From 7def2aa4a0af5eb26fc290257585a8c2901c0c3c Mon Sep 17 00:00:00 2001
From: Dmitry Kozlov <xeb@mail.ru>
Date: Sat, 2 Apr 2016 20:25:13 +0300
Subject: for single-session=deny make early check for duplicate username
 (before calling radius)

---
 accel-pppd/include/ap_session.h |  1 +
 accel-pppd/pwdb.c               | 10 ++++++++++
 accel-pppd/session.c            | 20 ++++++++++++++++++++
 3 files changed, 31 insertions(+)

(limited to 'accel-pppd')

diff --git a/accel-pppd/include/ap_session.h b/accel-pppd/include/ap_session.h
index c6f15dd8..230eb260 100644
--- a/accel-pppd/include/ap_session.h
+++ b/accel-pppd/include/ap_session.h
@@ -140,6 +140,7 @@ void ap_session_terminate(struct ap_session *ses, int cause, int hard);
 void ap_session_activate(struct ap_session *ses);
 void ap_session_accounting_started(struct ap_session *ses);
 int ap_session_set_username(struct ap_session *ses, char *username);
+int ap_check_username(const char *username);
 
 void ap_session_ifup(struct ap_session *ses);
 void ap_session_ifdown(struct ap_session *ses);
diff --git a/accel-pppd/pwdb.c b/accel-pppd/pwdb.c
index f42a3a88..6fe015bf 100644
--- a/accel-pppd/pwdb.c
+++ b/accel-pppd/pwdb.c
@@ -1,8 +1,11 @@
 #include <stdlib.h>
+#include <sys/socket.h>
 
 #include "triton.h"
 
 #include "pwdb.h"
+#include "ap_session.h"
+#include "log.h"
 
 #include "memdebug.h"
 
@@ -14,6 +17,11 @@ int __export pwdb_check(struct ap_session *ses, pwdb_callback cb, void *cb_arg,
 	int r, res = PWDB_NO_IMPL;
 	va_list args;
 
+	if (ap_check_username(username)) {
+		log_ppp_info1("%s: second session denied\n", username);
+		return PWDB_DENIED;
+	}
+
 	va_start(args, type);
 
 	list_for_each_entry(pwdb, &pwdb_handlers, entry) {
@@ -31,6 +39,7 @@ int __export pwdb_check(struct ap_session *ses, pwdb_callback cb, void *cb_arg,
 
 	return res;
 }
+
 __export char *pwdb_get_passwd(struct ap_session *ses, const char *username)
 {
 	struct pwdb_t *pwdb;
@@ -51,6 +60,7 @@ void __export pwdb_register(struct pwdb_t *pwdb)
 {
 	list_add_tail(&pwdb->entry, &pwdb_handlers);
 }
+
 void __export pwdb_unregister(struct pwdb_t *pwdb)
 {
 	list_del(&pwdb->entry);
diff --git a/accel-pppd/session.c b/accel-pppd/session.c
index 1fbac101..ad164f3f 100644
--- a/accel-pppd/session.c
+++ b/accel-pppd/session.c
@@ -428,6 +428,26 @@ int __export ap_session_set_username(struct ap_session *s, char *username)
 	return 0;
 }
 
+int __export ap_check_username(const char *username)
+{
+	struct ap_session *ses;
+	int r = 0;
+
+	if (conf_single_session)
+		return 0;
+
+	pthread_rwlock_rdlock(&ses_lock);
+	list_for_each_entry(ses, &ses_list, entry) {
+		if (ses->username && !strcmp(ses->username, username)) {
+			r = 1;
+			break;
+		}
+	}
+	pthread_rwlock_unlock(&ses_lock);
+
+	return r;
+}
+
 static void save_seq(void)
 {
 	FILE *f;
-- 
cgit v1.2.3