (!strcmp(opt, "both")) + conf_ifname_in_sid = 3; + else if (atoi(opt) >= 0) + conf_ifname_in_sid = atoi(opt); + } + + opt = conf_get_opt("pppoe", "pado-delay"); + if (!opt) + opt = conf_get_opt("pppoe", "PADO-Delay"); + if (opt) + dpado_parse(opt); + + opt = conf_get_opt("pppoe", "tr101"); + if (opt) + conf_tr101 = atoi(opt); +} + static void pppoe_init(void) { struct conf_sect_t *s = conf_get_section("pppoe"); @@ -1258,34 +1310,12 @@ static void pppoe_init(void) if (!strcmp(opt->name, "interface")) { if (opt->val) pppoe_server_start(opt->val, NULL); - } else if (!strcmp(opt->name, "verbose")) { - if (atoi(opt->val) > 0) - conf_verbose = 1; - } else if (!strcmp(opt->name, "ac-name") || !strcmp(opt->name, "AC-Name")) { - if (opt->val && strlen(opt->val)) - conf_ac_name = _strdup(opt->val); - } else if (!strcmp(opt->name, "service-name") || !strcmp(opt->name, "Service-Name")) { - if (opt->val && strlen(opt->val)) - conf_service_name = _strdup(opt->val); - } else if (!strcmp(opt->name, "pado-delay") || !strcmp(opt->name, "PADO-delay")) { - if (dpado_parse(opt->val)) - _exit(EXIT_FAILURE); - } else if (!strcmp(opt->name, "ifname-in-sid")) { - if (!opt->val) - continue; - if (!strcmp(opt->val, "called-sid")) - conf_ifname_in_sid = 1; - else if (!strcmp(opt->val, "calling-sid")) - conf_ifname_in_sid = 2; - else if (!strcmp(opt->val, "both")) - conf_ifname_in_sid = 3; - else if (atoi(opt->val) >= 0) - conf_ifname_in_sid = atoi(opt->val); } } - if (!conf_ac_name) - conf_ac_name = _strdup("accel-ppp"); + load_config(); + + triton_event_register_handler(EV_CONFIG_RELOAD, (triton_event_func)load_config); } DEFINE_INIT(21, pppoe_init); diff --git a/accel-pppd/extra/chap-secrets.c b/accel-pppd/extra/chap-secrets.c index ee83bce5..20565b97 100644 --- a/accel-pppd/extra/chap-secrets.c +++ b/accel-pppd/extra/chap-secrets.c @@ -154,11 +154,11 @@ found: } pd->ip.addr = conf_gw_ip_address; - if (n >= 3) + if (n >= 3 && ptr[2][0] != '*') pd->ip.peer_addr = inet_addr(ptr[2]); pd->ip.owner = &ipdb; - if (n == 4) + if (n >= 4) pd->rate = _strdup(ptr[3]); list_add_tail(&pd->pd.entry, &ppp->pd_list); @@ -224,7 +224,7 @@ static struct ipdb_item_t *get_ip(struct ppp_t *ppp) if (!pd) return NULL; - if (!pd->ip.addr) + if (!pd->ip.peer_addr) return NULL; return &pd->ip; diff --git a/accel-pppd/extra/shaper_tbf.c b/accel-pppd/extra/shaper_tbf.c index 997b0e9f..60600276 100644 --- a/accel-pppd/extra/shaper_tbf.c +++ b/accel-pppd/extra/shaper_tbf.c @@ -48,6 +48,7 @@ static int temp_up_speed; static pthread_rwlock_t shaper_lock = PTHREAD_RWLOCK_INITIALIZER; static LIST_HEAD(shaper_list); +static pthread_mutex_t nl_lock = PTHREAD_MUTEX_INITIALIZER; static double tick_in_usec = 1; static double clock_factor = 1; @@ -384,11 +385,14 @@ static int install_shaper(const char *ifname, int down_speed, int down_burst, in strcpy(ifr.ifr_name, ifname); if (ioctl(sock_fd, SIOCGIFINDEX, &ifr)) { - log_ppp_error("tbf: ioctl(SIOCGIFINDEX)", strerror(errno)); + log_ppp_error("tbf: ioctl(SIOCGIFINDEX): %s\n", strerror(errno)); return -1; } + pthread_mutex_lock(&nl_lock); h = nl_socket_alloc(); + pthread_mutex_unlock(&nl_lock); + if (!h) { log_ppp_error("tbf: nl_socket_alloc failed\n"); return -1; @@ -396,7 +400,7 @@ static int install_shaper(const char *ifname, int down_speed, int down_burst, in err = nl_connect(h, NETLINK_ROUTE); if (err < 0) { - log_ppp_error("tbf: nl_connect: %s", strerror(errno)); + log_ppp_error("tbf: nl_connect: %s\n", strerror(errno)); goto out; } @@ -413,7 +417,10 @@ static int install_shaper(const char *ifname, int down_speed, int down_burst, in nl_close(h); out: + + pthread_mutex_lock(&nl_lock); nl_socket_free(h); + pthread_mutex_unlock(&nl_lock); return 0; } @@ -463,7 +470,7 @@ static int remove_shaper(const char *ifname) strcpy(ifr.ifr_name, ifname); if (ioctl(sock_fd, SIOCGIFINDEX, &ifr)) { - log_ppp_error("tbf: ioctl(SIOCGIFINDEX)", strerror(errno)); + log_ppp_error("tbf: ioctl(SIOCGIFINDEX): %s\n", strerror(errno)); return -1; } @@ -481,7 +488,10 @@ static int remove_shaper(const char *ifname) .tcm_parent = TC_H_INGRESS, }; + pthread_mutex_lock(&nl_lock); h = nl_socket_alloc(); + pthread_mutex_unlock(&nl_lock); + if (!h) { log_ppp_error("tbf: nl_socket_alloc failed\n"); return -1; @@ -489,9 +499,8 @@ static int remove_shaper(const char *ifname) err = nl_connect(h, NETLINK_ROUTE); if (err < 0) { - log_ppp_error("tbf: nl_connect: %s", strerror(errno)); - nl_socket_free(h); - return -1; + log_ppp_error("tbf: nl_connect: %s\n", strerror(errno)); + goto out_err1; } pmsg = nlmsg_alloc_simple(RTM_DELQDISC, NLM_F_CREATE | NLM_F_REPLACE); @@ -525,17 +534,25 @@ static int remove_shaper(const char *ifname) nlmsg_free(pmsg); nl_close(h); + + pthread_mutex_lock(&nl_lock); nl_socket_free(h); + pthread_mutex_unlock(&nl_lock); + return 0; out_err: - log_ppp_error("tbf: failed to remove shaper\n"); - if (pmsg) nlmsg_free(pmsg); nl_close(h); + +out_err1: + pthread_mutex_lock(&nl_lock); nl_socket_free(h); + pthread_mutex_unlock(&nl_lock); + + log_ppp_error("tbf: failed to remove shaper\n"); return -1; } @@ -978,6 +995,9 @@ static void update_shaper_tr(struct shaper_pd_t *pd) { struct time_range_pd_t *tr; + if (pd->ppp->terminating) + return; + list_for_each_entry(tr, &pd->tr_list, entry) { if (tr->id != time_range_id) continue; @@ -1003,8 +1023,7 @@ static void update_shaper_tr(struct shaper_pd_t *pd) } } else if (conf_verbose) - log_ppp_info2("tbf: removed shaper\n"); - + log_ppp_info2("tbf: removed shaper\n"); } static void time_range_begin_timer(struct triton_timer_t *t) diff --git a/accel-pppd/ppp/ccp_mppe.c b/accel-pppd/ppp/ccp_mppe.c index cdc8950a..ba86ef47 100644 --- a/accel-pppd/ppp/ccp_mppe.c +++ b/accel-pppd/ppp/ccp_mppe.c @@ -23,7 +23,9 @@ static struct ccp_option_t *mppe_init(struct ppp_ccp_t *ccp); static void mppe_free(struct ppp_ccp_t *ccp, struct ccp_option_t *opt); +static int __mppe_send_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr, int setup_key); static int mppe_send_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr); +static int mppe_send_conf_nak(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr); static int mppe_recv_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr); static int mppe_recv_conf_nak(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr); static