From 760d8427f133df486a145e6e7ac7610caf2356fc Mon Sep 17 00:00:00 2001 From: Kozlov Dmitry Date: Tue, 17 Aug 2010 17:29:46 +0400 Subject: reworked/rewrited lcp handling code to become more abstract --- accel-pptpd/pwdb.h | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 accel-pptpd/pwdb.h (limited to 'accel-pptpd/pwdb.h') diff --git a/accel-pptpd/pwdb.h b/accel-pptpd/pwdb.h new file mode 100644 index 00000000..820e269c --- /dev/null +++ b/accel-pptpd/pwdb.h @@ -0,0 +1,9 @@ +#ifndef PWDB_H +#define PWDB_H + +struct ppp_t; + +int pwdb_check(struct ppp_t*,const char *username,const char *password); + +#endif + -- cgit v1.2.3 From 9e52c15995a90fff71087cda4bb0c600b1d1d28d Mon Sep 17 00:00:00 2001 From: Kozlov Dmitry Date: Mon, 23 Aug 2010 18:27:31 +0400 Subject: implemented chap authentication fixed auth type selection when configure-nak received --- accel-pptpd/CMakeLists.txt | 3 +- accel-pptpd/auth_chap.c | 294 ++++++++++++++++++++++++++++++++++++++++++ accel-pptpd/auth_pap.c | 6 +- accel-pptpd/ipcp_opt_ipaddr.c | 1 + accel-pptpd/log.c | 4 +- accel-pptpd/ppp_auth.c | 52 +++++--- accel-pptpd/ppp_ccp.c | 20 ++- accel-pptpd/ppp_ipcp.c | 20 ++- accel-pptpd/ppp_lcp.c | 12 +- accel-pptpd/pwdb.c | 5 + accel-pptpd/pwdb.h | 1 + 11 files changed, 383 insertions(+), 35 deletions(-) create mode 100644 accel-pptpd/auth_chap.c (limited to 'accel-pptpd/pwdb.h') diff --git a/accel-pptpd/CMakeLists.txt b/accel-pptpd/CMakeLists.txt index bbe59b80..82c8a9e0 100644 --- a/accel-pptpd/CMakeLists.txt +++ b/accel-pptpd/CMakeLists.txt @@ -20,6 +20,7 @@ ADD_EXECUTABLE(pptpd ppp_auth.c auth_pap.c + auth_chap.c ppp_ipcp.c ipcp_opt_ipaddr.c @@ -30,4 +31,4 @@ ADD_EXECUTABLE(pptpd pwdb.c ipdb.c ) -TARGET_LINK_LIBRARIES(pptpd pthread triton) +TARGET_LINK_LIBRARIES(pptpd pthread triton ssl) diff --git a/accel-pptpd/auth_chap.c b/accel-pptpd/auth_chap.c new file mode 100644 index 00000000..4b3d0398 --- /dev/null +++ b/accel-pptpd/auth_chap.c @@ -0,0 +1,294 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "log.h" +#include "ppp.h" +#include "ppp_auth.h" +#include "ppp_lcp.h" +#include "pwdb.h" + +#define CHAP_CHALLENGE 1 +#define CHAP_RESPONSE 2 +#define CHAP_SUCCESS 3 +#define CHAP_FAILURE 4 + +#define VALUE_SIZE 16 + +#define MSG_FAILURE "Authentication failed" +#define MSG_SUCCESS "Authentication successed" + +#define HDR_LEN (sizeof(struct chap_hdr_t)-2) + +static int urandom_fd; + +struct chap_hdr_t +{ + uint16_t proto; + uint8_t code; + uint8_t id; + uint16_t len; +} __attribute__((packed)); + +struct chap_challenge_t +{ + struct chap_hdr_t hdr; + uint8_t val_size; + uint8_t val[VALUE_SIZE]; + char name[0]; +} __attribute__((packed)); + +struct chap_failure_t +{ + struct chap_hdr_t hdr; + char message[sizeof(MSG_FAILURE)]; +} __attribute__((packed)); + +struct chap_success_t +{ + struct chap_hdr_t hdr; + char message[sizeof(MSG_SUCCESS)]; +} __attribute__((packed)); + + +struct chap_auth_data_t +{ + struct auth_data_t auth; + struct ppp_handler_t h; + struct ppp_t *ppp; + int id; + uint8_t val[VALUE_SIZE]; +}; + +static void chap_send_challenge(struct chap_auth_data_t *ad); +static void chap_recv(struct ppp_handler_t *h); + +static void print_buf(const uint8_t *buf,int size) +{ + int i; + for(i=0;iauth.proto=PPP_CHAP; + d->ppp=ppp; + + return &d->auth; +} + +static void auth_data_free(struct ppp_t *ppp,struct auth_data_t *auth) +{ + struct chap_auth_data_t *d=container_of(auth,typeof(*d),auth); + + free(d); +} + +static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth) +{ + struct chap_auth_data_t *d=container_of(auth,typeof(*d),auth); + + d->h.proto=PPP_CHAP; + d->h.recv=chap_recv; + + ppp_register_chan_handler(ppp,&d->h); + + chap_send_challenge(d); + + return 0; +} + +static int chap_finish(struct ppp_t *ppp, struct auth_data_t *auth) +{ + struct chap_auth_data_t *d=container_of(auth,typeof(*d),auth); + + ppp_unregister_handler(ppp,&d->h); + + return 0; +} + +static int lcp_send_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t *ptr) +{ + *ptr=5; + return 1; +} + +static int lcp_recv_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t *ptr) +{ + if (*ptr==5) + return LCP_OPT_ACK; + return LCP_OPT_REJ; +} + +static void chap_send_failure(struct chap_auth_data_t *ad) +{ + struct chap_failure_t msg= + { + .hdr.proto=htons(PPP_CHAP), + .hdr.code=CHAP_FAILURE, + .hdr.id=++ad->id, + .hdr.len=htons(sizeof(msg)-1-2), + .message=MSG_FAILURE, + }; + + log_debug("send [CHAP Failure id=%x \"%s\"]\n",msg.hdr.id,MSG_FAILURE); + + ppp_chan_send(ad->ppp,&msg,ntohs(msg.hdr.len)+2); +} + +static void chap_send_success(struct chap_auth_data_t *ad) +{ + struct chap_success_t msg= + { + .hdr.proto=htons(PPP_CHAP), + .hdr.code=CHAP_SUCCESS, + .hdr.id=++ad->id, + .hdr.len=htons(sizeof(msg)-1-2), + .message=MSG_SUCCESS, + }; + + log_debug("send [CHAP Success id=%x \"%s\"]\n",msg.hdr.id,MSG_SUCCESS); + + ppp_chan_send(ad->ppp,&msg,ntohs(msg.hdr.len)+2); +} + +static void chap_send_challenge(struct chap_auth_data_t *ad) +{ + struct chap_challenge_t msg= + { + .hdr.proto=htons(PPP_CHAP), + .hdr.code=CHAP_CHALLENGE, + .hdr.id=++ad->id, + .hdr.len=htons(sizeof(msg)-2), + .val_size=VALUE_SIZE, + }; + + read(urandom_fd,ad->val,VALUE_SIZE); + memcpy(msg.val,ad->val,VALUE_SIZE); + + log_debug("send [CHAP Challenge id=%x <",msg.hdr.id); + print_buf(msg.val,VALUE_SIZE); + log_debug(">]\n"); + + ppp_chan_send(ad->ppp,&msg,ntohs(msg.hdr.len)+2); +} + +static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *hdr) +{ + MD5_CTX md5_ctx; + uint8_t md5[MD5_DIGEST_LENGTH]; + char *passwd; + char *name; + struct chap_challenge_t *msg=(struct chap_challenge_t*)hdr; + + log_debug("recv [CHAP Response id=%x <", msg->hdr.id); + print_buf(msg->val,msg->val_size); + log_debug(">, name=\""); + print_str(msg->name,ntohs(msg->hdr.len)-sizeof(*msg)+2); + log_debug("\"]\n"); + + if (msg->hdr.id!=ad->id) + { + log_error("chap-md5: id mismatch\n"); + chap_send_failure(ad); + ppp_terminate(ad->ppp); + } + + if (msg->val_size!=VALUE_SIZE) + { + log_error("chap-md5: value-size should be %i, expected %i\n",VALUE_SIZE,msg->val_size); + chap_send_failure(ad); + ppp_terminate(ad->ppp); + } + + name=strndup(msg->name,ntohs(msg->hdr.len)-sizeof(*msg)+2); + passwd=pwdb_get_passwd(ad->ppp,name); + if (!passwd) + { + free(name); + log_debug("chap-md5: user not found\n"); + chap_send_failure(ad); + return; + } + + MD5_Init(&md5_ctx); + MD5_Update(&md5_ctx,&msg->hdr.id,1); + MD5_Update(&md5_ctx,passwd,strlen(passwd)); + MD5_Update(&md5_ctx,ad->val,VALUE_SIZE); + MD5_Final(md5,&md5_ctx); + + if (memcmp(md5,msg->val,sizeof(md5))) + { + log_debug("chap-md5: challenge response mismatch\n"); + chap_send_failure(ad); + auth_failed(ad->ppp); + }else + { + chap_send_success(ad); + auth_successed(ad->ppp); + } + + free(name); + free(passwd); +} + +static struct ppp_auth_handler_t chap= +{ + .name="CHAP-md5", + .init=auth_data_init, + .free=auth_data_free, + .send_conf_req=lcp_send_conf_req, + .recv_conf_req=lcp_recv_conf_req, + .start=chap_start, + .finish=chap_finish, +}; + +static void chap_recv(struct ppp_handler_t *h) +{ + struct chap_auth_data_t *d=container_of(h,typeof(*d),h); + struct chap_hdr_t *hdr=(struct chap_hdr_t *)d->ppp->chan_buf; + + if (d->ppp->chan_buf_sizelen)len)ppp->chan_buf_size-2) + { + log_warn("CHAP: short packet received\n"); + return; + } + + if (hdr->code==CHAP_RESPONSE) chap_recv_response(d,hdr); + else + { + log_warn("CHAP: unknown code received %x\n",hdr->code); + } +} + +static void __init auth_chap_md5_init() +{ + urandom_fd=open("/dev/urandom",O_RDONLY); + if (urandom_fd<0) + { + log_error("chap-md5: failed to open /dev/urandom: %s\n",strerror(errno)); + return; + } + if (ppp_auth_register_handler(&chap)) + log_error("chap-md5: failed to register handler\n"); +} + diff --git a/accel-pptpd/auth_pap.c b/accel-pptpd/auth_pap.c index 85e71e60..92ddef52 100644 --- a/accel-pptpd/auth_pap.c +++ b/accel-pptpd/auth_pap.c @@ -6,6 +6,8 @@ #include "log.h" #include "ppp.h" #include "ppp_auth.h" +#include "ppp_lcp.h" +#include "pwdb.h" #define MSG_FAILED "Authentication failed" #define MSG_SUCCESSED "Authentication successed" @@ -104,7 +106,7 @@ static int lcp_send_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t * static int lcp_recv_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t *ptr) { - return 0; + return LCP_OPT_ACK; } static void pap_send_ack(struct pap_auth_data_t *p, int id) @@ -168,7 +170,7 @@ static int pap_recv_req(struct pap_auth_data_t *p,struct pap_hdr_t *hdr) peer_id=strndup((const char*)peer_id,peer_id_len); passwd=strndup((const char*)ptr,passwd_len); - if (pwdb_check(peer_id,passwd)) + if (pwdb_check(p->ppp,peer_id,passwd)) { log_warn("PAP: authentication error\n"); pap_send_nak(p,hdr->id); diff --git a/accel-pptpd/ipcp_opt_ipaddr.c b/accel-pptpd/ipcp_opt_ipaddr.c index a68212f1..8eae84b6 100644 --- a/accel-pptpd/ipcp_opt_ipaddr.c +++ b/accel-pptpd/ipcp_opt_ipaddr.c @@ -12,6 +12,7 @@ static void ipaddr_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt); static int ipaddr_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr); static int ipaddr_send_conf_nak(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr); static int ipaddr_recv_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr); +static int ipaddr_recv_conf_ack(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt, uint8_t *ptr); static void ipaddr_print(void (*print)(const char *fmt,...),struct ipcp_option_t*, uint8_t *ptr); struct ipaddr_option_t diff --git a/accel-pptpd/log.c b/accel-pptpd/log.c index 4ee86e1a..992f24d5 100644 --- a/accel-pptpd/log.c +++ b/accel-pptpd/log.c @@ -33,7 +33,7 @@ #define LOG_INFO 2 #define LOG_DEBUG 3 -static FILE *log_file=NULL; +static FILE *log_file; static int log_level=10; static int log_color=1; static const char* level_name[]={"error","warning","info","debug"}; @@ -47,6 +47,8 @@ static void do_log(int level,const char *fmt,va_list ap) struct timeval tv; //pthread_mutex_lock(&lock); + if (!log_file) + log_file=stdout; if (msg_completed) { gettimeofday(&tv,NULL); diff --git a/accel-pptpd/ppp_auth.c b/accel-pptpd/ppp_auth.c index ee173a79..c7075fb1 100644 --- a/accel-pptpd/ppp_auth.c +++ b/accel-pptpd/ppp_auth.c @@ -107,10 +107,15 @@ static int auth_send_conf_req(struct ppp_lcp_t *lcp, struct lcp_option_t *opt, u if (list_empty(&auth_opt->auth_list)) return 0; - if (!auth_opt->auth) + if (!auth_opt->auth || auth_opt->auth->state==LCP_OPT_NAK) { - d=list_entry(auth_opt->auth_list.next,typeof(*d),entry); - auth_opt->auth=d; + list_for_each_entry(d,&auth_opt->auth_list,entry) + { + if (d->state==LCP_OPT_NAK || d->state==LCP_OPT_REJ) + continue; + auth_opt->auth=d; + break; + } } opt16->hdr.id=CI_AUTH; @@ -126,6 +131,7 @@ static int auth_recv_conf_req(struct ppp_lcp_t *lcp, struct lcp_option_t *opt, u struct auth_option_t *auth_opt=container_of(opt,typeof(*auth_opt),opt); struct lcp_opt16_t *opt16=(struct lcp_opt16_t*)ptr; struct auth_data_t *d; + int r; if (list_empty(&auth_opt->auth_list)) return LCP_OPT_REJ; @@ -134,10 +140,13 @@ static int auth_recv_conf_req(struct ppp_lcp_t *lcp, struct lcp_option_t *opt, u { if (d->proto==ntohs(opt16->val)) { - if (d->h->recv_conf_req(lcp->ppp,d,(uint8_t*)(opt16+1))) + r=d->h->recv_conf_req(lcp->ppp,d,(uint8_t*)(opt16+1)); + if (r==LCP_OPT_FAIL) + return LCP_OPT_FAIL; + if (r==LCP_OPT_REJ) break; auth_opt->peer_auth=d; - return LCP_OPT_ACK; + return r; } } @@ -166,20 +175,16 @@ static int auth_recv_conf_ack(struct ppp_lcp_t *lcp, struct lcp_option_t *opt, u static int auth_recv_conf_nak(struct ppp_lcp_t *lcp, struct lcp_option_t *opt, uint8_t *ptr) { struct auth_option_t *auth_opt=container_of(opt,typeof(*auth_opt),opt); - struct lcp_opt16_t *opt16=(struct lcp_opt16_t*)ptr; struct auth_data_t *d; - list_for_each_entry(d,&auth_opt->auth_list,entry) + if (!auth_opt->auth) { - if (d->proto==ntohs(opt16->val)) - { - d->state=LCP_OPT_NAK; - if (d->h->recv_conf_req(lcp->ppp,d,(uint8_t*)(opt16+1))) - break; - auth_opt->auth=d; - return 0; - } + log_error("auth: unexcepcted configure-nak\n"); + return -1; } + auth_opt->auth->state=LCP_OPT_NAK; + if (auth_opt->peer_auth) + auth_opt->auth=auth_opt->peer_auth; list_for_each_entry(d,&auth_opt->auth_list,entry) { @@ -194,9 +199,22 @@ static int auth_recv_conf_nak(struct ppp_lcp_t *lcp, struct lcp_option_t *opt, u static int auth_recv_conf_rej(struct ppp_lcp_t *lcp, struct lcp_option_t *opt, uint8_t *ptr) { struct auth_option_t *auth_opt=container_of(opt,typeof(*auth_opt),opt); + struct auth_data_t *d; - if (list_empty(&auth_opt->auth_list)) - return 0; + if (!auth_opt->auth) + { + log_error("auth: unexcepcted configure-reject\n"); + return -1; + } + auth_opt->auth->state=LCP_OPT_NAK; + if (auth_opt->peer_auth) + auth_opt->auth=auth_opt->peer_auth; + + list_for_each_entry(d,&auth_opt->auth_list,entry) + { + if (d->state!