From 10ede239609e41e259be9c38932e33f7dc74bd8a Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Wed, 21 Mar 2018 18:09:14 +0100 Subject: auth: fix re-authentication of peer in all chap modules If the peer re-authenticates (because of option conf_interval) and pwdb calls auth_result(), we may add the interval timer again to the session context. This crashes accel-ppp when deleting the session, because the interval timer is removed only once and the superfluous timers are still running. Therefore, when removing the context, triton detects this issue and calls abort(). To fix this, we need to detect if the session is already started and just send a CHAP Success message in this case. Signed-off-by: Guillaume Nault --- accel-pppd/auth/auth_chap_md5.c | 16 ++++++++++------ accel-pppd/auth/auth_mschap_v1.c | 16 ++++++++++------ accel-pppd/auth/auth_mschap_v2.c | 16 ++++++++++------ 3 files changed, 30 insertions(+), 18 deletions(-) diff --git a/accel-pppd/auth/auth_chap_md5.c b/accel-pppd/auth/auth_chap_md5.c index 309af8a6..ae062f53 100644 --- a/accel-pppd/auth/auth_chap_md5.c +++ b/accel-pppd/auth/auth_chap_md5.c @@ -265,14 +265,18 @@ static void auth_result(struct chap_auth_data *ad, int res) } else ppp_auth_failed(ad->ppp, name); } else { - if (ppp_auth_succeeded(ad->ppp, name)) { - chap_send_failure(ad); - ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0); + if (!ad->started) { + if (ppp_auth_succeeded(ad->ppp, name)) { + chap_send_failure(ad); + ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0); + } else { + chap_send_success(ad, ad->id); + ad->started = 1; + if (conf_interval) + triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0); + } } else { chap_send_success(ad, ad->id); - ad->started = 1; - if (conf_interval) - triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0); } } diff --git a/accel-pppd/auth/auth_mschap_v1.c b/accel-pppd/auth/auth_mschap_v1.c index 10424866..67f941c6 100644 --- a/accel-pppd/auth/auth_mschap_v1.c +++ b/accel-pppd/auth/auth_mschap_v1.c @@ -268,14 +268,18 @@ static void auth_result(struct chap_auth_data *ad, int res) } else ppp_auth_failed(ad->ppp, name); } else { - if (ppp_auth_succeeded(ad->ppp, name)) { - chap_send_failure(ad, ad->mschap_error); - ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0); + if (!ad->started) { + if (ppp_auth_succeeded(ad->ppp, name)) { + chap_send_failure(ad, ad->mschap_error); + ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0); + } else { + chap_send_success(ad, ad->id); + ad->started = 1; + if (conf_interval) + triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0); + } } else { chap_send_success(ad, ad->id); - ad->started = 1; - if (conf_interval) - triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0); } } diff --git a/accel-pppd/auth/auth_mschap_v2.c b/accel-pppd/auth/auth_mschap_v2.c index 33b95dea..5c82413c 100644 --- a/accel-pppd/auth/auth_mschap_v2.c +++ b/accel-pppd/auth/auth_mschap_v2.c @@ -341,14 +341,18 @@ static void auth_result(struct chap_auth_data *ad, int res) } else ppp_auth_failed(ad->ppp, name); } else { - if (ppp_auth_succeeded(ad->ppp, name)) { - chap_send_failure(ad, ad->mschap_error, ad->reply_msg); - ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0); + if (!ad->started) { + if (ppp_auth_succeeded(ad->ppp, name)) { + chap_send_failure(ad, ad->mschap_error, ad->reply_msg); + ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0); + } else { + chap_send_success(ad, ad->id, ad->authenticator); + ad->started = 1; + if (conf_interval) + triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0); + } } else { chap_send_success(ad, ad->id, ad->authenticator); - ad->started = 1; - if (conf_interval) - triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0); } } -- cgit v1.2.3