int mppe_recv_conf_rej(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr); @@ -44,7 +46,7 @@ struct mppe_option_t static struct ccp_option_handler_t mppe_opt_hnd = { .init = mppe_init, .send_conf_req = mppe_send_conf_req, - .send_conf_nak = mppe_send_conf_req, + .send_conf_nak = mppe_send_conf_nak, .recv_conf_req = mppe_recv_conf_req, .recv_conf_nak = mppe_recv_conf_nak, .recv_conf_rej = mppe_recv_conf_rej, @@ -129,7 +131,7 @@ static int decrease_mtu(struct ppp_t *ppp) return 0; } -static int mppe_send_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr) +static int __mppe_send_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr, int setup_key) { struct mppe_option_t *mppe_opt = container_of(opt,typeof(*mppe_opt),opt); struct ccp_opt32_t *opt32 = (struct ccp_opt32_t*)ptr; @@ -139,7 +141,7 @@ static int mppe_send_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, u opt32->hdr.len = 6; opt32->val = mppe_opt->mppe ? htonl(MPPE_S | MPPE_H) : 0; - if (mppe_opt->mppe && setup_mppe_key(ccp->ppp->unit_fd, 0, mppe_opt->recv_key)) + if (setup_key && mppe_opt->mppe && setup_mppe_key(ccp->ppp->unit_fd, 0, mppe_opt->recv_key)) return 0; return 6; @@ -147,6 +149,17 @@ static int mppe_send_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, u return 0; } +static int mppe_send_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr) +{ + return __mppe_send_conf_req(ccp, opt, ptr, 1); +} + +static int mppe_send_conf_nak(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr) +{ + return __mppe_send_conf_req(ccp, opt, ptr, 0); +} + + static int mppe_recv_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr) { struct mppe_option_t *mppe_opt = container_of(opt, typeof(*mppe_opt), opt); @@ -167,7 +180,7 @@ static int mppe_recv_conf_req(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, u } else if (mppe_opt->policy == 1) { if (ntohl(opt32->val) == (MPPE_S | MPPE_H)) mppe_opt->mppe = 1; - else if (((ntohl(opt32->val) & (MPPE_S | MPPE_H)) == (MPPE_S | MPPE_H)) || conf_mppe == 1) { + else if ((ntohl(opt32->val) & (MPPE_S | MPPE_H)) || conf_mppe == 1) { mppe_opt->mppe = 1; return CCP_OPT_NAK; } else if (opt32->val) { @@ -258,14 +271,18 @@ static void ev_mppe_keys(struct ev_mppe_keys_t *ev) struct ppp_ccp_t *ccp = ccp_find_layer_data(ev->ppp); struct mppe_option_t *mppe_opt = container_of(ccp_find_option(ev->ppp, &mppe_opt_hnd), typeof(*mppe_opt), opt); + memcpy(mppe_opt->recv_key, ev->recv_key, 16); + memcpy(mppe_opt->send_key, ev->send_key, 16); + + if (ev->policy == -1) + return; + if ((ev->type & 0x04) == 0) { log_ppp_warn("mppe: 128-bit session keys not allowed, disabling mppe ...