=LCP_OPT_NAK) + return 0; + } log_msg("cann't negotiate authentication type\n"); return -1; diff --git a/accel-pptpd/ppp_ccp.c b/accel-pptpd/ppp_ccp.c index 0a7246d6..3c8c5cdb 100644 --- a/accel-pptpd/ppp_ccp.c +++ b/accel-pptpd/ppp_ccp.c @@ -449,8 +449,10 @@ static int ccp_recv_conf_ack(struct ppp_ccp_t *ccp,uint8_t *data,int size) { log_debug(" "); lopt->h->print(log_debug,lopt,data); - if (lopt->h->recv_conf_ack) - lopt->h->recv_conf_ack(ccp,lopt,data); + if (!lopt->h->recv_conf_ack) + break; + if (lopt->h->recv_conf_ack(ccp,lopt,data)) + res=-1; break; } } @@ -468,7 +470,13 @@ static void ccp_recv(struct ppp_handler_t*h) struct ppp_ccp_t *ccp=container_of(h,typeof(*ccp),hnd); int r; char *term_msg; - + + if (ccp->fsm.fsm_state==FSM_Initial || ccp->fsm.fsm_state==FSM_Closed) + { + log_error("CCP: discaring packet\n"); + return; + } + if (ccp->ppp->unit_buf_sizeppp); break; case CONFACK: - ccp_recv_conf_ack(ccp,(uint8_t*)(hdr+1),ntohs(hdr->len)-PPP_HDRLEN); - ppp_fsm_recv_conf_ack(&ccp->fsm); + if (ccp_recv_conf_ack(ccp,(uint8_t*)(hdr+1),ntohs(hdr->len)-PPP_HDRLEN)) + ppp_terminate(ccp->ppp); + else + ppp_fsm_recv_conf_ack(&ccp->fsm); break; case CONFNAK: ccp_recv_conf_nak(ccp,(uint8_t*)(hdr+1),ntohs(hdr->len)-PPP_HDRLEN); diff --git a/accel-pptpd/ppp_ipcp.c b/accel-pptpd/ppp_ipcp.c index fb089a5d..fc25230a 100644 --- a/accel-pptpd/ppp_ipcp.c +++ b/accel-pptpd/ppp_ipcp.c @@ -440,8 +440,10 @@ static int ipcp_recv_conf_ack(struct ppp_ipcp_t *ipcp,uint8_t *data,int size) { log_debug(" "); lopt->h->print(log_debug,lopt,data); - if (lopt->h->recv_conf_ack) - lopt->h->recv_conf_ack(ipcp,lopt,data); + if (!lopt->h->recv_conf_ack) + break; + if (lopt->h->recv_conf_ack(ipcp,lopt,data)) + res=-1; break; } } @@ -459,7 +461,13 @@ static void ipcp_recv(struct ppp_handler_t*h) struct ppp_ipcp_t *ipcp=container_of(h,typeof(*ipcp),hnd); int r; char *term_msg; - + + if (ipcp->fsm.fsm_state==FSM_Initial || ipcp->fsm.fsm_state==FSM_Closed) + { + log_error("IPCP: discaring packet\n"); + return; + } + if (ipcp->ppp->unit_buf_sizeppp); break; case CONFACK: - ipcp_recv_conf_ack(ipcp,(uint8_t*)(hdr+1),ntohs(hdr->len)-PPP_HDRLEN); - ppp_fsm_recv_conf_ack(&ipcp->fsm); + if (ipcp_recv_conf_ack(ipcp,(uint8_t*)(hdr+1),ntohs(hdr->len)-PPP_HDRLEN)) + ppp_terminate(ipcp->ppp); + else + ppp_fsm_recv_conf_ack(&ipcp->fsm); break; case CONFNAK: ipcp_recv_conf_nak(ipcp,(uint8_t*)(hdr+1),ntohs(hdr->len)-PPP_HDRLEN); diff --git a/accel-pptpd/ppp_lcp.c b/accel-pptpd/ppp_lcp.c index b9d0de34..dbc819a1 100644 --- a/accel-pptpd/ppp_lcp.c +++ b/accel-pptpd/ppp_lcp.c @@ -436,8 +436,10 @@ static int lcp_recv_conf_ack(struct ppp_lcp_t *lcp,uint8_t *data,int size) { log_debug(" "); lopt->h->print(log_debug,lopt,data); - if (lopt->h->recv_conf_ack) - lopt->h->recv_conf_ack(lcp,lopt,data); + if (!lopt->h->recv_conf_ack) + break; + if (lopt->h->recv_conf_ack(lcp,lopt,data)) + res=-1; break; } } @@ -514,8 +516,10 @@ static void lcp_recv(struct ppp_handler_t*h) ppp_terminate(lcp->ppp); break; case CONFACK: - lcp_recv_conf_ack(lcp,(uint8_t*)(hdr+1),ntohs(hdr->len)-PPP_HDRLEN); - ppp_fsm_recv_conf_ack(&lcp->fsm); + if (lcp_recv_conf_ack(lcp,(uint8_t*)(hdr+1),ntohs(hdr->len)-PPP_HDRLEN)) + ppp_terminate(lcp->ppp); + else + ppp_fsm_recv_conf_ack(&lcp->fsm); break; case CONFNAK: lcp_recv_conf_nak(lcp,(uint8_t*)(hdr+1),ntohs(hdr->len)-PPP_HDRLEN); diff --git a/accel-pptpd/pwdb.c b/accel-pptpd/pwdb.c index 12130b34..4a03846e 100644 --- a/accel-pptpd/pwdb.c +++ b/accel-pptpd/pwdb.c @@ -5,3 +5,8 @@ int pwdb_check(struct ppp_t *ppp,const char *username,const char *password) { return 0; } + +char *pwdb_get_passwd(struct ppp_t *ppp, const char *username) +{ + return strdup("test"); +} diff --git a/accel-pptpd/pwdb.h b/accel-pptpd/pwdb.h index 820e269c..07c45b09 100644 --- a/accel-pptpd/pwdb.h +++ b/accel-pptpd/pwdb.h @@ -4,6 +4,7 @@ struct ppp_t; int pwdb_check(struct ppp_t*,const char *username,const char *password); +char *pwdb_get_passwd(struct ppp_t*, const char *username); #endif -- cgit v1.2.3 From af5a96e2d04056b065a36ecbd140a16d0685c7e6 Mon Sep 17 00:00:00 2001 From: Kozlov Dmitry Date: Sat, 4 Sep 2010 16:20:11 +0400 Subject: started work on radius module --- accel-pptpd/CMakeLists.txt | 2 + accel-pptpd/accel-pptpd.conf | 4 + accel-pptpd/ppp/ppp.c | 5 +- accel-pptpd/ppp/ppp.h | 30 +++-- accel-pptpd/ppp/ppp_notify.c | 34 ++++++ accel-pptpd/ppp/ppp_pd.c | 12 ++ accel-pptpd/pwdb.c | 67 ++++++++++- accel-pptpd/pwdb.h | 23 +++- accel-pptpd/radius/CMakeLists.txt | 8 ++ accel-pptpd/radius/dict.c | 219 ++++++++++++++++++++++++++++++++++ accel-pptpd/radius/dictionary | 240 ++++++++++++++++++++++++++++++++++++++ accel-pptpd/radius/radius.c | 74 ++++++++++++ accel-pptpd/radius/radius.h | 28 +++++ 13 files changed, 729 insertions(+), 17 deletions(-) create mode 100644 accel-pptpd/ppp/ppp_notify.c create mode 100644 accel-pptpd/ppp/ppp_pd.c create mode 100644 accel-pptpd/radius/CMakeLists.txt create mode 100644 accel-pptpd/radius/dict.c create mode 100644 accel-pptpd/radius/dictionary create mode 100644 accel-pptpd/radius/radius.c create mode 100644 accel-pptpd/radius/radius.h (limited to 'accel-pptpd/pwdb.h') diff --git a/accel-pptpd/CMakeLists.txt b/accel-pptpd/CMakeLists.txt index 64f351fa..041c6681 100644 --- a/accel-pptpd/CMakeLists.txt +++ b/accel-pptpd/CMakeLists.txt @@ -8,6 +8,7 @@ INCLUDE_DIRECTORIES(include) ADD_SUBDIRECTORY(triton) ADD_SUBDIRECTORY(ctrl) ADD_SUBDIRECTORY(auth) +ADD_SUBDIRECTORY(radius) ADD_EXECUTABLE(pptpd ppp/ppp.c @@ -22,6 +23,7 @@ ADD_EXECUTABLE(pptpd ppp/ipcp_opt_ipaddr.c ppp/ipcp_opt_dns.c ppp/ppp_ccp.c + ppp/ppp_notify.c log.c pwdb.c diff --git a/accel-pptpd/accel-pptpd.conf b/accel-pptpd/accel-pptpd.conf index fa2f128c..9b635340 100644 --- a/accel-pptpd/accel-pptpd.conf +++ b/accel-pptpd/accel-pptpd.conf @@ -1,6 +1,7 @@ [modules] ./libpptp.so ./libauth_mschap_v2.so +./libradius.so [core] log-error=/dev/stderr @@ -11,3 +12,6 @@ echo-failure=3 [pptp] echo-interval=3 + +[radius] +dictionary=dictionary diff --git a/accel-pptpd/ppp/ppp.c b/accel-pptpd/ppp/ppp.c index 5c2eb910..4ad8221b 100644 --- a/accel-pptpd/ppp/ppp.c +++ b/accel-pptpd/ppp/ppp.c @@ -18,6 +18,7 @@ #include "log.h" static LIST_HEAD(layers); +int sock_fd; struct layer_node_t { @@ -94,6 +95,7 @@ int __export establish_ppp(struct ppp_t *ppp) INIT_LIST_HEAD(&ppp->chan_handlers); INIT_LIST_HEAD(&ppp->unit_handlers); + INIT_LIST_HEAD(&ppp->pd_list); init_layers(ppp); @@ -127,6 +129,7 @@ int __export establish_ppp(struct ppp_t *ppp) log_debug("ppp established\n"); + ppp_notify_started(ppp); start_first_layer(ppp); return 0; @@ -159,6 +162,7 @@ static void destablish_ppp(struct ppp_t *ppp) log_debug("ppp destablished\n"); + ppp_notify_finished(ppp); ppp->ctrl->finished(ppp); } @@ -481,7 +485,6 @@ struct ppp_layer_data_t *ppp_find_layer_data(struct ppp_t *ppp, struct ppp_layer return NULL; } -int sock_fd; static void __init ppp_init(void) { sock_fd = socket(AF_INET, SOCK_DGRAM, 0); diff --git a/accel-pptpd/ppp/ppp.h b/accel-pptpd/ppp/ppp.h index d880fc2a..da2fb97c 100644 --- a/accel-pptpd/ppp/ppp.h +++ b/accel-pptpd/ppp/ppp.h @@ -12,13 +12,6 @@ #define PPP_HEADERLEN 4 #define PPP_MTU 1500 -/* - * Timeouts. - */ -#define DEFTIMEOUT 3 /* Timeout time in seconds */ -#define DEFMAXTERMREQS 2 /* Maximum Terminate-Request transmissions */ -#define DEFMAXCONFREQS 10 /* Maximum Configure-Request transmissions */ -#define DEFMAXNAKLOOPS 5 /* Maximum number of nak loops */ /* * Protocol field values. @@ -48,8 +41,6 @@ #define PPP_LAYER_CCP 3 #define PPP_LAYER_IPCP 4 -#define AUTH_MAX 3 - struct ppp_t; struct ppp_ctrl_t @@ -59,6 +50,20 @@ struct ppp_ctrl_t void (*finished)(struct ppp_t*); }; +struct ppp_notified_t +{ + struct list_head entry; + void (*started)(struct ppp_notified_t *, struct ppp_t *); + void (*finished)(struct ppp_notified_t *, struct ppp_t *); + void (*authenticated)(struct ppp_notified_t *, struct ppp_t *); +}; + +struct ppp_pd_t +{ + struct list_head entry; + void *key; +}; + struct ppp_t { struct triton_md_handler_t chan_hnd; @@ -87,6 +92,8 @@ struct ppp_t struct list_head layers; struct ppp_lcp_t *lcp; + + struct list_head pd_list; }; struct ppp_layer_t; @@ -134,5 +141,10 @@ int ppp_register_layer(const char *name, struct ppp_layer_t *); void ppp_unregister_layer(struct ppp_layer_t *); struct ppp_layer_data_t *ppp_find_layer_data(struct ppp_t *, struct ppp_layer_t *); +void ppp_register_notified(struct ppp_notified_t *); +void ppp_unregister_notified(struct ppp_notified_t *); +void ppp_notify_started(struct ppp_t *ppp); +void ppp_notify_finished(struct ppp_t *ppp); + extern int sock_fd; // internet socket for ioctls #endif diff --git a/accel-pptpd/ppp/ppp_notify.c b/accel-pptpd/ppp/ppp_notify.c new file mode 100644 index 00000000..94ceb6d2 --- /dev/null +++ b/accel-pptpd/ppp/ppp_notify.c @@ -0,0 +1,34 @@ +#include "ppp.h" + +static LIST_HEAD(notified_list); + +void __export ppp_register_notified(struct ppp_notified_t *n) +{ + list_add_tail(&n->entry, ¬ified_list); +} + +void __export ppp_unregister_notified(struct ppp_notified_t *n) +{ + list_del(&n->entry); +} + +void ppp_notify_started(struct ppp_t *ppp) +{ + struct ppp_notified_t *n; + + list_for_each_entry(n, ¬ified_list, entry) { + if (n->started) + n->started(n, ppp); + } +} + +void ppp_notify_finished(struct ppp_t *ppp) +{ + struct ppp_notified_t *n; + + list_for_each_entry(n, ¬ified_list, entry) { + if (n->finished) + n->finished(n, ppp); + } +} + diff --git a/accel-pptpd/ppp/ppp_pd.c b/accel-pptpd/ppp/ppp_pd.c new file mode 100644 index 00000000..fe51bc01 --- /dev/null +++ b/accel-pptpd/ppp/ppp_pd.c @@ -0,0 +1,12 @@ +#include "ppp.h" + +int ppp_store_pd(struct ppp_t *ppp, pd_key_t key, void *data) +{ + struct ppp_pd_t *pd; + + list_for_each_entry(pd, &ppp->pd_list, entry) + if (pd->key == key) + return -1; + + +} diff --git a/accel-pptpd/pwdb.c b/accel-pptpd/pwdb.c index 37dd0c5f..8bde8fff 100644 --- a/accel-pptpd/pwdb.c +++ b/accel-pptpd/pwdb.c @@ -1,12 +1,69 @@ +#include + +#include "triton.h" + #include "pwdb.h" -#include "ppp.h" -__export int pwdb_check(struct ppp_t *ppp,const char *username,const char *password) +static LIST_HEAD(pwdb_handlers); + +int __export pwdb_cleartext_check(struct ppp_t *ppp, const char *username,const char *password) +{ + struct pwdb_t *pwdb; + int r = PWDB_NO_IMPL; + + list_for_each_entry(pwdb, &pwdb_handlers, entry) { + if (!pwdb->cleartext_check) + continue; + r = pwdb->cleartext_check(pwdb, ppp, username, password); + if (r == PWDB_NO_IMPL) + continue; + break; + } + + return r; +} +int __export pwdb_encrypted_check(struct ppp_t *ppp, const char *username, int type, ...) +{ + struct pwdb_t *pwdb; + int r = PWDB_NO_IMPL; + va_list args; + + va_start(args, type); + + list_for_each_entry(pwdb, &pwdb_handlers, entry) { + if (!pwdb->encrypted_check) + continue; + r = pwdb->encrypted_check(pwdb, ppp, username, type, args); + if (r == PWDB_NO_IMPL) + continue; + break; + } + + return r; + +} +__export const char *pwdb_get_passwd(struct ppp_t *ppp, const char *username) { - return 0; + struct pwdb_t *pwdb; + const char *r = NULL; + + list_for_each_entry(pwdb, &pwdb_handlers, entry) { + if (!pwdb->get_passwd) + continue; + r = pwdb->get_passwd(pwdb, ppp, username); + if (r) + break; + } + + return r; } -__export char *pwdb_get_passwd(struct ppp_t *ppp, const char *username) +void __export pwdb_register(struct pwdb_t *pwdb) +{ + list_add_tail(&pwdb->entry, &pwdb_handlers); +} +void __export pwdb_unregister(struct pwdb_t *pwdb) { - return strdup("test"); + list_del(&pwdb->entry); } + diff --git a/accel-pptpd/pwdb.h b/accel-pptpd/pwdb.h index 07c45b09..42f9133c 100644 --- a/accel-pptpd/pwdb.h +++ b/accel-pptpd/pwdb.h @@ -1,10 +1,29 @@ #ifndef PWDB_H #define PWDB_H +#include +#include "list.h" + struct ppp_t; -int pwdb_check(struct ppp_t*,const char *username,const char *password); -char *pwdb_get_passwd(struct ppp_t*, const char *username); +#define PWDB_SUCCESS 0 +#define PWDB_DENIED 1 +#define PWDB_NO_IMPL 2 + +struct pwdb_t +{ + struct list_head entry; + int (*cleartext_check)(struct pwdb_t *, struct ppp_t *, const char *username, const char *password); + int (*encrypted_check)(struct pwdb_t *, struct ppp_t *, const char *username, int type, va_list args); + const char* (*get_passwd)(struct pwdb_t *, struct ppp_t *, const char *username); +}; + +int pwdb_cleartext_check(struct ppp_t *, const char *username,const char *password); +int pwdb_encrypted_check(struct ppp_t *, const char *username, int type, ...); +const char *pwdb_get_passwd(struct ppp_t *, const char *username); + +void pwdb_register(struct pwdb_t *); +void pwdb_unregister(struct pwdb_t *); #endif diff --git a/accel-pptpd/radius/CMakeLists.txt b/accel-pptpd/radius/CMakeLists.txt new file mode 100644 index 00000000..a53491f6 --- /dev/null +++ b/accel-pptpd/radius/CMakeLists.txt @@ -0,0 +1,8 @@ +SET(target radius) +SET(sources + radius.c + dict.c +) + +ADD_LIBRARY(radius SHARED ${sources}) + diff --git a/accel-pptpd/radius/dict.c b/accel-pptpd/radius/dict.c new file mode 100644 index 00000000..62a25cfd --- /dev/null +++ b/accel-pptpd/radius/dict.c @@ -0,0 +1,219 @@ +#include +#include +#include +#include + +#include "list.h" +#include "radius.h" +#include "log.h" + + +struct dict_value_t +{ + struct list_head entry; + rad_value_t val; + const char *name; +}; + +struct dict_attr_t +{ + struct list_head entry; + const char *name; + int id; + int type; + rad_value_t val; + struct list_head values; +}; + +static char *skip_word(char *ptr) +{ + for(; *ptr; ptr++) + if (*ptr == ' ' || *ptr == '\t' || *ptr == '\n') + break; + return ptr; +} +static char *skip_space(char *ptr) +{ + for(; *ptr; ptr++) + if (*ptr != ' ' && *ptr != '\t') + break; + return ptr; +} +static int split(char *buf, char **ptr) +{ + int i; + + for (i = 0; i < 3; i++) { + buf = skip_word(buf); + if (!