From 953a944839db2dd4cf4eef5ef9cd94e4ba08e4d8 Mon Sep 17 00:00:00 2001 From: Dmitry Kozlov Date: Thu, 17 Jul 2014 14:14:44 +0400 Subject: improved 'single session' mechanism --- accel-pppd/ctrl/ipoe/ipoe.c | 40 +++++++++++++++++++++++----------------- accel-pppd/ctrl/ipoe/ipoe.h | 2 +- accel-pppd/ctrl/ipoe/lua.c | 12 ++++++------ accel-pppd/ppp/ppp_auth.c | 1 + accel-pppd/session.c | 3 ++- 5 files changed, 33 insertions(+), 25 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/ctrl/ipoe/ipoe.c b/accel-pppd/ctrl/ipoe/ipoe.c index 039a66a9..ec241ea8 100644 --- a/accel-pppd/ctrl/ipoe/ipoe.c +++ b/accel-pppd/ctrl/ipoe/ipoe.c @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -325,15 +326,17 @@ static void ipoe_relay_timeout(struct triton_timer_t *t) } -static void ipoe_session_set_username(struct ipoe_session *ses) +static char *ipoe_session_get_username(struct ipoe_session *ses) { #ifdef USE_LUA - if (ses->serv->opt_username == USERNAME_LUA) { - ipoe_lua_set_username(ses, ses->serv->opt_lua_username_func ? : conf_lua_username_func); - } else + if (ses->serv->opt_username == USERNAME_LUA) + return ipoe_lua_get_username(ses, ses->serv->opt_lua_username_func ? : conf_lua_username_func); + else #endif + if (!ses->dhcpv4_request) + return _strdup(ses->ctrl.calling_station_id); - ap_session_set_username(&ses->ses, _strdup(ses->ses.ifname)); + return _strdup(ses->ses.ifname); } static void l4_redirect_list_add(in_addr_t addr, int ifindex) @@ -508,18 +511,19 @@ static void ipoe_session_start(struct ipoe_session *ses) { int r; char *passwd; + char *username; __sync_add_and_fetch(&stat_starting, 1); - if (!ses->ses.username) { - strncpy(ses->ses.ifname, ses->serv->ifname, AP_IFNAME_LEN); - - ipoe_session_set_username(ses); + assert(!ses->ses.username); - if (!ses->ses.username) { - ipoe_session_finished(&ses->ses); - return; - } + strncpy(ses->ses.ifname, ses->serv->ifname, AP_IFNAME_LEN); + + username = ipoe_session_get_username(ses); + + if (!username) { + ipoe_session_finished(&ses->ses); + return; } ses->ses.unit_idx = ses->serv->ifindex; @@ -533,7 +537,7 @@ static void ipoe_session_start(struct ipoe_session *ses) if (ses->serv->opt_shared && ipoe_create_interface(ses)) return; - r = pwdb_check(&ses->ses, ses->ses.username, PPP_PAP, conf_password ? conf_password : ses->ses.username); + r = pwdb_check(&ses->ses, username, PPP_PAP, conf_password ? conf_password : username); if (r == PWDB_NO_IMPL) { passwd = pwdb_get_passwd(&ses->ses, ses->ses.username); if (!passwd) @@ -545,6 +549,10 @@ static void ipoe_session_start(struct ipoe_session *ses) } if (r == PWDB_DENIED) { + pthread_rwlock_wrlock(&ses_lock); + ses->ses.username = username; + ses->ses.terminate_cause = TERM_AUTH_ERROR; + pthread_rwlock_unlock(&ses_lock); if (conf_ppp_verbose) log_ppp_warn("authentication failed\n"); if (conf_l4_redirect_on_reject && !ses->dhcpv4_request && ses->ifindex != -1) { @@ -556,6 +564,7 @@ static void ipoe_session_start(struct ipoe_session *ses) } } + ap_session_set_username(&ses->ses, username); log_ppp_info1("%s: authentication succeeded\n", ses->ses.username); triton_event_fire(EV_SES_AUTHORIZED, &ses->ses); @@ -1589,9 +1598,6 @@ static struct