\n"); mppe_opt->mppe = 0; return; } - memcpy(mppe_opt->recv_key, ev->recv_key, 16); - memcpy(mppe_opt->send_key, ev->send_key, 16); mppe_opt->policy = ev->policy; if (ev->policy == 2) { @@ -276,6 +293,9 @@ static void ev_mppe_keys(struct ev_mppe_keys_t *ev) mppe_opt->mppe = 1; else mppe_opt->mppe = -1; + + if (conf_mppe == 2) + ccp->passive = 1; } } diff --git a/accel-pppd/ppp/ppp_auth.c b/accel-pppd/ppp/ppp_auth.c index 9a0587f7..b69c7599 100644 --- a/accel-pppd/ppp/ppp_auth.c +++ b/accel-pppd/ppp/ppp_auth.c @@ -28,6 +28,8 @@ static int auth_layer_start(struct ppp_layer_data_t *); static void auth_layer_finish(struct ppp_layer_data_t *); static void auth_layer_free(struct ppp_layer_data_t *); +static void __ppp_auth_started(struct ppp_t *ppp); + struct auth_option_t { struct lcp_option_t opt; @@ -296,6 +298,8 @@ static void auth_layer_free(struct ppp_layer_data_t *ld) log_ppp_debug("auth_layer_free\n"); + triton_cancel_call(ad->ppp->ctrl->ctx, (triton_event_func)__ppp_auth_started); + _free(ad); } diff --git a/accel-pppd/ppp/ppp_ccp.c b/accel-pppd/ppp/ppp_ccp.c index e59a0638..c277f9f9 100644 --- a/accel-pppd/ppp/ppp_ccp.c +++ b/accel-pppd/ppp/ppp_ccp.c @@ -32,6 +32,7 @@ static LIST_HEAD(option_handlers); static void ccp_layer_up(struct ppp_fsm_t*); static void ccp_layer_down(struct ppp_fsm_t*); +static void ccp_layer_finished(struct ppp_fsm_t*); static int send_conf_req(struct ppp_fsm_t*); static void send_conf_ack(struct ppp_fsm_t*); static void send_conf_nak(struct ppp_fsm_t*); @@ -116,7 +117,8 @@ static struct ppp_layer_data_t *ccp_layer_init(struct ppp_t *ppp) ccp->fsm.max_configure = conf_ccp_max_configure; ccp->fsm.layer_up = ccp_layer_up; - ccp->fsm.layer_finished = ccp_layer_down; + ccp->fsm.layer_finished = ccp_layer_finished; + ccp->fsm.layer_down = ccp_layer_down; ccp->fsm.send_conf_req = send_conf_req; ccp->fsm.send_conf_ack = send_conf_ack; ccp->fsm.send_conf_nak = send_conf_nak; @@ -199,7 +201,7 @@ static void ccp_layer_up(struct ppp_fsm_t *fsm) } } -static void ccp_layer_down(struct ppp_fsm_t *fsm) +static void ccp_layer_finished(struct ppp_fsm_t *fsm) { struct ppp_ccp_t *ccp = container_of(fsm, typeof(*ccp), fsm); @@ -207,11 +209,20 @@ static void ccp_layer_down(struct ppp_fsm_t *fsm) if (!ccp->started) { ccp->started = 1; - ppp_fsm_close(fsm); ppp_layer_started(ccp->ppp, &ccp->ld); } } +static void ccp_layer_down(struct ppp_fsm_t *fsm) +{ + struct ppp_ccp_t *ccp = container_of(fsm, typeof(*ccp), fsm); + + log_ppp_debug("ccp_layer_down\n"); + + ppp_fsm_close(fsm); +} + + static void print_ropt(struct recv_opt_t *ropt) { int i; @@ -232,8 +243,6 @@ static int send_conf_req(struct ppp_fsm_t *fsm) struct ccp_option_t *lopt; int n; - ccp->need_req = 0; - if (ccp->passive) return 0; @@ -370,7 +379,6 @@ static int ccp_recv_conf_req(struct ppp_ccp_t *ccp, uint8_t *data, int size) struct ccp_option_t *lopt; int r, ret = 1, ack = 0; - ccp->need_req = 0; ccp->ropt_len = size; while (size > 0) { @@ -407,8 +415,6 @@ static int ccp_recv_conf_req(struct ppp_ccp_t *ccp, uint8_t *data, int size) lopt->state = CCP_OPT_REJ; ropt->state = CCP_OPT_REJ; } else { - /*if (lopt->state == CCP_OPT_NAK && r == CCP_OPT_ACK) - ccp->need_req = 1;*/ lopt->state = r; ropt->state = r; } @@ -520,8 +526,6 @@ static int ccp_recv_conf_nak(struct ppp_ccp_t *ccp, uint8_t *data, int size) } if (lopt->h->recv_conf_nak && lopt->h->recv_conf_nak(ccp, lopt, data)) res = -1; - //lopt->state = CCP_OPT_NAK; - //ccp->need_req = 1; break; } } @@ -644,9 +648,9 @@ static void ccp_recv(struct ppp_handler_t*h) case CONFREQ: r = ccp_recv_conf_req(ccp, (uint8_t*)(hdr + 1), ntohs(hdr->len) - PPP_HDRLEN); if (ccp->passive) { + ccp->passive = 0; ppp_fsm_lower_up(&ccp->fsm); ppp_fsm_open(&ccp->fsm); - ccp->passive = 0; } if (ccp->started) { if (r == CCP_OPT_ACK) @@ -678,11 +682,8 @@ static void ccp_recv(struct ppp_handler_t*h) case CONFACK: if (ccp_recv_conf_ack(ccp, (uint8_t*)(hdr + 1), ntohs(hdr->len) - PPP_HDRLEN)) ppp_terminate(ccp->ppp, TERM_USER_ERROR, 0); - else { + else ppp_fsm_recv_conf_ack(&ccp->fsm); - if (ccp->need_req) - send_conf_req(&ccp->fsm); - } break; case CONFNAK: ccp_recv_conf_nak(ccp, (uint8_t*)(hdr + 1), ntohs(hdr->len) - PPP_HDRLEN); diff --git a/accel-pppd/ppp/ppp_ccp.h b/accel-pppd/ppp/ppp_ccp.h index 11c8a221..3a48816a 100644 --- a/accel-pppd/ppp/ppp_ccp.h +++ b/accel-pppd/ppp/ppp_ccp.h @@ -87,7 +87,6 @@ struct ppp_ccp_t int passive:1; int starting:1; int started:1; - int need_req:1; }; int ccp_option_register(struct ccp_option_handler_t *h); diff --git a/accel-pppd/ppp/ppp_fsm.c b/accel-pppd/ppp/ppp_fsm.c index 33f82375..b43945b8 100644 --- a/accel-pppd/ppp/ppp_fsm.c +++ b/accel-pppd/ppp/ppp_fsm.c @@ -215,12 +215,6 @@ void ppp_fsm_recv_conf_req_ack(struct ppp_fsm_t *layer) --layer->restart_counter; if (layer->send_conf_req) layer->send_conf_req(layer); case FSM_Req_Sent: - if (layer->send_conf_ack) layer->send_conf_ack(layer); - init_req_counter(layer,layer->max_configure); - --layer->restart_counter; - if (layer->send_conf_req) layer->send_conf_req(layer); - layer->fsm_state=FSM_Ack_Sent; - break; case FSM_Ack_Sent: if (layer->send_conf_ack) layer->send_conf_ack(layer); layer->fsm_state=FSM_Ack_Sent; @@ -381,7 +375,10 @@ void ppp_fsm_recv_conf_rej(struct ppp_fsm_t *layer) layer->fsm_state=FSM_Req_Sent; break; case FSM_Ack_Sent: - //if (layer->init_req_cnt) layer->init_req_cnt(layer); + if (++layer->conf_failure == layer->max_failure) { + if (layer->layer_down) layer->layer_down(layer); + return; + } init_req_counter(layer,layer->max_configure); --layer->restart_counter; if (layer->send_conf_req) layer->send_conf_req(layer); diff --git a/accel-pppd/ppp/ppp_ipcp.c b/accel-pppd/ppp/ppp_ipcp.c index 39627026..bd9f50df 100644 --- a/accel-pppd/ppp/ppp_ipcp.c +++ b/accel-pppd/ppp/ppp_ipcp.c @@ -135,10 +135,8 @@ void ipcp_layer_free(struct ppp_layer_data_t *ld) _free(ipcp); } -static void ipcp_layer_up(struct ppp_fsm_t *fsm) +static void __ipcp_layer_up(struct ppp_ipcp_t *ipcp) { - struct ppp_ipcp_t *ipcp = container_of(fsm, typeof(*ipcp), fsm); - log_ppp_debug("ipcp_layer_started\n"); if (!ipcp->started) { @@ -147,6 +145,14 @@ static void ipcp_layer_up(struct ppp_fsm_t *fsm) } } +static void ipcp_layer_up(struct ppp_fsm_t *fsm) +{ + struct ppp_ipcp_t *ipcp = container_of(fsm, typeof(*ipcp), fsm); + + if (!ipcp->delay_ack) + __ipcp_layer_up(ipcp); +} + static void ipcp_layer_down(struct ppp_fsm_t *fsm) { struct ppp_ipcp_t *ipcp = container_of(fsm, typeof(*ipcp), fsm); @@ -563,6 +569,7 @@ static void ipcp_recv(struct ppp_handler_t*h) struct ipcp_hdr_t *hdr; struct ppp_ipcp_t *ipcp = container_of(h, typeof(*ipcp), hnd); int r; + int delay_ack = ipcp->delay_ack; if (ipcp->fsm.fsm_state == FSM_Initial || ipcp->fsm.fsm_state == FSM_Closed || ipcp->ppp->terminating) { if (conf_ppp_verbose) @@ -593,7 +600,9 @@ static void ipcp_recv(struct ppp_handler_t*h) ipcp_free_conf_req(ipcp); return; } - if (ipcp->started) { + if (delay_ack && !ipcp->delay_ack) + __ipcp_layer_up(ipcp); + if (ipcp->started || delay_ack) { if (r == IPCP_OPT_ACK) send_conf_ack(&ipcp->fsm); else diff --git a/accel-pppd/radius/auth.c b/accel-pppd/radius/auth.c index 849dcebe..e4810fa6 100644 --- a/accel-pppd/radius/auth.c +++ b/accel-pppd/radius/auth.c @@ -379,6 +379,7 @@ int rad_auth_mschap_v1(struct radius_pd_t *rpd, const char *username, va_list ar { int r = PWDB_DENIED; uint8_t response[50]; + struct rad_attr_t *ra; int id = va_arg(args, int); const uint8_t *challenge = va_arg(args, const uint8_t *); @@ -386,6 +387,7 @@ int rad_auth_mschap_v1(struct radius_pd_t *rpd, const char *username, va_list ar const uint8_t *lm_response = va_arg(args, const uint8_t *); const uint8_t *nt_response = va_arg(args, const uint8_t *); int flags = va_arg(args, int); + char **mschap_error = va_arg(args, char **); response[0] = id; response[1] = flags; @@ -427,6 +429,7 @@ int rad_auth_mschap_v1(struct radius_pd_t *rpd, const char *username, va_list ar if (rad_packet_add_str(rpd->auth_req->pack, NULL, "Acct-Session-Id", rpd->ppp->sessionid)) goto out; + r = rad_auth_send(rpd->auth_req); if (r == PWDB_SUCCESS) { struct ev_radius_t ev = { @@ -437,6 +440,10 @@ int rad_auth_mschap_v1(struct radius_pd_t *rpd, const char *username, va_list ar triton_event_fire(EV_RADIUS_ACCESS_ACCEPT, &ev); setup_mppe(rpd->auth_req, challenge); rpd->auth_req->pack->id++; + } else if (rpd->auth_req->reply) { + ra = rad_packet_find_attr(rpd->auth_req->reply, "Microsoft", "MS-CHAP-Error"); + if (ra) + *mschap_error = ra->val.string; } return r; @@ -460,6 +467,8 @@ int rad_auth_mschap_v2(struct radius_pd_t *rpd, const char *username, va_list ar const uint8_t *response = va_arg(args, const uint8_t *); int flags = va_arg(args, int); uint8_t *authenticator = va_arg(args, uint8_t *); + char **mschap_error = va_arg(args, char **); + char **reply_msg = va_arg(args, char **); mschap_response[0] = id; mschap_response[1] = flags; @@ -520,8 +529,17 @@ int rad_auth_mschap_v2(struct radius_pd_t *rpd, const char *username, va_list ar triton_event_fire(EV_RADIUS_ACCESS_ACCEPT, &ev); setup_mppe(rpd->auth_req, NULL); rpd->auth_req->pack->id++; + } else if (rpd->auth_req->reply) { + ra = rad_packet_find_attr(rpd->auth_req->reply, "Microsoft", "MS-CHAP-Error"); + if (ra) + *mschap_error = ra->val.string; + ra = rad_packet_find_attr(rpd->auth_req->reply, NULL, "Reply-Message"); + if (ra) + *reply_msg = ra->val.string; } + + return r; out: rad_req_free(rpd->auth_req); diff --git a/cmake/cpack.cmake b/cmake/cpack.cmake index 24060530..a8804dcd 100644 --- a/cmake/cpack.cmake +++ b/cmake/cpack.cmake @@ -2,7 +2,7 @@ INCLUDE(InstallRequiredSystemLibraries) SET(CPACK_PACKAGE_VERSION_MAJOR "1") SET(CPACK_PACKAGE_VERSION_MINOR "3") -SET(CPACK_PACKAGE_VERSION_PATCH "6") +SET(CPACK_PACKAGE_VERSION_PATCH "7") SET(CPACK_PACKAGE_NAME "accel-ppp") SET(CPACK_PACKAGE_CONTACT "Dmitry Kozlov <xeb@mail.ru>") |