*buf) + return -1; + + *buf = 0; + + buf = skip_space(buf + 1); + if (!*buf) + return -1; + + ptr[i] = buf; + } + + buf = skip_word(buf); + if (*buf == '\n') + *buf = 0; + else if (*buf) + return -1; + + return 0; +} + +struct dict_attr_t *find_attr(struct rad_dict_t *dict, const char *name) +{ + struct dict_attr_t *attr; + + list_for_each_entry(attr, &dict->items, entry) + if (!strcmp(attr->name, name)) + return attr; + + return NULL; +} + +#define BUF_SIZE 1024 +void *rad_load_dict(const char *fname) +{ + FILE *f; + char *buf, *ptr[3], *endptr; + int n = 0; + struct rad_dict_t *dict; + struct dict_attr_t *attr; + struct dict_value_t *val; + + f = fopen(fname, "r"); + if (!f) { + log_error("radius: open dictioanary '%s': %s\n", fname, strerror(errno)); + return NULL; + } + + buf = malloc(BUF_SIZE); + if (!buf) { + log_error("radius: out of memory\n"); + fclose(f); + return NULL; + } + + dict = malloc(sizeof(*dict)); + if (!dict) { + log_error("radius: out of memory\n"); + fclose(f); + free(buf); + return NULL; + } + + INIT_LIST_HEAD(&dict->items); + + while (fgets(buf, BUF_SIZE, f)) { + n++; + if (buf[0] == '#' || buf[0] == '\n' || buf[0] == 0) + continue; + if (split(buf, ptr)) { + log_error("radius:%s:%i: syntaxis error\n", fname, n); + goto out_err; + } + if (!strcmp(buf, "ATTRIBUTE")) { + attr = malloc(sizeof(*attr)); + if (!attr) { + log_error("radius: out of memory\n"); + goto out_err; + } + memset(attr, 0, sizeof(*attr)); + INIT_LIST_HEAD(&attr->values); + list_add_tail(&attr->entry, &dict->items); + attr->name = strdup(ptr[0]); + attr->id = strtol(ptr[1], &endptr, 10); + if (*endptr != 0) { + log_error("radius:%s:%i: syntaxis error\n", fname, n); + goto out_err; + } + if (!strcmp(ptr[2], "integer")) + attr->type = ATTR_TYPE_INTEGER; + else if (!strcmp(ptr[2], "string")) + attr->type = ATTR_TYPE_STRING; + else if (!strcmp(ptr[2], "date")) + attr->type = ATTR_TYPE_DATE; + else if (!strcmp(ptr[2], "ipaddr")) + attr->type = ATTR_TYPE_IPADDR; + else { + log_error("radius:%s:%i: unknown attribute type\n", fname, n); + goto out_err; + } + } else if (!strcmp(buf, "VALUE")) { + attr = find_attr(dict, ptr[0]); + if (!attr) { + log_error("radius:%s:%i: unknown attribute\n", fname, n); + goto out_err; + } + val = malloc(sizeof(*val)); + if (!val) { + log_error("radius: out of memory\n"); + goto out_err; + } + memset(val, 0, sizeof(*val)); + list_add_tail(&val->entry, &attr->values); + val->name = strdup(ptr[1]); + switch (attr->type) { + case ATTR_TYPE_INTEGER: + val->val.integer = strtol(ptr[2], &endptr, 10); + if (*endptr != 0) { + log_error("radius:%s:%i: syntaxis error\n", fname, n); + goto out_err; + } + break; + case ATTR_TYPE_STRING: + val->val.string = strdup(ptr[2]); + break; + case ATTR_TYPE_DATE: + log_warn("radius:%s:%i: VALUE of type 'date' is not implemented yet\n", fname, n); + break; + case ATTR_TYPE_IPADDR: + log_warn("radius:%s:%i: VALUE of type 'ipaddr' is not implemented yet\n", fname, n); + break; + } + } else { + log_error("radius:%s:%i: syntaxis error\n"); + goto out_err; + } + } + + free(buf); + fclose(f); + + return dict; + +out_err: + rad_free_dict(dict); + free(buf); + fclose(f); + return NULL; +} + +void rad_free_dict(struct rad_dict_t *dict) +{ + struct dict_attr_t *attr; + struct dict_value_t *val; + + while (!list_empty(&dict->items)) { + attr = list_entry(dict->items.next, typeof(*attr), entry); + while (!list_empty(&attr->values)) { + val = list_entry(attr->values.next, typeof(*val), entry); + list_del(&val->entry); + free((char*)val->name); + if (attr->type == ATTR_TYPE_STRING) + free((char*)val->val.string); + free(val); + } + list_del(&attr->entry); + free((char*)attr->name); + free(attr); + } + free(dict); +} + diff --git a/accel-pptpd/radius/dictionary b/accel-pptpd/radius/dictionary new file mode 100644 index 00000000..caebe9d7 --- /dev/null +++ b/accel-pptpd/radius/dictionary @@ -0,0 +1,240 @@ +# +# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl +# +# This file contains dictionary translations for parsing +# requests and generating responses. All transactions are +# composed of Attribute/Value Pairs. The value of each attribute +# is specified as one of 4 data types. Valid data types are: +# +# string - 0-253 octets +# ipaddr - 4 octets in network byte order +# integer - 32 bit value in big endian order (high byte first) +# date - 32 bit value in big endian order - seconds since +# 00:00:00 GMT, Jan. 1, 1970 +# +# Enumerated values are stored in the user file with dictionary +# VALUE translations for easy administration. +# +# Example: +# +# ATTRIBUTE VALUE +# --------------- ----- +# Framed-Protocol = PPP +# 7 = 1 (integer encoding) +# + +# +# Following are the proper new names. Use these. +# +ATTRIBUTE User-Name 1 string +ATTRIBUTE Password 2 string +ATTRIBUTE CHAP-Password 3 string +ATTRIBUTE NAS-IP-Address 4 ipaddr +ATTRIBUTE NAS-Port-Id 5 integer +ATTRIBUTE Service-Type 6 integer +ATTRIBUTE Framed-Protocol 7 integer +ATTRIBUTE Framed-IP-Address 8 ipaddr +ATTRIBUTE Framed-IP-Netmask 9 ipaddr +ATTRIBUTE Framed-Routing 10 integer +ATTRIBUTE Filter-Id 11 string +ATTRIBUTE Framed-MTU 12 integer +ATTRIBUTE Framed-Compression 13 integer +ATTRIBUTE Login-IP-Host 14 ipaddr +ATTRIBUTE Login-Service 15 integer +ATTRIBUTE Login-TCP-Port 16 integer +ATTRIBUTE Reply-Message 18 string +ATTRIBUTE Callback-Number 19 string +ATTRIBUTE Callback-Id 20 string +ATTRIBUTE Framed-Route 22 string +ATTRIBUTE Framed-IPX-Network 23 ipaddr +ATTRIBUTE State 24 string +ATTRIBUTE Class 25 string +ATTRIBUTE Vendor-Specific 26 string +ATTRIBUTE Session-Timeout 27 integer +ATTRIBUTE Idle-Timeout 28 integer +ATTRIBUTE Termination-Action 29 integer +ATTRIBUTE Called-Station-Id 30 string +ATTRIBUTE Calling-Station-Id 31 string +ATTRIBUTE NAS-Identifier 32 string +ATTRIBUTE Proxy-State 33 string +ATTRIBUTE Login-LAT-Service 34 string +ATTRIBUTE Login-LAT-Node 35 string +ATTRIBUTE Login-LAT-Group 36 string +ATTRIBUTE Framed-AppleTalk-Link 37 integer +ATTRIBUTE Framed-AppleTalk-Network 38 integer +ATTRIBUTE Framed-AppleTalk-Zone 39 string +ATTRIBUTE Acct-Status-Type 40 integer +ATTRIBUTE Acct-Delay-Time 41 integer +ATTRIBUTE Acct-Input-Octets 42 integer +ATTRIBUTE Acct-Output-Octets 43 integer +ATTRIBUTE Acct-Session-Id 44 string +ATTRIBUTE Acct-Authentic 45 integer +ATTRIBUTE Acct-Session-Time 46 integer +ATTRIBUTE Acct-Input-Packets 47 integer +ATTRIBUTE Acct-Output-Packets 48 integer +ATTRIBUTE Acct-Terminate-Cause 49 integer +ATTRIBUTE Acct-Multi-Session-Id 50 string +ATTRIBUTE Acct-Link-Count 51 integer +ATTRIBUTE Event-Timestamp 55 integer +ATTRIBUTE CHAP-Challenge 60 string +ATTRIBUTE NAS-Port-Type 61 integer +ATTRIBUTE Port-Limit 62 integer +ATTRIBUTE Login-LAT-Port 63 integer +ATTRIBUTE Connect-Info 77 string + +# +# RFC3162 IPv6 attributes +# +ATTRIBUTE NAS-IPv6-Address 95 string +ATTRIBUTE Framed-Interface-Id 96 string +ATTRIBUTE Framed-IPv6-Prefix 97 string +ATTRIBUTE Login-IPv6-Host 98 string +ATTRIBUTE Framed-IPv6-Route 99 string +ATTRIBUTE Framed-IPv6-Pool 100 string + +# +# Experimental Non Protocol Attributes used by Cistron-Radiusd +# +ATTRIBUTE Huntgroup-Name 221 string +ATTRIBUTE User-Category 1029 string +ATTRIBUTE Group-Name 1030 string +ATTRIBUTE Simultaneous-Use 1034 integer +ATTRIBUTE Strip-User-Name 1035 integer +ATTRIBUTE Fall-Through 1036 integer +ATTRIBUTE Add-Port-To-IP-Address 1037 integer +ATTRIBUTE Exec-Program 1038 string +ATTRIBUTE Exec-Program-Wait 1039 string +ATTRIBUTE Hint 1040 string + +# +# Non-Protocol Attributes +# These attributes are used internally by the server +# +ATTRIBUTE Expiration 21 date +ATTRIBUTE Auth-Type 1000 integer +ATTRIBUTE Menu 1001 string +ATTRIBUTE Termination-Menu 1002 string +ATTRIBUTE Prefix 1003 string +ATTRIBUTE Suffix 1004 string +ATTRIBUTE Group 1005 string +ATTRIBUTE Crypt-Password 1006 string +ATTRIBUTE Connect-Rate 1007 integer + +# +# Integer Translations +# + +# User Types + +VALUE Service-Type Login-User 1 +VALUE Service-Type Framed-User 2 +VALUE Service-Type Callback-Login-User 3 +VALUE Service-Type Callback-Framed-User 4 +VALUE Service-Type Outbound-User 5 +VALUE Service-Type Administrative-User 6 +VALUE Service-Type NAS-Prompt-User 7 + +# Framed Protocols + +VALUE Framed-Protocol PPP 1 +VALUE Framed-Protocol SLIP 2 + +# Framed Routing Values + +VALUE Framed-Routing None 0 +VALUE Framed-Routing Broadcast 1 +VALUE Framed-Routing Listen 2 +VALUE Framed-Routing Broadcast-Listen 3 + +# Framed Compression Types + +VALUE Framed-Compression None 0 +VALUE Framed-Compression Van-Jacobson-TCP-IP 1 + +# Login Services + +VALUE Login-Service Telnet 0 +VALUE Login-Service Rlogin 1 +VALUE Login-Service TCP-Clear 2 +VALUE Login-Service PortMaster 3 + +# Status Types + +VALUE Acct-Status-Type Start 1 +VALUE Acct-Status-Type Stop 2 +VALUE Acct-Status-Type Alive 3 +VALUE Acct-Status-Type Accounting-On 7 +VALUE Acct-Status-Type Accounting-Off 8 + +# Authentication Types + +VALUE Acct-Authentic RADIUS 1 +VALUE Acct-Authentic Local 2 +VALUE Acct-Authentic PowerLink128 100 + +# Termination Options + +VALUE Termination-Action Default 0 +VALUE Termination-Action RADIUS-Request 1 + +# NAS Port Types, available in 3.3.1 and later + +VALUE NAS-Port-Type Async 0 +VALUE NAS-Port-Type Sync 1 +VALUE NAS-Port-Type ISDN 2 +VALUE NAS-Port-Type ISDN-V120 3 +VALUE NAS-Port-Type ISDN-V110 4 + +# Acct Terminate Causes, available in 3.3.2 and later + +VALUE Acct-Terminate-Cause User-Request 1 +VALUE Acct-Terminate-Cause Lost-Carrier 2 +VALUE Acct-Terminate-Cause Lost-Service 3 +VALUE Acct-Terminate-Cause Idle-Timeout 4 +VALUE Acct-Terminate-Cause Session-Timeout 5 +VALUE Acct-Terminate-Cause Admin-Reset 6 +VALUE Acct-Terminate-Cause Admin-Reboot 7 +VALUE Acct-Terminate-Cause Port-Error 8 +VALUE Acct-Terminate-Cause NAS-Error 9 +VALUE Acct-Terminate-Cause NAS-Request 10 +VALUE Acct-Terminate-Cause NAS-Reboot 11 +VALUE Acct-Terminate-Cause Port-Unneeded 12 +VALUE Acct-Terminate-Cause Port-Preempted 13 +VALUE Acct-Terminate-Cause Port-Suspended 14 +VALUE Acct-Terminate-Cause Service-Unavailable 15 +VALUE Acct-Terminate-Cause Callback 16 +VALUE Acct-Terminate-Cause User-Error 17 +VALUE Acct-Terminate-Cause Host-Request 18 + +# +# Non-Protocol Integer Translations +# + +VALUE Auth-Type Local 0 +VALUE Auth-Type System 1 +VALUE Auth-Type SecurID 2 +VALUE Auth-Type Crypt-Local 3 +VALUE Auth-Type Reject 4 + +# +# Cistron extensions +# +VALUE Auth-Type Pam 253 +VALUE Auth-Type Accept 254 + +# +# Experimental Non-Protocol Integer Translations for Cistron-Radiusd +# +VALUE Fall-Through No 0 +VALUE Fall-Through Yes 1 +VALUE Add-Port-To-IP-Address No 0 +VALUE Add-Port-To-IP-Address Yes 1 + +# +# Configuration Values +# uncomment these two lines to turn account expiration on +# + +#VALUE Server-Config Password-Expiration 30 +#VALUE Server-Config Password-Warning 5 + diff --git a/accel-pptpd/radius/radius.c b/accel-pptpd/radius/radius.c new file mode 100644 index 00000000..10fef65f --- /dev/null +++ b/accel-pptpd/radius/radius.c @@ -0,0 +1,74 @@ +#include +#include +#include +#include + +#include "ppp.h" +#include "pwdb.h" +#include "radius.h" + +struct radius_pd_t +{ + struct ppp_pd_t pd; + struct ppp_t *ppp; +}; + +static struct ppp_notified_t notified; + +int cleartext_check(struct pwdb_t *pwdb, struct ppp_t *ppp, const char *username, const char *password) +{ + return PWDB_NO_IMPL; +} +int encrypted_check(struct pwdb_t *pwdb, struct ppp_t *ppp, const char *username, int type, va_list args) +{ + return PWDB_NO_IMPL; +} + + +static void ppp_started(struct ppp_notified_t *n, struct ppp_t *ppp) +{ + struct radius_pd_t *pd = malloc(sizeof(*pd)); + + memset(pd, 0, sizeof(*pd)); + pd->pd.key = n; + pd->ppp = ppp; + list_add_tail(&pd->pd.entry, &ppp->pd_list); +} + +static void ppp_finished(struct ppp_notified_t *n, struct ppp_t *ppp) +{ + struct