ipoe_session *ipoe_session_create_up(struct ipoe_serv *serv, struc u_inet_ntoa(iph->saddr, ses->ctrl.calling_station_id); ses->ses.chan_name = ses->ctrl.calling_station_id; - - if (conf_username == USERNAME_UNSET) - ap_session_set_username(&ses->ses, _strdup(ses->ctrl.calling_station_id)); if (conf_ip_pool) ses->ses.ipv4_pool_name = _strdup(conf_ip_pool); diff --git a/accel-pppd/ctrl/ipoe/ipoe.h b/accel-pppd/ctrl/ipoe/ipoe.h index 88e37e46..b3a346f3 100644 --- a/accel-pppd/ctrl/ipoe/ipoe.h +++ b/accel-pppd/ctrl/ipoe/ipoe.h @@ -98,7 +98,7 @@ struct arp_serv { }; #ifdef USE_LUA -int ipoe_lua_set_username(struct ipoe_session *, const char *func); +char *ipoe_lua_get_username(struct ipoe_session *, const char *func); #endif struct iphdr; diff --git a/accel-pppd/ctrl/ipoe/lua.c b/accel-pppd/ctrl/ipoe/lua.c index b894aa3f..46c85948 100644 --- a/accel-pppd/ctrl/ipoe/lua.c +++ b/accel-pppd/ctrl/ipoe/lua.c @@ -230,12 +230,12 @@ out_err: }*/ -int ipoe_lua_set_username(struct ipoe_session *ses, const char *func) +char *ipoe_lua_get_username(struct ipoe_session *ses, const char *func) { - int r; + char *r; if (file_error && serial == __serial) - return -1; + return NULL; if (L && serial != __serial) { lua_close(L); @@ -244,7 +244,7 @@ int ipoe_lua_set_username(struct ipoe_session *ses, const char *func) init_lua(); if (!L) - return -1; + return NULL; lua_getglobal(L, func); lua_pushlightuserdata(L, ses); @@ -259,7 +259,7 @@ int ipoe_lua_set_username(struct ipoe_session *ses, const char *func) goto out_err; } - r = ap_session_set_username(&ses->ses, _strdup(lua_tostring(L, -1))); + r = _strdup(lua_tostring(L, -1)); lua_settop(L, 0); @@ -270,7 +270,7 @@ out_err: lua_close(L); L = NULL; pthread_setspecific(__key, L); - return -1; + return NULL; } static void load_config() diff --git a/accel-pppd/ppp/ppp_auth.c b/accel-pppd/ppp/ppp_auth.c index b32400e2..442db7ed 100644 --- a/accel-pppd/ppp/ppp_auth.c +++ b/accel-pppd/ppp/ppp_auth.c @@ -352,6 +352,7 @@ void __export ppp_auth_failed(struct ppp_t *ppp, char *username) pthread_rwlock_wrlock(&ses_lock); if (!ppp->ses.username) ppp->ses.username = _strdup(username); + ppp->ses.terminate_cause = TERM_AUTH_ERROR; pthread_rwlock_unlock(&ses_lock); log_ppp_info1("%s: authentication failed\n", username); log_info1("%s: authentication failed\n", username); diff --git a/accel-pppd/session.c b/accel-pppd/session.c index d8ee6dd8..ac8633e5 100644 --- a/accel-pppd/session.c +++ b/accel-pppd/session.c @@ -326,7 +326,7 @@ int __export ap_session_set_username(struct ap_session *s, char *username) pthread_rwlock_wrlock(&ses_lock); if (conf_single_session >= 0) { list_for_each_entry(ses, &ses_list, entry) { - if (ses->username && !strcmp(ses->username, username)) { + if (ses->username && ses->terminate_cause != TERM_AUTH_ERROR && !strcmp(ses->username, username)) { if (conf_single_session == 0) { pthread_rwlock_unlock(&ses_lock); log_ppp_info1("%s: second session denied\n", username); @@ -341,6 +341,7 @@ int __export ap_session_set_username(struct ap_session *s, char *username) triton_context_call(ses->ctrl->ctx, (triton_event_func)__terminate_sec, ses); } } + break; } } s->username = username; -- cgit v1.2.3