ppp_pd_t *pd; + struct radius_pd_t *rpd; + + list_for_each_entry(pd, &ppp->pd_list, entry) { + if (pd->key == ¬ified) { + rpd = container_of(pd, typeof(*rpd), pd); + list_del(&pd->entry); + free(rpd); + return; + } + } +} + +struct pwdb_t pwdb = { + .cleartext_check = cleartext_check, + .encrypted_check = encrypted_check, +}; + +static struct ppp_notified_t notified = { + .started = ppp_started, + .finished = ppp_finished, +}; + +static void __init radius_init(void) +{ + char *dict = conf_get_opt("radius", "dictionary"); + if (!dict) { + fprintf(stderr, "radius: dictionary not specified\n"); + _exit(EXIT_FAILURE); + } + if (!rad_load_dict(dict)) + _exit(EXIT_FAILURE); + ppp_register_notified(¬ified); +} + diff --git a/accel-pptpd/radius/radius.h b/accel-pptpd/radius/radius.h new file mode 100644 index 00000000..aac1cd00 --- /dev/null +++ b/accel-pptpd/radius/radius.h @@ -0,0 +1,28 @@ +#ifndef __RADIUS_H +#define __RADIUS_H + +#include + +#define ATTR_TYPE_INTEGER 0 +#define ATTR_TYPE_STRING 1 +#define ATTR_TYPE_DATE 2 +#define ATTR_TYPE_IPADDR 3 + +typedef union +{ + int integer; + const char *string; + time_t date; + in_addr_t ipaddr; +} rad_value_t; + +struct rad_dict_t +{ + struct list_head items; +}; + +void *rad_load_dict(const char *fname); +void rad_free_dict(struct rad_dict_t *dict); + +#endif + -- cgit v1.2.3 From 45243dd2f2be49cd91be1dc28932e6c9040db6a1 Mon Sep 17 00:00:00 2001 From: Kozlov Dmitry Date: Mon, 6 Sep 2010 18:27:02 +0400 Subject: working on radius module --- accel-pptpd/accel-pptpd.conf | 4 + accel-pptpd/ctrl/pptp.c | 1 - accel-pptpd/pwdb.c | 31 ++---- accel-pptpd/pwdb.h | 6 +- accel-pptpd/radius/CMakeLists.txt | 2 + accel-pptpd/radius/dict.c | 55 +++++----- accel-pptpd/radius/packet.c | 172 ++++++++++++++++++++++++++++++ accel-pptpd/radius/radius.c | 105 +++++++++++++++--- accel-pptpd/radius/radius.h | 74 ++++++++++++- accel-pptpd/radius/req.c | 216 ++++++++++++++++++++++++++++++++++++++ accel-pptpd/triton/CMakeLists.txt | 1 + accel-pptpd/triton/event.c | 103 ++++++++++++++++++ accel-pptpd/triton/triton.h | 4 + accel-pptpd/triton/triton_p.h | 9 +- 14 files changed, 714 insertions(+), 69 deletions(-) create mode 100644 accel-pptpd/radius/packet.c create mode 100644 accel-pptpd/radius/req.c create mode 100644 accel-pptpd/triton/event.c (limited to 'accel-pptpd/pwdb.h') diff --git a/accel-pptpd/accel-pptpd.conf b/accel-pptpd/accel-pptpd.conf index 9b635340..47480220 100644 --- a/accel-pptpd/accel-pptpd.conf +++ b/accel-pptpd/accel-pptpd.conf @@ -15,3 +15,7 @@ echo-interval=3 [radius] dictionary=dictionary +nas-identifier=pptp +nas-ip-address=192.168.10.20 +auth_server=127.0.0.1:1812,secret +acct_server=127.0.0.1:1812,secret diff --git a/accel-pptpd/ctrl/pptp.c b/accel-pptpd/ctrl/pptp.c index b503d85e..66c09786 100644 --- a/accel-pptpd/ctrl/pptp.c +++ b/accel-pptpd/ctrl/pptp.c @@ -529,7 +529,6 @@ static void __init pptp_init(void) addr.sin_port = htons (PPTP_PORT); addr.sin_addr.s_addr = htonl (INADDR_ANY); if (bind (serv.hnd.fd, (struct sockaddr *) &addr, sizeof (addr)) < 0) { - perror("pptp: bind"); log_error("pptp: failed to bind socket: %s\n", strerror(errno)); close(serv.hnd.fd); return; diff --git a/accel-pptpd/pwdb.c b/accel-pptpd/pwdb.c index 8bde8fff..1b682a40 100644 --- a/accel-pptpd/pwdb.c +++ b/accel-pptpd/pwdb.c @@ -6,41 +6,26 @@ static LIST_HEAD(pwdb_handlers); -int __export pwdb_cleartext_check(struct ppp_t *ppp, const char *username,const char *password) +int __export pwdb_check(struct ppp_t *ppp, const char *username, int type, ...) { struct pwdb_t *pwdb; - int r = PWDB_NO_IMPL; - - list_for_each_entry(pwdb, &pwdb_handlers, entry) { - if (!pwdb->cleartext_check) - continue; - r = pwdb->cleartext_check(pwdb, ppp, username, password); - if (r == PWDB_NO_IMPL) - continue; - break; - } - - return r; -} -int __export pwdb_encrypted_check(struct ppp_t *ppp, const char *username, int type, ...) -{ - struct pwdb_t *pwdb; - int r = PWDB_NO_IMPL; + int r, res = PWDB_NO_IMPL; va_list args; va_start(args, type); list_for_each_entry(pwdb, &pwdb_handlers, entry) { - if (!pwdb->encrypted_check) + if (!pwdb->check) continue; - r = pwdb->encrypted_check(pwdb, ppp, username, type, args); + r = pwdb->check(pwdb, ppp, username, type, args); if (r == PWDB_NO_IMPL) continue; - break; + if (r == PWDB_SUCCESS) + return PWDB_SUCCESS; + res = r; } - return r; - + return res; } __export const char *pwdb_get_passwd(struct ppp_t *ppp, const char *username) { diff --git a/accel-pptpd/pwdb.h b/accel-pptpd/pwdb.h index 42f9133c..d3495435 100644 --- a/accel-pptpd/pwdb.h +++ b/accel-pptpd/pwdb.h @@ -13,13 +13,11 @@ struct ppp_t; struct pwdb_t { struct list_head entry; - int (*cleartext_check)(struct pwdb_t *, struct ppp_t *, const char *username, const char *password); - int (*encrypted_check)(struct pwdb_t *, struct ppp_t *, const char *username, int type, va_list args); + int (*check)(struct pwdb_t *, struct ppp_t *, const char *username, int type, va_list args); const char* (*get_passwd)(struct pwdb_t *, struct ppp_t *, const char *username); }; -int pwdb_cleartext_check(struct ppp_t *, const char *username,const char *password); -int pwdb_encrypted_check(struct ppp_t *, const char *username, int type, ...); +int pwdb_check(struct ppp_t *, const char *username, int type, ...); const char *pwdb_get_passwd(struct ppp_t *, const char *username); void pwdb_register(struct pwdb_t *); diff --git a/accel-pptpd/radius/CMakeLists.txt b/accel-pptpd/radius/CMakeLists.txt index a53491f6..17a85784 100644 --- a/accel-pptpd/radius/CMakeLists.txt +++ b/accel-pptpd/radius/CMakeLists.txt @@ -2,6 +2,8 @@ SET(target radius) SET(sources radius.c dict.c + req.c + packet.c ) ADD_LIBRARY(radius SHARED ${sources}) diff --git a/accel-pptpd/radius/dict.c b/accel-pptpd/radius/dict.c index 62a25cfd..992d7d40 100644 --- a/accel-pptpd/radius/dict.c +++ b/accel-pptpd/radius/dict.c @@ -7,23 +7,7 @@ #include "radius.h" #include "log.h" - -struct dict_value_t -{ - struct list_head entry; - rad_value_t val; - const char *name; -}; - -struct dict_attr_t -{ - struct list_head entry; - const char *name; - int id; - int type; - rad_value_t val; - struct list_head values; -}; +static struct rad_dict_t *dict; static char *skip_word(char *ptr) { @@ -78,26 +62,25 @@ struct dict_attr_t *find_attr(struct rad_dict_t *dict, const char *name) } #define BUF_SIZE 1024 -void *rad_load_dict(const char *fname) +int rad_dict_load(const char *fname) { FILE *f; char *buf, *ptr[3], *endptr; int n = 0; - struct rad_dict_t *dict; struct dict_attr_t *attr; struct dict_value_t *val; f = fopen(fname, "r"); if (!f) { log_error("radius: open dictioanary '%s': %s\n", fname, strerror(errno)); - return NULL; + return -1; } buf = malloc(BUF_SIZE); if (!buf) { log_error("radius: out of memory\n"); fclose(f); - return NULL; + return -1; } dict = malloc(sizeof(*dict)); @@ -105,7 +88,7 @@ void *rad_load_dict(const char *fname) log_error("radius: out of memory\n"); fclose(f); free(buf); - return NULL; + return -1; } INIT_LIST_HEAD(&dict->items); @@ -186,16 +169,16 @@ void *rad_load_dict(const char *fname) free(buf); fclose(f); - return dict; + return 0; out_err: - rad_free_dict(dict); + rad_dict_free(dict); free(buf); fclose(f); - return NULL; + return -1; } -void rad_free_dict(struct rad_dict_t *dict) +void rad_dict_free(struct rad_dict_t *dict) { struct dict_attr_t *attr; struct dict_value_t *val; @@ -217,3 +200,23 @@ void rad_free_dict(struct rad_dict_t *dict) free(dict); } +struct rad_dict_attr_t *rad_dict_find_attr(const char *name) +{ + struct rad_dict_attr_t *attr; + + list_for_each_entry(attr, &dict->items, entry) + if (!strcmp(attr->name, name)) + return attr; + + return NULL; +} +struct rad_dict_value_t *rad_dict_find_val(struct rad_dict_attr_t *attr, const char *name) +{ + struct rad_dict_value_t *val; + + list_for_each_entry(val, &attr->values, entry) + if (!strcmp(val->name, name)) + return val; + + return NULL; +} diff --git a/accel-pptpd/radius/packet.c b/accel-pptpd/radius/packet.c new file mode 100644 index 00000000..a22a611e --- /dev/null +++ b/accel-pptpd/radius/packet.c @@ -0,0 +1,172 @@ +#include +#include +#include +#include +#include + +#include "radius.h" + +static int urandom_fd; + +int rad_packet_build(struct rad_packet_t *pack) +{ + struct rad_req_attr_t *attr; + uint8_t *ptr; + + ptr = malloc(pack->len); + if (!ptr) { + log_error("radius:packet: out of memory\n"); + return -1; + } + + *ptr = pack->code; ptr++; + *ptr = pack->id; ptr++; + *(uint16_t*)ptr = pack->len; pt r+= 2; + while (1) { + if (read(erandom_fd, ptr, 16) != 16) { + if (errno == EINTR) + continue; + log_error("radius:packet:read urandom: %s\n", strerror(errno)); + goto out_err; + } + break; + } + ptr+=16; + + list_for_each_entry(attr, &pack->attrs, entry) { + *ptr = attr->attr.id; ptr++; + *ptr = attr->len; ptr++; + switch(attr->attr.type) { + case ATTR_TYPE_INTEGER: + *(uint32_t*)ptr = attr->val.integer; + break; + case ATTR_TYPE_STRING: + memcpy(ptr, attr->val.string); + break; + case ATTR_TYPE_IPADDR: + *(in_addr_t*)ptr = attr->val.ipaddr; + break; + case ATTR_TYPE_DATE: + *(uint32_t*)ptr = attr->val.date; + break; + default: + log_error("radius:packet: unknown attribute type\n"); + abort(); + } + ptr += attr->len; + } + + return 0; +} + +struct rad_packet_t *rad_packet_recv(int fd) +{ + struct rad_packet_t *pack; + struct rad_req_attr_t *attr; + struct rad_dict_attr_t *da; + uint8_t *ptr; + int n, type, len; + + pack = malloc(sizeof(*pack)); + if (!pack) { + log_error("radius:packet: out of memory\n"); + return NULL; + } + + memset(pack, 0, sizeof(*pack)); + INIT_LIST_HEAD(&pack->attrs); + + pack->buf = malloc(REQ_MAX_LENGTH); + if (!pack->buf) { + log_error("radius:packet: out of memory\n"); + free(pack); + return NULL; + } + + while (1) { + n = read(fd, pack->buf, REQ_MAX_LENGTH); + if (n < 0) { + if (errno == EINTR) + continue; + log_error("radius:packet:read: %s\n", strerror(errno)); + goto out_err; + } + break; + } + + if (n < 20) { + log_warn("radius:packet: short packed received (%i)\n", n); + goto out_err; + } + + ptr = (uint8_t *)pack->buf; + + pack->code = *ptr; ptr++; + pack->id = *ptr; ptr++; + pack->len = *(uint16_t*)ptr; ptr += 2; + + if (pack->len > n) { + log_warn("radius:packet: short packet received %i, expected %i\n", pack->len, n); + goto out_err; + } + + ptr += 16; + n -= 20; + + while (n>0) { + type = *ptr; ptr++; + len = *ptr; ptr++; + if (2 + len > n) { + log_error("radius:packet: too long attribute received (%i, %i)\n", type, len); + goto out_err; + } + da = rad_dict_find_attr_type(n); + if (da) { + attr = malloc(sizeof(*attr)); + if (!attr) { + log_error("radius:packet: out of memory\n"); + goto out_err; + } + attr->attr = da; + attr->type = type; + attr->len = len; + if (type == ATTR_TYPE_STRING) { + attr->val.string = malloc(len); + if (!attr->val.string) { + log_error("radius:packet: out of memory\n"); + free(attr); + goto out_err; + } + } else + memcpy(&attr->type.integer, ptr, 4); + list_add_tail(&attr->entry, &pack->attrs); + } else + log_warn("radius:packet: unknown attribute type received (%i)\n", type); + ptr += len; + n -= 2 + len; + } + + return pack; + +out_err: + rad_packet_free(pack); + return NULL; +} + +void rad_packet_free(struct rad_packet_t *pack) +{ + struct rad_req_attr_t *attr; + + if (pack->buf) + free(pack->buf); + + while(!list_empty(&pack->attrs)) { + attr = list_entry(pack->attrs.next, typeof(*attr), entry); + if (attr->attr.type == ATTR_TYPE_STRING) + free(attr->val.string); + list_del(&attr->entry); + free(attr); + } + + free(pack); +} diff --git a/accel-pptpd/radius/radius.c b/accel-pptpd/radius/radius.c index 10fef65f..4d020d5b 100644 --- a/accel-pptpd/radius/radius.c +++ b/accel-pptpd/radius/radius.c @@ -7,23 +7,105 @@ #include "pwdb.h" #include "radius.h" -struct radius_pd_t +static struct ppp_notified_t notified; + +static int check_pap(struct radius_pd_t *rpd, const char *username, va_list args) { - struct ppp_pd_t pd; - struct ppp_t *ppp; -}; + struct rad_req_t *req; + int i, r = PWDB_DENIED; + int id = va_arg(args, int); + const char *passwd = va_arg(args, const char *); -static struct ppp_notified_t notified; + req = rad_req_alloc(rpd, CODE_ACCESS_REQUEST); + if (!req) + return PWDB_DENIED; + + if (rad_req_add_str(req, "User-Password", passwd, strlen(passwd))) + goto out; + + for(i = 0; i < max_try; i++) { + if (rad_req_send(req)) + goto out; + + if (rad_req_wait(req, timeout)) + goto out; + + if (req->answer) + break; + } + +out: + rad_req_free(req); + + return r; +} + +static int check_chap_md5(struct radius_pd_t *rpd, const char *username, va_list args) +{ + int id = va_arg(args, int); + const uint8_t *challenge = va_arg(args, const uint8_t *); +} -int cleartext_check(struct pwdb_t *pwdb, struct ppp_t *ppp, const char *username, const char *password) +static int check_mschap_v1(struct radius_pd_t *rpd, const char *username, va_list args) { - return PWDB_NO_IMPL; + int id = va_arg(args, int); + const uint8_t *challenge = va_arg(args, const uint8_t *); + const uint8_t *lm_response = va_arg(args, const uint8_t *); + const uint8_t *nt_response = va_arg(args, const uint8_t *); + int flags = va_arg(args, int); } -int encrypted_check(struct pwdb_t *pwdb, struct ppp_t *ppp, const char *username, int type, va_list args) + +static int check_mschap_v2(struct radius_pd_t *rpd, const char *username, va_list args) { - return PWDB_NO_IMPL; + int id = va_arg(args, int); + const uint8_t *challenge = va_arg(args, const uint8_t *); + const uint8_t *peer_challenge = va_arg(args, const uint8_t *); + const uint8_t *response = va_arg(args, const uint8_t *); + int flags = va_arg(args, int); + uint8_t *authenticator = va_arg(args, uint8_t *); } +static int check(struct pwdb_t *pwdb, struct ppp_t *ppp, const char *username, int type, va_list _args) +{ + int r = PWDB_NO_IMPL; + va_list args; + int chap_type; + struct ppp_pd_t *pd; + struct radius_pd_t *rpd = NULL; + + list_for_each_entry(pd, &ppp->pd_list, entry) { + if (pd->key == ¬ified) { + rpd = container_of(pd, typeof(*rpd), pd); + break; + } + } + + va_copy(args, _args); + + switch(type) { + case PPP_PAP: + r = check_pap(rpd, username, args); + break; + case PPP_CHAP: + chap_type = va_arg(args, int); + switch(chap_type) { + case 0x05: + r = check_chap_md5(rpd, username, args); + break; + case 0x80: + r = check_mschap_v1(rpd, username, args); + break; + case 0x81: + r = check_mschap_v2(rpd, username, args); + break; + } + break; + } + + va_end(args); + + return r; +} static void ppp_started(struct ppp_notified_t *n, struct ppp_t *ppp) { @@ -50,9 +132,8 @@ static void ppp_finished(struct ppp_notified_t *n, struct ppp_t *ppp) } } -struct pwdb_t pwdb = { - .cleartext_check = cleartext_check, - .encrypted_check = encrypted_check, +static struct pwdb_t pwdb = { + .check = check, }; static struct ppp_notified_t notified = { diff --git a/accel-pptpd/radius/radius.h b/accel-pptpd/radius/radius.h index aac1cd00..3fe78621 100644 --- a/accel-pptpd/radius/radius.h +++ b/accel-pptpd/radius/radius.h @@ -2,12 +2,23 @@ #define __RADIUS_H #include +#include "triton.h" + +#define REQ_LENGTH_MAX 4096 #define ATTR_TYPE_INTEGER 0 #define ATTR_TYPE_STRING 1 #define ATTR_TYPE_DATE 2 #define ATTR_TYPE_IPADDR 3 +#define CODE_ACCESS_REQUEST 1 + +struct radius_pd_t +{ + struct ppp_pd_t pd; + struct ppp_t *ppp; +}; + typedef union { int integer; @@ -21,8 +32,67 @@ struct rad_dict_t struct list_head items; }; -void *rad_load_dict(const char *fname); -void rad_free_dict(struct rad_dict_t *dict); +struct rad_dict_value_t +{ + struct list_head entry; + rad_value_t val; + const char *name; +}; + +struct rad_dict_attr_t +{ + struct list_head entry; + const char *name; + int id; + int type; + struct list_head values; +}; + +struct rad_req_attr_t +{ + struct list_head entry; + struct rad_dict_attr_t *attr; + //struct rad_dict_value_t *val; + rad_value_t val; +}; + +struct rad_packet_t +{ + int code; + int id; + struct list_head attrs; + void *buf; +}; +struct rad_req_t +{ + struct triton_md_handler_t hnd; + struct triton_timer_t timeout; + struct rad_packet_t pack; + struct rad_packet_t *answer; + const char *server_host; + int server_port; + + struct radius_pd_t *rpd; +}; + + +int rad_dict_load(const char *fname); +void rad_dict_free(struct rad_dict_t *dict); +struct rad_dict_attr_t *rad_dict_find_attr(const char *name); +struct rad_dict_attr_t *rad_dict_find_attr_type(int type); +struct rad_dict_value_t *rad_dict_find_val(struct rad_dict_attr_t *, const char *name); + +struct rad_req_t *rad_rec_alloc(struct radius_pd_t *rpd, int code); +void rad_rec_free(struct rad_req_t *); +int rad_req_send(struct rad_req_t *); +int rad_req_add_int(struct rad_req_t *req, const char *name, int val); +int rad_req_add_val(struct rad_req_t *req, const char *name, const char *val, int len); +int rad_req_add_str(struct rad_req_t *req, const char *name, const char *val, int len); + +int rad_packet_build(struct rad_packet_t *pack); +struct rad_packet_t *rad_packet_recv(int fd); +void rad_packet_free(struct rad_packet_t *); + #endif diff --git a/accel-pptpd/radius/req.c b/accel-pptpd/radius/req.c new file mode 100644 index 00000000..d03ea9ae --- /dev/null +++ b/accel-pptpd/radius/req.c @@ -0,0 +1,216 @@ +#include +#include + +#include "triton.h" +#include "radius.h" + + +static int rad_req_read(struct triton_md_handler_t *h); +static void rd_req_timeout(struct triton_timer_t *t); + +struct rad_req_t *rad_rec_alloc(struct radius_pd_t *rpd, int code, const char *username); +{ + struct rad_req_t *req = malloc(sizeof(*req)); + + if (!req) + return NULL; + + memset(req, 0, sizeof(*req)); + INIT_LIST_HEAD(&req->pack.attrs); + req->rpd = rpd; + req->pack.code = code; + req->pack.len = 20; + req->hnd.fd = -1; + req->hnd.read = rad_req_read; + req->hnd.timeout.exoire = rad_req_timeout; + + if (rad_req_add_str(req, "User-Name", username, strlen(username))) + goto out_err; + if (conf_nas_identifier) + if (rad_req_add_str(req, "NAS-Identifier", conf_nas_identifier, strlen(conf_nas_identifier))) + goto out_err; + if (rad_req_add_int(req, "NAS-Port-Id", rpd->ppp->unit_idx, 4)) + goto out_err; + if (rad_req_add_str(req, "NAS-Port-Type", "Sync", 4)) + goto out_err; + if (rad_req_add_str(req, "Service-Type", "Framed-User", 11)) + goto out_err; + if (rad_req_add_str(req, "Framed-Protocol", "PPP", 3)) + goto out_err; + + return req; +} + +void rad_rec_free(struct rad_req_t *) +{ + +} + +int rad_req_send(struct rad_req_t *req) +{ + struct sockaddr_in addr; + int n; + + if (req->hnd.fd == -1) { + req->hnd.fd = socket(PF_INET, SOCK_DGRAM ,0); + if (!req->hnd.fd) { + log_error("radius:socket: %s\n", strerror(errno)); + return -1; + } + + if (conf_nas_ip_address) { + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = htonl(conf_nas_ip_address); + if (bind(req->hnd.fd, (struct sockaddr *) &addr, sizeof(addr))) { + log_error("radius:bind: %s\n", strerror(errno)); + goto out_err; + } + } + + addr.sin_addr.s_addr = htonl(req->server_name); + addr.sin_port = htons(req->server_port); + + if (connect(req->hnd.fd (struct sockaddr *) &addr, sizeof(addr))) { + log_error("radius:connect: %s\n", strerror(errno)); + goto out_err; + } + + if (fcntl(req->hnd.fd, F_SETFL, O_NONBLOCK)) { + log_error("radius: failed to set nonblocking mode: %s\n", strerror(errno)); + goto out_err; + } + + if (rad_packet_build(&req->pack)) + goto out_err; + } + + while (1) { + n = write(req->hnd.fd, req->pack.buf, req->pack.len); + if (n < 0) { + if (errno == EINTR) + continue; + log_error("radius:write: %s\n", strerror(errno)); + goto out_err_free_pack; + } else if (n != req->pack.len) { + log_error("radius:write: short write %i, excpected %i\n", n, req->pack.len); + goto out_err_free_pack; + } + break; + } + + return 0; + +out_err_free_pack: + rad_packet_free(&req->pack); +out_err: + close(req->hnd.fd); + req->hnd.fd = -1; + return -1; +} + +int rad_req_add_int(struct rad_req_t *req, const char *name, int val) +{ + struct rad_req_attr_t *ra; + struct rad_dict_attr_t *attr; + + if (req->len + 2 + 4 >= REQ_LENGTH_MAX) + return -1; + + attr = rad_dict_find_attr(name); + if (!attr) + return -1; + + ra = malloc(sizeof(*ra)); + if (!ra) + return -1; + + ra->attr = attr; + ra->val.integer = val; + list_add_tail(&ra->entry, &req->pack.attrs); + req->len += 2 + 4; + + return 0; +} + +int rad_req_add_str(struct rad_req_t *req, const char *name, const char *val, int len) +{ + struct rad_req_attr_t *ra; + struct rad_dict_attr_t *attr; + + if (req->len + 2 + len >= REQ_LENGTH_MAX) + return -1; + + attr = rad_dict_find_attr(name); + if (!attr) + return -1; + + ra = malloc(sizeof(*ra)); + if (!ra) + return -1; + + ra->attr = attr; + ra->val.string = stdrdup(val); + list_add_tail(&ra->entry, &req->pack.attrs); + req->len += 2 + len; + + return 0; +} + +int rad_req_add_val(struct rad_req_t *req, const char *name, const char *val, int len) +{ + struct rad_req_attr_t *ra; + struct rad_dict_attr_t *attr; + struct rad_dict_value_t *v; + + if (req->len + 2 + len >= REQ_LENGTH_MAX) + return -1; + + attr = rad_dict_find_attr(name); + if (!attr) + return -1; + + v = rad_dict_find_val(attr, val); + if (!v) + return -1; + + ra = malloc(sizeof(*ra)); + if (!ra) + return -1; + + ra->attr = attr; + ra->val = v->val; + list_add_tail(&ra->entry, &req->attrs.pack); + req->len += 2 + len; + + return 0; +} + +static int rad_req_read(struct triton_md_handler_t *h) +{ + struct rad_req_t *req = container_of(h, typeof(*req), hnd); + + req->answer = rad_packet_recv(h->hnd.fd); +} +static void rd_req_timeout(struct triton_timer_t *t) +{ +} + +int rad_req_wait(struct rad_req_t *req) +{ + if (triton_md_register_handler(req->rpd->ppp->ctrl->ctx, &req->hnd)) + return -1; + if (triton_md_enable_handler(&req->hnd, MD_MODE_READ)) + return -1; + + req->timeout.period = conf_timeout * 1000; + if (triton_timer_add(&req->timeout)) + return -1; + + triton_ctx_schedule(&req->hnd, &req->timeout); + + triton_timer_del(&req->timeout); + triton_md_unregister_handler(&req->hnd); + + return 0; +} + diff --git a/accel-pptpd/triton/CMakeLists.txt b/accel-pptpd/triton/CMakeLists.txt index fd6b5182..41339d97 100644 --- a/accel-pptpd/triton/CMakeLists.txt +++ b/accel-pptpd/triton/CMakeLists.txt @@ -7,6 +7,7 @@ SET(sources_c loader.c log.c mempool.c + event.c ) INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}) ADD_DEFINITIONS("-DUSE_SPINLOCK") diff --git a/accel-pptpd/triton/event.c b/accel-pptpd/triton/event.c new file mode 100644 index 00000000..17483ec7 --- /dev/null +++ b/accel-pptpd/triton/event.c @@ -0,0 +1,103 @@ +#include +#include +#include + +#include "triton_p.h" + +static int max_events = 1024; +static struct _triton_event_t **events; + +struct event_handler_t +{ + struct list_head entry; + triton_event_func func; +}; + +int event_init(void) +{ + events = malloc(max_events * sizeof(void *)); + if (!events) { + fprintf(stderr,"event:cann't allocate memory\n"); + return -1; + } + + memset(events, 0, max_events * sizeof(void *)); + + return 0; +} + +int triton_event_register_handler(int ev_id, triton_event_func func) +{ + struct _triton_event_t *ev; + struct event_handler_t *h; + + if (ev_id >= max_events) + return -1; + + ev = events[ev_id]; + if (!ev) { + ev = malloc(sizeof(*ev)); + if (!ev) { + triton_log_error("event: out of memory\n"); + return -1; + } + INIT_LIST_HEAD(&ev->handlers); + events[ev_id] = ev; + } + + h = malloc(sizeof(*h)); + if (!h) { + triton_log_error("event: out of memory\n"); + return -1; + } + + h->func = func; + list_add_tail(&h->entry, &ev->handlers); + + return 0; +} + +/*int triton_event_unregister_handler(int ev_id, triton_event_func func) +{ + struct _triton_event_t *ev; + struct event_handler_t *h; + + if (ev_id >= max_events) + return -1; + + ev = events[ev_id]; + if (!ev) { + return -1; + } + + list_for_each_entry(h, &ev->handlers, entry) { + if (h->func == func) { + if (ev->in_progress) + h->func = NULL; + else { + list_del(&h->entry); + free(h); + } + return 0; + } + } + + return -1; +}*/ + +void triton_event_fire(int ev_id, void *arg) +{ + struct _triton_event_t *ev; + struct event_handler_t *h; + + if (ev_id >= max_events) + return; + + ev = events[ev_id]; + if (!ev) + return; + + list_for_each_entry(h, &ev->handlers, entry) + h->func(arg); +} + diff --git a/accel-pptpd/triton/triton.h b/accel-pptpd/triton/triton.h index 1009d67a..d130d86e 100644 --- a/accel-pptpd/triton/triton.h +++ b/accel-pptpd/triton/triton.h @@ -55,6 +55,10 @@ int triton_timer_add(struct triton_ctx_t *ctx, struct triton_timer_t*,int abs_ti int triton_timer_mod(struct triton_timer_t *,int abs_time); void triton_timer_del(struct triton_timer_t *); +typedef void (*triton_event_func)(void *); +int triton_event_register_handler(int ev_id, triton_event_func func); +void triton_event_fire(int ev_id, void *arg); + struct conf_sect_t *conf_get_section(const char *name); char *conf_get_opt(const char *sect, const char *name); diff --git a/accel-pptpd/triton/triton_p.h b/accel-pptpd/triton/triton_p.h index 0f7e7160..c31efd6e 100644 --- a/accel-pptpd/triton/triton_p.h +++ b/accel-pptpd/triton/triton_p.h @@ -57,6 +57,11 @@ struct _triton_timer_t struct triton_timer_t *ud; }; +struct _triton_event_t +{ + struct list_head handlers; +}; + typedef void * mempool_t; mempool_t *mempool_create(int size); void *mempool_alloc(mempool_t*); @@ -64,9 +69,11 @@ void mempool_free(void*); int log_init(void); int md_init(); +int timer_init(); +int event_init(); + void md_run(); void md_terminate(); -int timer_init(); void timer_run(); void timer_terminate(); struct triton_ctx_t *default_ctx; -- cgit v1.2.3 From 4c6469a9fd820db713251a645ac2499782f796ed Mon Sep 17 00:00:00 2001 From: Kozlov Dmitry Date: Wed, 8 Sep 2010 15:51:29 +0400 Subject: radius: implemented packet exchange radius: implemented PAP authorization radius: implemented IP assigning triton: implemented userspace context switching and other stuff --- accel-pptpd/accel-pptpd.conf | 13 ++- accel-pptpd/auth/auth_chap_md5.c | 4 +- accel-pptpd/auth/auth_mschap_v1.c | 4 +- accel-pptpd/auth/auth_mschap_v2.c | 4 +- accel-pptpd/auth/auth_pap.c | 25 +++-- accel-pptpd/ctrl/pptp.c | 14 +-- accel-pptpd/ipdb.c | 25 ++++- accel-pptpd/ipdb.h | 15 ++- accel-pptpd/ppp/ipcp_opt_ipaddr.c | 10 +- accel-pptpd/ppp/ppp.c | 18 +++- accel-pptpd/ppp/ppp.h | 6 +- accel-pptpd/ppp/ppp_auth.c | 6 +- accel-pptpd/ppp/ppp_ccp.c | 29 +++--- accel-pptpd/ppp/ppp_fsm.c | 14 ++- accel-pptpd/ppp/ppp_fsm.h | 6 +- accel-pptpd/ppp/ppp_ipcp.c | 53 ++++++---- accel-pptpd/ppp/ppp_ipcp.h | 1 + accel-pptpd/ppp/ppp_lcp.c | 35 +++++-- accel-pptpd/ppp/ppp_lcp.h | 1 + accel-pptpd/pwdb.c | 4 +- accel-pptpd/pwdb.h | 4 +- accel-pptpd/radius/dict.c | 26 ++++- accel-pptpd/radius/packet.c | 169 ++++++++++++++++++++++--------- accel-pptpd/radius/radius.c | 202 ++++++++++++++++++++++++++++++++++---- accel-pptpd/radius/radius.h | 26 +++-- accel-pptpd/radius/req.c | 145 ++++++++++++++++++--------- accel-pptpd/triton/md.c | 6 +- accel-pptpd/triton/timer.c | 6 +- accel-pptpd/triton/triton.c | 172 ++++++++++++++++++++++---------- accel-pptpd/triton/triton.h | 17 ++-- accel-pptpd/triton/triton_p.h | 27 +++-- 31 files changed, 803 insertions(+), 284 deletions(-) (limited to 'accel-pptpd/pwdb.h') diff --git a/accel-pptpd/accel-pptpd.conf b/accel-pptpd/accel-pptpd.conf index 47480220..ece04f2f 100644 --- a/accel-pptpd/accel-pptpd.conf +++ b/accel-pptpd/accel-pptpd.conf @@ -1,11 +1,14 @@ [modules] ./libpptp.so -./libauth_mschap_v2.so +./libauth_pap.so ./libradius.so [core] log-error=/dev/stderr +[ppp] +verbose=1 + [lcp] echo-interval=10 echo-failure=3 @@ -16,6 +19,8 @@ echo-interval=3 [radius] dictionary=dictionary nas-identifier=pptp -nas-ip-address=192.168.10.20 -auth_server=127.0.0.1:1812,secret -acct_server=127.0.0.1:1812,secret +nas-ip-address=127.0.0.1 +gw-ip-address=192.168.100.100 +auth_server=127.0.0.1:1812,testing123 +acct_server=127.0.0.1:1813,secret +verbose=1 diff --git a/accel-pptpd/auth/auth_chap_md5.c b/accel-pptpd/auth/auth_chap_md5.c index 5577794f..de2f4716 100644 --- a/accel-pptpd/auth/auth_chap_md5.c +++ b/accel-pptpd/auth/auth_chap_md5.c @@ -220,8 +220,8 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h ppp_terminate(ad->ppp, 0); } - name=strndup(msg->name,ntohs(msg->hdr.len)-sizeof(*msg)+2); - passwd=pwdb_get_passwd(ad->ppp,name); + name = strndup(msg->name,ntohs(msg->hdr.len)-sizeof(*msg)+2); + passwd = pwdb_get_passwd(ad->ppp,name); if (!passwd) { free(name); diff --git a/accel-pptpd/auth/auth_mschap_v1.c b/accel-pptpd/auth/auth_mschap_v1.c index 1cf5eb8b..595fb15e 100644 --- a/accel-pptpd/auth/auth_mschap_v1.c +++ b/accel-pptpd/auth/auth_mschap_v1.c @@ -282,8 +282,8 @@ static int chap_check_response(struct chap_auth_data_t *ad, struct chap_response char *name; int i; - name=strndup(msg->name,ntohs(msg->hdr.len)-sizeof(*msg)+2); - passwd=pwdb_get_passwd(ad->ppp,name); + name = strndup(msg->name,ntohs(msg->hdr.len)-sizeof(*msg)+2); + passwd = pwdb_get_passwd(ad->ppp,name); if (!passwd) { free(name); diff --git a/accel-pptpd/auth/auth_mschap_v2.c b/accel-pptpd/auth/auth_mschap_v2.c index 502f3686..01127cf7 100644 --- a/accel-pptpd/auth/auth_mschap_v2.c +++ b/accel-pptpd/auth/auth_mschap_v2.c @@ -193,8 +193,8 @@ static int generate_response(struct chap_auth_data_t *ad, struct chap_response_t uint8_t c_hash[SHA_DIGEST_LENGTH]; int i; - name=strndup(msg->name,ntohs(msg->hdr.len)-sizeof(*msg)+2); - passwd=pwdb_get_passwd(ad->ppp,name); + name = strndup(msg->name,ntohs(msg->hdr.len)-sizeof(*msg)+2); + passwd = pwdb_get_passwd(ad->ppp,name); if (!passwd) { free(name); diff --git a/accel-pptpd/auth/auth_pap.c b/accel-pptpd/auth/auth_pap.c index 92ddef52..7337468a 100644 --- a/accel-pptpd/auth/auth_pap.c +++ b/accel-pptpd/auth/auth_pap.c @@ -125,7 +125,7 @@ static void pap_send_ack(struct pap_auth_data_t *p, int id) ppp_chan_send(p->ppp,msg,ntohs(msg->hdr.len)+2); } -static void pap_send_nak(struct pap_auth_data_t *p,int id) +static void pap_send_nak(struct pap_auth_data_t *p, int id) { uint8_t buf[128]; struct pap_ack_t *msg=(struct pap_ack_t*)buf; @@ -143,9 +143,10 @@ static void pap_send_nak(struct pap_auth_data_t *p,int id) static int pap_recv_req(struct pap_auth_data_t *p,struct pap_hdr_t *hdr) { - int ret; + int ret, r; char *peer_id; char *passwd; + const char *passwd2; int peer_id_len; int passwd_len; uint8_t *ptr=(uint8_t*)(hdr+1); @@ -170,17 +171,23 @@ static int pap_recv_req(struct pap_auth_data_t *p,struct pap_hdr_t *hdr) peer_id=strndup((const char*)peer_id,peer_id_len); passwd=strndup((const char*)ptr,passwd_len); - if (pwdb_check(p->ppp,peer_id,passwd)) - { + r = pwdb_check(p->ppp, peer_id, PPP_PAP, passwd); + if (r == PWDB_NO_IMPL) { + passwd2 = pwdb_get_passwd(p->ppp, peer_id); + if (!passwd2 || strcmp(passwd2, passwd)) + r = PWDB_DENIED; + else + r = PWDB_SUCCESS; + } + if (r == PWDB_DENIED) { log_warn("PAP: authentication error\n"); - pap_send_nak(p,hdr->id); + pap_send_nak(p, hdr->id); auth_failed(p->ppp); ret=-1; - }else - { - pap_send_ack(p,hdr->id); + } else { + pap_send_ack(p, hdr->id); auth_successed(p->ppp); - ret=0; + ret = 0; } free(peer_id); diff --git a/accel-pptpd/ctrl/pptp.c b/accel-pptpd/ctrl/pptp.c index 66c09786..3a3c2427 100644 --- a/accel-pptpd/ctrl/pptp.c +++ b/accel-pptpd/ctrl/pptp.c @@ -27,7 +27,7 @@ struct pptp_conn_t { - struct triton_ctx_t ctx; + struct triton_context_t ctx; struct triton_md_handler_t hnd; struct triton_timer_t timeout_timer; struct triton_timer_t echo_timer; @@ -73,7 +73,7 @@ static void disconnect(struct pptp_conn_t *conn) ppp_terminate(&conn->ppp, 1); } - triton_unregister_ctx(&conn->ctx); + triton_context_unregister(&conn->ctx); free(conn->in_buf); free(conn->out_buf); @@ -425,7 +425,7 @@ static void pptp_timeout(struct triton_timer_t *t) struct pptp_conn_t *conn = container_of(t, typeof(*conn), timeout_timer); disconnect(conn); } -static void pptp_close(struct triton_ctx_t *ctx) +static void pptp_close(struct triton_context_t *ctx) { struct pptp_conn_t *conn = container_of(ctx, typeof(*conn), ctx); if (conn->state == STATE_PPP) { @@ -455,7 +455,7 @@ static void ppp_finished(struct ppp_t *ppp) struct pptp_serv_t { - struct triton_ctx_t ctx; + struct triton_context_t ctx; struct triton_md_handler_t hnd; }; @@ -495,14 +495,14 @@ static int pptp_connect(struct triton_md_handler_t *h) conn->timeout_timer.period = conf_timeout * 1000; conn->echo_timer.expire = pptp_send_echo; - triton_register_ctx(&conn->ctx); + triton_context_register(&conn->ctx); triton_md_register_handler(&conn->ctx, &conn->hnd); triton_md_enable_handler(&conn->hnd,MD_MODE_READ); triton_timer_add(&conn->ctx, &conn->timeout_timer, 0); } return 0; } -static void pptp_serv_close(struct triton_ctx_t *ctx) +static void pptp_serv_close(struct triton_context_t *ctx) { struct pptp_serv_t *s=container_of(ctx,typeof(*s),ctx); triton_md_unregister_handler(&s->hnd); @@ -546,7 +546,7 @@ static void __init pptp_init(void) return; } - triton_register_ctx(&serv.ctx); + triton_context_register(&serv.ctx); triton_md_register_handler(&serv.ctx, &serv.hnd); triton_md_enable_handler(&serv.hnd, MD_MODE_READ); diff --git a/accel-pptpd/ipdb.c b/accel-pptpd/ipdb.c index 8ac86cb6..7b679dc7 100644 --- a/accel-pptpd/ipdb.c +++ b/accel-pptpd/ipdb.c @@ -1,11 +1,28 @@ #include "triton.h" #include "ipdb.h" -int __export ipdb_get(in_addr_t *addr, in_addr_t *peer_addr) +static LIST_HEAD(ipdb_handlers); + +int __export ipdb_get(struct ppp_t *ppp, in_addr_t *addr, in_addr_t *peer_addr) { - *addr=inet_addr("192.168.200.100"); - *peer_addr=inet_addr("192.168.200.200"); + struct ipdb_t *ipdb; + + list_for_each_entry(ipdb, &ipdb_handlers, entry) + if (!ipdb->get(ppp, addr, peer_addr)) + return 0; - return 0; + return -1; } +void __export ipdb_put(struct ppp_t *ppp, in_addr_t addr, in_addr_t peer_addr) +{ + struct ipdb_t *ipdb; + list_for_each_entry(ipdb, &ipdb_handlers, entry) + if (ipdb->put) + ipdb->put(ppp, addr, peer_addr); +} + +void __export ipdb_register(struct ipdb_t *ipdb) +{ + list_add_tail(&ipdb->entry, &ipdb_handlers); +} diff --git a/accel-pptpd/ipdb.h b/accel-pptpd/ipdb.h index ed7df6b3..6703a48b 100644 --- a/accel-pptpd/ipdb.h +++ b/accel-pptpd/ipdb.h @@ -3,7 +3,20 @@ #include -int ipdb_get(in_addr_t *addr, in_addr_t *peer_addr); +#include "ppp.h" +#include "list.h" + +struct ipdb_t +{ + struct list_head entry; + int (*get)(struct ppp_t *ppp, in_addr_t *addr, in_addr_t *peer_addr); + void (*put)(struct ppp_t *ppp, in_addr_t addr, in_addr_t peer_addr); +}; + +int ipdb_get(struct ppp_t *ppp, in_addr_t *addr, in_addr_t *peer_addr); +void ipdb_put(struct ppp_t *ppp, in_addr_t addr, in_addr_t peer_addr); + +void ipdb_register(struct ipdb_t *); #endif diff --git a/accel-pptpd/ppp/ipcp_opt_ipaddr.c b/accel-pptpd/ppp/ipcp_opt_ipaddr.c index 2fa92519..ddfb3d20 100644 --- a/accel-pptpd/ppp/ipcp_opt_ipaddr.c +++ b/accel-pptpd/ppp/ipcp_opt_ipaddr.c @@ -40,7 +40,6 @@ static struct ipcp_option_t *ipaddr_init(struct ppp_ipcp_t *ipcp) { struct ipaddr_option_t *ipaddr_opt=malloc(sizeof(*ipaddr_opt)); memset(ipaddr_opt,0,sizeof(*ipaddr_opt)); - ipdb_get(&ipaddr_opt->addr,&ipaddr_opt->peer_addr); ipaddr_opt->opt.id=CI_ADDR; ipaddr_opt->opt.len=6; @@ -51,6 +50,9 @@ static void ipaddr_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt) { struct ipaddr_option_t *ipaddr_opt=container_of(opt,typeof(*ipaddr_opt),opt); + if (ipaddr_opt->peer_addr) + ipdb_put(ipcp->ppp, ipaddr_opt->addr, ipaddr_opt->peer_addr); + free(ipaddr_opt); } @@ -58,6 +60,12 @@ static int ipaddr_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *o { struct ipaddr_option_t *ipaddr_opt=container_of(opt,typeof(*ipaddr_opt),opt); struct ipcp_opt32_t *opt32=(struct ipcp_opt32_t*)ptr; + + if (!ipaddr_opt->addr && ipdb_get(ipcp->ppp, &ipaddr_opt->addr, &ipaddr_opt->peer_addr)) { + log_warn("ppp:ipcp: no free IP address\n"); + return -1; + } + opt32->hdr.id=CI_ADDR; opt32->hdr.len=6; opt32->val=ipaddr_opt->addr; diff --git a/accel-pptpd/ppp/ppp.c b/accel-pptpd/ppp/ppp.c index 4ad8221b..247f8198 100644 --- a/accel-pptpd/ppp/ppp.c +++ b/accel-pptpd/ppp/ppp.c @@ -17,6 +17,8 @@ #include "ppp_fsm.h" #include "log.h" +int conf_ppp_verbose; + static LIST_HEAD(layers); int sock_fd; @@ -302,7 +304,10 @@ void __export ppp_layer_started(struct ppp_t *ppp, struct ppp_layer_data_t *d) list_for_each_entry(d,&n->items,entry) { d->starting=1; - d->layer->start(d); + if (d->layer->start(d)) { + ppp_terminate(ppp, 0); + return; + } } } } @@ -464,7 +469,10 @@ static void start_first_layer(struct ppp_t *ppp) list_for_each_entry(d,&n->items,entry) { d->starting=1; - d->layer->start(d); + if (d->layer->start(d)) { + ppp_terminate(ppp, 0); + return; + } } } @@ -487,9 +495,15 @@ struct ppp_layer_data_t *ppp_find_layer_data(struct ppp_t *ppp, struct ppp_layer static void __init ppp_init(void) { + char *opt; + sock_fd = socket(AF_INET, SOCK_DGRAM, 0); if (sock_fd < 0) { perror("socket"); _exit(EXIT_FAILURE); } + + opt = conf_get_opt("ppp", "verbose"); + if (opt && atoi(opt) > 0) + conf_ppp_verbose = 1; } diff --git a/accel-pptpd/ppp/ppp.h b/accel-pptpd/ppp/ppp.h index da2fb97c..e287b7b1 100644 --- a/accel-pptpd/ppp/ppp.h +++ b/accel-pptpd/ppp/ppp.h @@ -45,7 +45,7 @@ struct ppp_t; struct ppp_ctrl_t { - struct triton_ctx_t *ctx; + struct triton_context_t *ctx; void (*started)(struct ppp_t*); void (*finished)(struct ppp_t*); }; @@ -111,7 +111,7 @@ struct ppp_layer_t { struct list_head entry; struct ppp_layer_data_t *(*init)(struct ppp_t *); - void (*start)(struct ppp_layer_data_t*); + int (*start)(struct ppp_layer_data_t*); void (*finish)(struct ppp_layer_data_t*); void (*free)(struct ppp_layer_data_t *); }; @@ -146,5 +146,7 @@ void ppp_unregister_notified(struct ppp_notified_t *); void ppp_notify_started(struct ppp_t *ppp); void ppp_notify_finished(struct ppp_t *ppp); +extern int conf_ppp_verbose; + extern int sock_fd; // internet socket for ioctls #endif diff --git a/accel-pptpd/ppp/ppp_auth.c b/accel-pptpd/ppp/ppp_auth.c index 32f63d5b..b767fdbd 100644 --- a/accel-pptpd/ppp/ppp_auth.c +++ b/accel-pptpd/ppp/ppp_auth.c @@ -22,7 +22,7 @@ static int auth_recv_conf_ack(struct ppp_lcp_t *lcp, struct lcp_option_t *opt, u static void auth_print(void (*print)(const char *fmt,...),struct lcp_option_t*, uint8_t *ptr); static struct ppp_layer_data_t *auth_layer_init(struct ppp_t*); -static void auth_layer_start(struct ppp_layer_data_t *); +static int auth_layer_start(struct ppp_layer_data_t *); static void auth_layer_finish(struct ppp_layer_data_t *); static void auth_layer_free(struct ppp_layer_data_t *); @@ -257,7 +257,7 @@ static struct ppp_layer_data_t *auth_layer_init(struct ppp_t *ppp) return &ad->ld; } -static void auth_layer_start(struct ppp_layer_data_t *ld) +static int auth_layer_start(struct ppp_layer_data_t *ld) { struct auth_layer_data_t *ad=container_of(ld,typeof(*ad),ld); @@ -270,6 +270,8 @@ static void auth_layer_start(struct ppp_layer_data_t *ld) log_debug("auth_layer_started\n"); ppp_layer_started(ad->ppp,ld); } + + return 0; } static void auth_layer_finish(struct ppp_layer_data_t *ld) diff --git a/accel-pptpd/ppp/ppp_ccp.c b/accel-pptpd/ppp/ppp_ccp.c index fe10886e..f895da9b 100644 --- a/accel-pptpd/ppp/ppp_ccp.c +++ b/accel-pptpd/ppp/ppp_ccp.c @@ -24,7 +24,7 @@ static LIST_HEAD(option_handlers); static void ccp_layer_up(struct ppp_fsm_t*); static void ccp_layer_down(struct ppp_fsm_t*); -static void send_conf_req(struct ppp_fsm_t*); +static int send_conf_req(struct ppp_fsm_t*); static void send_conf_ack(struct ppp_fsm_t*); static void send_conf_nak(struct ppp_fsm_t*); static void send_conf_rej(struct ppp_fsm_t*); @@ -90,7 +90,7 @@ static struct ppp_layer_data_t *ccp_layer_init(struct ppp_t *ppp) return &ccp->ld; } -void ccp_layer_start(struct ppp_layer_data_t *ld) +int ccp_layer_start(struct ppp_layer_data_t *ld) { struct ppp_ccp_t *ccp=container_of(ld,typeof(*ccp),ld); @@ -98,7 +98,10 @@ void ccp_layer_start(struct ppp_layer_data_t *ld) ccp_options_init(ccp); ppp_fsm_lower_up(&ccp->fsm); - ppp_fsm_open(&ccp->fsm); + if (ppp_fsm_open(&ccp->fsm)) + return -1; + + return 0; } void ccp_layer_finish(struct ppp_layer_data_t *ld) @@ -107,12 +110,8 @@ void ccp_layer_finish(struct ppp_layer_data_t *ld) log_debug("ccp_layer_finish\n"); - ppp_fsm_lower_down(&ccp->fsm); - - ppp_unregister_handler(ccp->ppp,&ccp->hnd); - ccp_options_free(ccp); - - ppp_layer_finished(ccp->ppp,ld); + ccp->fsm.fsm_state = FSM_Closed; + ppp_layer_finished(ccp->ppp,&ccp->ld); } void ccp_layer_free(struct ppp_layer_data_t *ld) @@ -121,6 +120,10 @@ void ccp_layer_free(struct ppp_layer_data_t *ld) log_debug("ccp_layer_free\n"); + ppp_unregister_handler(ccp->ppp,&ccp->hnd); + ccp_options_free(ccp); + ppp_fsm_free(&ccp->fsm); + free(ccp); } @@ -151,7 +154,7 @@ static void print_ropt(struct recv_opt_t *ropt) log_debug(" >"); } -static void send_conf_req(struct ppp_fsm_t *fsm) +static int send_conf_req(struct ppp_fsm_t *fsm) { struct ppp_ccp_t *ccp=container_of(fsm,typeof(*ccp),fsm); uint8_t *buf=malloc(ccp->conf_req_len), *ptr=buf; @@ -171,6 +174,8 @@ static void send_conf_req(struct ppp_fsm_t *fsm) list_for_each_entry(lopt,&ccp->options,entry) { n=lopt->h->send_conf_req(ccp,lopt,ptr); + if (n < 0) + return -1; if (n) { log_debug(" "); @@ -183,6 +188,8 @@ static void send_conf_req(struct ppp_fsm_t *fsm) ccp_hdr->len=htons((ptr-buf)-2); ppp_unit_send(ccp->ppp,ccp_hdr,ptr-buf); + + return 0; } static void send_conf_ack(struct ppp_fsm_t *fsm) @@ -473,7 +480,7 @@ static void ccp_recv(struct ppp_handler_t*h) if (ccp->fsm.fsm_state==FSM_Initial || ccp->fsm.fsm_state==FSM_Closed) { - log_error("CCP: discaring packet\n"); + log_warn("CCP: discaring packet\n"); return; } diff --git a/accel-pptpd/ppp/ppp_fsm.c b/accel-pptpd/ppp/ppp_fsm.c index 85cf15a2..a99453f0 100644 --- a/accel-pptpd/ppp/ppp_fsm.c +++ b/accel-pptpd/ppp/ppp_fsm.c @@ -38,7 +38,7 @@ void ppp_fsm_free(struct ppp_fsm_t *layer) stop_timer(layer); } -void ppp_fsm_lower_up(struct ppp_fsm_t *layer) +int ppp_fsm_lower_up(struct ppp_fsm_t *layer) { switch(layer->fsm_state) { @@ -49,12 +49,15 @@ void ppp_fsm_lower_up(struct ppp_fsm_t *layer) //if (layer->init_req_cnt) layer->init_req_cnt(layer); init_req_counter(layer,layer->max_configure); --layer->restart_counter; - if (layer->send_conf_req) layer->send_conf_req(layer); + if (layer->send_conf_req) + if (layer->send_conf_req(layer)) + return -1; layer->fsm_state=FSM_Req_Sent; break; default: break; } + return 0; } void ppp_fsm_lower_down(struct ppp_fsm_t *layer) @@ -84,7 +87,7 @@ void ppp_fsm_lower_down(struct ppp_fsm_t *layer) } } -void ppp_fsm_open(struct ppp_fsm_t *layer) +int ppp_fsm_open(struct ppp_fsm_t *layer) { switch(layer->fsm_state) { @@ -98,7 +101,9 @@ void ppp_fsm_open(struct ppp_fsm_t *layer) //if (layer->init_req_cnt) layer->init_req_cnt(layer); init_req_counter(layer,layer->max_configure); --layer->restart_counter; - if (layer->send_conf_req) layer->send_conf_req(layer); + if (layer->send_conf_req) + if (layer->send_conf_req(layer)) + return -1; layer->fsm_state=FSM_Req_Sent; break; case FSM_Closing: @@ -111,6 +116,7 @@ void ppp_fsm_open(struct ppp_fsm_t *layer) default: break; } + return 0; } void ppp_fsm_close(struct ppp_fsm_t *layer) diff --git a/accel-pptpd/ppp/ppp_fsm.h b/accel-pptpd/ppp/ppp_fsm.h index bc958fe9..908936db 100644 --- a/accel-pptpd/ppp/ppp_fsm.h +++ b/accel-pptpd/ppp/ppp_fsm.h @@ -37,7 +37,7 @@ struct ppp_fsm_t void (*layer_down)(struct ppp_fsm_t*); void (*layer_started)(struct ppp_fsm_t*); void (*layer_finished)(struct ppp_fsm_t*); - void (*send_conf_req)(struct ppp_fsm_t*); + int (*send_conf_req)(struct ppp_fsm_t*); void (*send_conf_ack)(struct ppp_fsm_t*); void (*send_conf_nak)(struct ppp_fsm_t*); void (*send_conf_rej)(struct ppp_fsm_t*); @@ -46,9 +46,9 @@ struct ppp_fsm_t void ppp_fsm_init(struct ppp_fsm_t*); void ppp_fsm_free(struct ppp_fsm_t*); -void ppp_fsm_lower_up(struct ppp_fsm_t*); +int ppp_fsm_lower_up(struct ppp_fsm_t*); void ppp_fsm_lower_down(struct ppp_fsm_t*); -void ppp_fsm_open(struct ppp_fsm_t*); +int ppp_fsm_open(struct ppp_fsm_t*); void ppp_fsm_close(struct ppp_fsm_t*); void ppp_fsm_timeout0(struct ppp_fsm_t *layer); void ppp_fsm_timeout1(struct ppp_fsm_t *layer); diff --git a/accel-pptpd/ppp/ppp_ipcp.c b/accel-pptpd/ppp/ppp_ipcp.c index 6ac145b2..bb6369e0 100644 --- a/accel-pptpd/ppp/ppp_ipcp.c +++ b/accel-pptpd/ppp/ppp_ipcp.c @@ -24,7 +24,7 @@ static LIST_HEAD(option_handlers); static void ipcp_layer_up(struct ppp_fsm_t*); static void ipcp_layer_down(struct ppp_fsm_t*); -static void send_conf_req(struct ppp_fsm_t*); +static int send_conf_req(struct ppp_fsm_t*); static void send_conf_ack(struct ppp_fsm_t*); static void send_conf_nak(struct ppp_fsm_t*); static void send_conf_rej(struct ppp_fsm_t*); @@ -90,7 +90,7 @@ static struct ppp_layer_data_t *ipcp_layer_init(struct ppp_t *ppp) return &ipcp->ld; } -void ipcp_layer_start(struct ppp_layer_data_t *ld) +int ipcp_layer_start(struct ppp_layer_data_t *ld) { struct ppp_ipcp_t *ipcp=container_of(ld,typeof(*ipcp),ld); @@ -98,7 +98,10 @@ void ipcp_layer_start(struct ppp_layer_data_t *ld) ipcp_options_init(ipcp); ppp_fsm_lower_up(&ipcp->fsm); - ppp_fsm_open(&ipcp->fsm); + if (ppp_fsm_open(&ipcp->fsm)) + return -1; + + return 0; } void ipcp_layer_finish(struct ppp_layer_data_t *ld) @@ -107,12 +110,8 @@ void ipcp_layer_finish(struct ppp_layer_data_t *ld) log_debug("ipcp_layer_finish\n"); - ppp_fsm_lower_down(&ipcp->fsm); - - ppp_unregister_handler(ipcp->ppp,&ipcp->hnd); - ipcp_options_free(ipcp); - - ppp_layer_finished(ipcp->ppp,ld); + ipcp->fsm.fsm_state = FSM_Closed; + ppp_layer_finished(ipcp->ppp,&ipcp->ld); } void ipcp_layer_free(struct ppp_layer_data_t *ld) @@ -121,6 +120,10 @@ void ipcp_layer_free(struct ppp_layer_data_t *ld) log_debug("ipcp_layer_free\n"); + ppp_unregister_handler(ipcp->ppp,&ipcp->hnd); + ipcp_options_free(ipcp); + ppp_fsm_free(&ipcp->fsm); + free(ipcp); } @@ -151,7 +154,7 @@ static void print_ropt(struct recv_opt_t *ropt) log_debug(" >"); } -static void send_conf_req(struct ppp_fsm_t *fsm) +static int send_conf_req(struct ppp_fsm_t *fsm) { struct ppp_ipcp_t *ipcp=container_of(fsm,typeof(*ipcp),fsm); uint8_t *buf=malloc(ipcp->conf_req_len), *ptr=buf; @@ -159,30 +162,40 @@ static void send_conf_req(struct ppp_fsm_t *fsm) struct ipcp_option_t *lopt; int n; - log_debug("send [IPCP ConfReq"); ipcp_hdr->proto=htons(PPP_IPCP); ipcp_hdr->code=CONFREQ; ipcp_hdr->id=++ipcp->fsm.id; ipcp_hdr->len=0; - log_debug(" id=%x",ipcp_hdr->id); ptr+=sizeof(*ipcp_hdr); list_for_each_entry(lopt,&ipcp->options,entry) { - n=lopt->h->send_conf_req(ipcp,lopt,ptr); - if (n) - { - log_debug(" "); - lopt->h->print(log_debug,lopt,NULL); + n = lopt->h->send_conf_req(ipcp, lopt, ptr); + if (n < 0) + return -1; + if (n) { ptr+=n; + lopt->print = 1; + } else + lopt->print = 0; + } + + if (conf_ppp_verbose) { + log_debug("send [IPCP ConfReq id=%x", ipcp_hdr->id); + list_for_each_entry(lopt,&ipcp->options,entry){ + if (lopt->print) { + log_debug(" "); + lopt->h->print(log_debug,lopt,NULL); + } } + log_debug("]\n"); } - - log_debug("]\n"); ipcp_hdr->len=htons((ptr-buf)-2); ppp_unit_send(ipcp->ppp,ipcp_hdr,ptr-buf); + + return 0; } static void send_conf_ack(struct ppp_fsm_t *fsm) @@ -464,7 +477,7 @@ static void ipcp_recv(struct ppp_handler_t*h) if (ipcp->fsm.fsm_state==FSM_Initial || ipcp->fsm.fsm_state==FSM_Closed) { - log_error("IPCP: discaring packet\n"); + log_warn("IPCP: discaring packet\n"); return; } diff --git a/accel-pptpd/ppp/ppp_ipcp.h b/accel-pptpd/ppp/ppp_ipcp.h index 9e0c99ee..266ab7df 100644 --- a/accel-pptpd/ppp/ppp_ipcp.h +++ b/accel-pptpd/ppp/ppp_ipcp.h @@ -56,6 +56,7 @@ struct ipcp_option_t int id; int len; int state; + int print:1; struct ipcp_option_handler_t *h; }; diff --git a/accel-pptpd/ppp/ppp_lcp.c b/accel-pptpd/ppp/ppp_lcp.c index afcfc102..22e6313d 100644 --- a/accel-pptpd/ppp/ppp_lcp.c +++ b/accel-pptpd/ppp/ppp_lcp.c @@ -27,7 +27,7 @@ static LIST_HEAD(option_handlers); static void lcp_layer_up(struct ppp_fsm_t*); static void lcp_layer_down(struct ppp_fsm_t*); -static void send_conf_req(struct ppp_fsm_t*); +static int send_conf_req(struct ppp_fsm_t*); static void send_conf_ack(struct ppp_fsm_t*); static void send_conf_nak(struct ppp_fsm_t*); static void send_conf_rej(struct ppp_fsm_t*); @@ -95,7 +95,7 @@ static struct ppp_layer_data_t *lcp_layer_init(struct ppp_t *ppp) return &lcp->ld; } -void lcp_layer_start(struct ppp_layer_data_t *ld) +int lcp_layer_start(struct ppp_layer_data_t *ld) { struct ppp_lcp_t *lcp=container_of(ld,typeof(*lcp),ld); @@ -103,7 +103,10 @@ void lcp_layer_start(struct ppp_layer_data_t *ld) lcp_options_init(lcp); ppp_fsm_lower_up(&lcp->fsm); - ppp_fsm_open(&lcp->fsm); + if (ppp_fsm_open(&lcp->fsm)) + return -1; + + return 0; } void lcp_layer_finish(struct ppp_layer_data_t *ld) @@ -161,7 +164,7 @@ static void print_ropt(struct recv_opt_t *ropt) log_debug(" >"); } -static void send_conf_req(struct ppp_fsm_t *fsm) +static int send_conf_req(struct ppp_fsm_t *fsm) { struct ppp_lcp_t *lcp=container_of(fsm,typeof(*lcp),fsm); uint8_t *buf=malloc(lcp->conf_req_len), *ptr=buf; @@ -169,30 +172,42 @@ static void send_conf_req(struct ppp_fsm_t *fsm) struct lcp_option_t *lopt; int n; - log_debug("send [LCP ConfReq"); lcp_hdr->proto=htons(PPP_LCP); lcp_hdr->code=CONFREQ; lcp_hdr->id=++lcp->fsm.id; lcp_hdr->len=0; - log_debug(" id=%x",lcp_hdr->id); ptr+=sizeof(*lcp_hdr); list_for_each_entry(lopt,&lcp->options,entry) { n=lopt->h->send_conf_req(lcp,lopt,ptr); + if (n < 0) + return -1; if (n) { - log_debug(" "); - lopt->h->print(log_debug,lopt,NULL); ptr+=n; - } + lopt->print = 1; + } else + lopt->print = 0; } - log_debug("]\n"); + if (conf_ppp_verbose) { + log_debug("send [LCP ConfReq id=%x", lcp_hdr->id); + list_for_each_entry(lopt,&lcp->options,entry) + { + if (lopt->print) { + log_debug(" "); + lopt->h->print(log_debug,lopt,NULL); + } + } + log_debug("]\n"); + } lcp_hdr->len=htons((ptr-buf)-2); ppp_chan_send(lcp->ppp,lcp_hdr,ptr-buf); + + return 0; } static void send_conf_ack(struct ppp_fsm_t *fsm) diff --git a/accel-pptpd/ppp/ppp_lcp.h b/accel-pptpd/ppp/ppp_lcp.h index 46bc17b9..661f200c 100644 --- a/accel-pptpd/ppp/ppp_lcp.h +++ b/accel-pptpd/ppp/ppp_lcp.h @@ -90,6 +90,7 @@ struct lcp_option_t int id; int len; int state; + int print:1; struct lcp_option_handler_t *h; }; diff --git a/accel-pptpd/pwdb.c b/accel-pptpd/pwdb.c index 1b682a40..24515ec6 100644 --- a/accel-pptpd/pwdb.c +++ b/accel-pptpd/pwdb.c @@ -27,10 +27,10 @@ int __export pwdb_check(struct ppp_t *ppp, const char *username, int type, ...) return res; } -__export const char *pwdb_get_passwd(struct ppp_t *ppp, const char *username) +__export char *pwdb_get_passwd(struct ppp_t *ppp, const char *username) { struct pwdb_t *pwdb; - const char *r = NULL; + char *r = NULL; list_for_each_entry(pwdb, &pwdb_handlers, entry) { if (!pwdb->get_passwd) diff --git a/accel-pptpd/pwdb.h b/accel-pptpd/pwdb.h index d3495435..a1c2cedb 100644 --- a/accel-pptpd/pwdb.h +++ b/accel-pptpd/pwdb.h @@ -14,11 +14,11 @@ struct pwdb_t { struct list_head entry; int (*check)(struct pwdb_t *, struct ppp_t *, const char *username, int type, va_list args); - const char* (*get_passwd)(struct pwdb_t *, struct ppp_t *, const char *username); + char* (*get_passwd)(struct pwdb_t *, struct ppp_t *, const char *username); }; int pwdb_check(struct ppp_t *, const char *username, int type, ...); -const char *pwdb_get_passwd(struct ppp_t *, const char *username); +char *pwdb_get_passwd(struct ppp_t *, const char *username); void pwdb_register(struct pwdb_t *); void pwdb_unregister(struct pwdb_t *); diff --git a/accel-pptpd/radius/dict.c b/accel-pptpd/radius/dict.c index 00f67af7..d76c2c39 100644 --- a/accel-pptpd/radius/dict.c +++ b/accel-pptpd/radius/dict.c @@ -210,7 +210,17 @@ struct rad_dict_attr_t *rad_dict_find_attr(const char *name) return NULL; } -struct rad_dict_value_t *rad_dict_find_val(struct rad_dict_attr_t *attr, const char *name) +struct rad_dict_attr_t *rad_dict_find_attr_id(int id) +{ + struct rad_dict_attr_t *attr; + + list_for_each_entry(attr, &dict->items, entry) + if (attr->id == id) + return attr; + + return NULL; +} +struct rad_dict_value_t *rad_dict_find_val_name(struct rad_dict_attr_t *attr, const char *name) { struct rad_dict_value_t *val; @@ -220,3 +230,17 @@ struct rad_dict_value_t *rad_dict_find_val(struct rad_dict_attr_t *attr, const c return NULL; } + +struct rad_dict_value_t *rad_dict_find_val(struct rad_dict_attr_t *attr, rad_value_t v) +{ + struct rad_dict_value_t *val; + + if (attr->type != ATTR_TYPE_INTEGER) + return NULL; + + list_for_each_entry(val, &attr->values, entry) + if (val->val.integer == v.integer) + return val; + + return NULL; +} diff --git a/accel-pptpd/radius/packet.c b/accel-pptpd/radius/packet.c index f1b4ebea..627b6c5e 100644 --- a/accel-pptpd/radius/packet.c +++ b/accel-pptpd/radius/packet.c @@ -4,14 +4,40 @@ #include #include #include +#include #include "log.h" #include "radius.h" -static int urandom_fd; +struct rad_packet_t *rad_packet_alloc(int code) +{ + struct rad_packet_t *pack; + + pack = malloc(sizeof(*pack)); + if (!pack) { + log_error("radius:packet: out of memory\n"); + return NULL; + } + + memset(pack, 0, sizeof(*pack)); + pack->code = code; + pack->len = 20; + pack->id = 1; + INIT_LIST_HEAD(&pack->attrs); + + return pack; +} -int rad_packet_build(struct rad_packet_t *pack) +void print_buf(uint8_t *buf,int size) +{ + int i; + for(i=0;ibuf = ptr; *ptr = pack->code; ptr++; *ptr = pack->id; ptr++; - *(uint16_t*)ptr = pack->len; ptr+= 2; - while (1) { - if (read(urandom_fd, ptr, 16) != 16) { - if (errno == EINTR) - continue; - log_error("radius:packet:read urandom: %s\n", strerror(errno)); - goto out_err; - } - break; - } - ptr+=16; + *(uint16_t*)ptr = htons(pack->len); ptr+= 2; + memcpy(ptr, RA, 16); ptr+=16; list_for_each_entry(attr, &pack->attrs, entry) { - *ptr = attr->attr->type; ptr++; - *ptr = attr->len; ptr++; + *ptr = attr->attr->id; ptr++; + *ptr = attr->len + 2; ptr++; switch(attr->attr->type) { case ATTR_TYPE_INTEGER: - *(uint32_t*)ptr = attr->val.integer; + *(uint32_t*)ptr = htonl(attr->val.integer); break; case ATTR_TYPE_STRING: memcpy(ptr, attr->val.string, attr->len); @@ -50,20 +68,18 @@ int rad_packet_build(struct rad_packet_t *pack) *(in_addr_t*)ptr = attr->val.ipaddr; break; case ATTR_TYPE_DATE: - *(uint32_t*)ptr = attr->val.date; + *(uint32_t*)ptr = htonl(attr->val.date); break; default: - log_error("radius:packet: unknown attribute type\n"); + log_error("radius:packet:BUG: unknown attribute type\n"); abort(); } ptr += attr->len; } - return 0; + print_buf(pack->buf, pack->len); -out_err: - free(ptr); - return -1; + return 0; } struct rad_packet_t *rad_packet_recv(int fd) @@ -72,22 +88,16 @@ struct rad_packet_t *rad_packet_recv(int fd) struct rad_req_attr_t *attr; struct rad_dict_attr_t *da; uint8_t *ptr; - int n, type, len; - - pack = malloc(sizeof(*pack)); - if (!pack) { - log_error("radius:packet: out of memory\n"); - return NULL; - } + int n, id, len; - memset(pack, 0, sizeof(*pack)); - INIT_LIST_HEAD(&pack->attrs); + pack = rad_packet_alloc(0); + if (!pack) + return NULL; pack->buf = malloc(REQ_LENGTH_MAX); if (!pack->buf) { log_error("radius:packet: out of memory\n"); - free(pack); - return NULL; + goto out_err; } while (1) { @@ -110,7 +120,7 @@ struct rad_packet_t *rad_packet_recv(int fd) pack->code = *ptr; ptr++; pack->id = *ptr; ptr++; - pack->len = *(uint16_t*)ptr; ptr += 2; + pack->len = ntohs(*(uint16_t*)ptr); ptr += 2; if (pack->len > n) { log_warn("radius:packet: short packet received %i, expected %i\n", pack->len, n); @@ -121,13 +131,17 @@ struct rad_packet_t *rad_packet_recv(int fd) n -= 20; while (n>0) { - type = *ptr; ptr++; - len = *ptr; ptr++; + id = *ptr; ptr++; + len = *ptr - 2; ptr++; + if (len < 0) { + log_warn("radius:packet short attribute len received\n"); + goto out_err; + } if (2 + len > n) { - log_error("radius:packet: too long attribute received (%i, %i)\n", type, len); + log_warn("radius:packet: too long attribute received (%i, %i)\n", id, len); goto out_err; } - da = rad_dict_find_attr_type(type); + da = rad_dict_find_attr_id(id); if (da) { attr = malloc(sizeof(*attr)); if (!attr) { @@ -136,18 +150,28 @@ struct rad_packet_t *rad_packet_recv(int fd) } attr->attr = da; attr->len = len; - if (type == ATTR_TYPE_STRING) { - attr->val.string = malloc(len); - if (!attr->val.string) { - log_error("radius:packet: out of memory\n"); - free(attr); - goto out_err; - } - } else - memcpy(&attr->val.integer, ptr, 4); + switch (da->type) { + case ATTR_TYPE_STRING: + attr->val.string = malloc(len+1); + if (!attr->val.string) { + log_error("radius:packet: out of memory\n"); + free(attr); + goto out_err; + } + memcpy(attr->val.string, ptr, len); + attr->val.string[len] = 0; + break; + case ATTR_TYPE_DATE: + case ATTR_TYPE_INTEGER: + attr->val.integer = ntohl(*(uint32_t*)ptr); + break; + case ATTR_TYPE_IPADDR: + attr->val.integer = *(uint32_t*)ptr; + break; + } list_add_tail(&attr->entry, &pack->attrs); } else - log_warn("radius:packet: unknown attribute type received (%i)\n", type); + log_warn("radius:packet: unknown attribute received (%i)\n", id); ptr += len; n -= 2 + len; } @@ -176,3 +200,52 @@ void rad_packet_free(struct rad_packet_t *pack) free(pack); } + +void rad_packet_print(struct rad_packet_t *pack, void (*print)(const char *fmt, ...)) +{ + struct rad_req_attr_t *attr; + struct rad_dict_value_t *val; + + print("[RADIUS "); + switch(pack->code) { + case CODE_ACCESS_REQUEST: + print("Access-Request"); + break; + case CODE_ACCESS_CHALLENGE: + print("Access-Challenge"); + break; + case CODE_ACCESS_ACCEPT: + print("Access-Accept"); + break; + case CODE_ACCESS_REJECT: + print("Access-Reject"); + break; + default: + print("Unknown (%i)", pack->code); + } + print(" id=%x", pack->id); + + list_for_each_entry(attr, &pack->attrs, entry) { + print(" <%s ", attr->attr->name); + if (attr->printable) { + switch (attr->attr->type) { + case ATTR_TYPE_INTEGER: + val = rad_dict_find_val(attr->attr, attr->val); + if (val) + print("%s", val->name); + else + print("%i", attr->val.integer); + break; + case ATTR_TYPE_STRING: + print("\"%s\"", attr->val.string); + break; + case ATTR_TYPE_IPADDR: + print("%i.%i.%i.%i", attr->val.ipaddr & 0xff, (attr->val.ipaddr >> 8) & 0xff, (attr->val.ipaddr >> 16) & 0xff, (attr->val.ipaddr >> 24) & 0xff); + break; + } + } + print(">"); + } + print("]\n"); +} + diff --git a/accel-pptpd/radius/radius.c b/accel-pptpd/radius/radius.c index 2e444ded..a786dea5 100644 --- a/accel-pptpd/radius/radius.c +++ b/accel-pptpd/radius/radius.c @@ -3,43 +3,124 @@ #include #include #include +#include +#include + +#include "log.h" #include "ppp.h" #include "pwdb.h" +#include "ipdb.h" + #include "radius.h" int conf_max_try = 3; int conf_timeout = 3; char *conf_nas_identifier = "accel-pptpd"; char *conf_nas_ip_address; +char *conf_gw_ip_address; +int conf_verbose = 0; + +char *conf_auth_server; +int conf_auth_server_port = 1812; +char *conf_auth_server_secret; + +char *conf_acct_server; +int conf_acct_server_port = 1813; +char *conf_acct_server_secret; static struct ppp_notified_t notified; +static struct radius_pd_t *find_pd(struct ppp_t *ppp); + +static void proc_attrs(struct rad_req_t *req) +{ + struct rad_req_attr_t *attr; + + list_for_each_entry(attr, &req->reply->attrs, entry) { + if (!strcmp(attr->attr->name, "Framed-IP-Address")) { + req->rpd->ipaddr = attr->val.ipaddr; + } + } +} + +static uint8_t* encrypt_password(const char *passwd, const char *secret, const uint8_t *RA, int *epasswd_len) +{ + uint8_t *epasswd; + int i, j, chunk_cnt; + uint8_t b[16], c[16]; + MD5_CTX ctx; + + chunk_cnt = (strlen(passwd) - 1) / 16 + 1; + + epasswd = malloc(chunk_cnt * 16); + if (!epasswd) { + log_error("radius: out of memory\n"); + return NULL; + } + + memset(epasswd, 0, chunk_cnt * 16); + memcpy(epasswd, passwd, strlen(passwd)); + memcpy(c, RA, 16); + + for (i = 0; i < chunk_cnt; i++) { + MD5_Init(&ctx); + MD5_Update(&ctx, secret, strlen(secret)); + MD5_Update(&ctx, c, 16); + MD5_Final(b, &ctx); + + for(j = 0; j < 16; j++) + epasswd[i * 16 + j] ^= b[j]; + + memcpy(c, epasswd + i * 16, 16); + } + + *epasswd_len = chunk_cnt * 16; + return epasswd; +} + static int check_pap(struct radius_pd_t *rpd, const char *username, va_list args) { struct rad_req_t *req; int i, r = PWDB_DENIED; //int id = va_arg(args, int); const char *passwd = va_arg(args, const char *); + uint8_t *epasswd; + int epasswd_len; req = rad_req_alloc(rpd, CODE_ACCESS_REQUEST, username); if (!req) return PWDB_DENIED; + + req->server_name = conf_auth_server; + req->server_port = conf_auth_server_port; - if (rad_req_add_str(req, "User-Password", passwd, strlen(passwd))) + epasswd = encrypt_password(passwd, conf_auth_server_secret, req->RA, &epasswd_len); + if (!epasswd) goto out; + if (rad_req_add_str(req, "Password", (char*)epasswd, epasswd_len, 0)) { + free(epasswd); + goto out; + } + + free(epasswd); + for(i = 0; i < conf_max_try; i++) { if (rad_req_send(req)) goto out; - if (rad_req_wait(req, conf_timeout)) - goto out; + rad_req_wait(req, conf_timeout); if (req->reply) break; } + if (req->reply && req->reply->code == CODE_ACCESS_ACCEPT) { + proc_attrs(req); + r = PWDB_SUCCESS; + } + out: rad_req_free(req); @@ -79,15 +160,7 @@ static int check(struct pwdb_t *pwdb, struct ppp_t *ppp, const char *username, i int r = PWDB_NO_IMPL; va_list args; int chap_type; - struct ppp_pd_t *pd; - struct radius_pd_t *rpd = NULL; - - list_for_each_entry(pd, &ppp->pd_list, entry) { - if (pd->key == ¬ified) { - rpd = container_of(pd, typeof(*rpd), pd); - break; - } - } + struct radius_pd_t *rpd = find_pd(ppp); va_copy(args, _args); @@ -116,6 +189,22 @@ static int check(struct pwdb_t *pwdb, struct ppp_t *ppp, const char *username, i return r; } +static int get_ip(struct ppp_t *ppp, in_addr_t *addr, in_addr_t *peer_addr) +{ + struct radius_pd_t *rpd = find_pd(ppp); + + if (rpd->ipaddr) { + if (!conf_gw_ip_address) { + log_warn("radius: gw-ip-address not specified, cann't assign IP address...\n"); + return -1; + } + *peer_addr = rpd->ipaddr; + *addr = inet_addr(conf_gw_ip_address); + return 0; + } + return -1; +} + static void ppp_started(struct ppp_notified_t *n, struct ppp_t *ppp) { struct radius_pd_t *pd = malloc(sizeof(*pd)); @@ -127,6 +216,14 @@ static void ppp_started(struct ppp_notified_t *n, struct ppp_t *ppp) } static void ppp_finished(struct ppp_notified_t *n, struct ppp_t *ppp) +{ + struct radius_pd_t *rpd = find_pd(ppp); + + list_del(&rpd->pd.entry); + free(rpd); +} + +static struct radius_pd_t *find_pd(struct ppp_t *ppp) { struct ppp_pd_t *pd; struct radius_pd_t *rpd; @@ -134,13 +231,18 @@ static void ppp_finished(struct ppp_notified_t *n, struct ppp_t *ppp) list_for_each_entry(pd, &ppp->pd_list, entry) { if (pd->key == ¬ified) { rpd = container_of(pd, typeof(*rpd), pd); - list_del(&pd->entry); - free(rpd); - return; + return rpd; } } + log_error("radius:BUG: rpd not found\n"); + abort(); } + +static struct ipdb_t ipdb = { + .get = get_ip, +}; + static struct pwdb_t pwdb = { .check = check, }; @@ -150,17 +252,81 @@ static struct ppp_notified_t notified = { .finished = ppp_finished, }; +static int parse_server(const char *opt, char **name, int *port, char **secret) +{ + char *str = strdup(opt); + char *p1, *p2; + + p1 = strstr(str, ":"); + p2 = strstr(str, ","); + + if (p1) + *p1 = 0; + if (p2) + *p2 = 0; + else + return -1; + + *name = str; + if (p1) { + *port = atoi(p1 + 1); + if (*port <=0 ) + return -1; + } + *secret = p2 + 1; + + return 0; +} + static void __init radius_init(void) { - char *dict = conf_get_opt("radius", "dictionary"); - if (!dict) { + char *opt; + + opt = conf_get_opt("radius", "max-try"); + if (opt && atoi(opt) > 0) + conf_max_try = atoi(opt); + + opt = conf_get_opt("radius", "timeout"); + if (opt && atoi(opt) > 0) + conf_timeout = atoi(opt); + + opt = conf_get_opt("radius", "verbose"); + if (opt && atoi(opt) > 0) + conf_verbose = 1; + + opt = conf_get_opt("radius", "nas-ip-address"); + if (opt) + conf_nas_ip_address = opt; + + opt = conf_get_opt("radius", "gw-ip-address"); + if (opt) + conf_gw_ip_address = opt; + + opt = conf_get_opt("radius", "auth_server"); + if (!opt) { + log_error("radius: auth_server not specified\n"); + _exit(EXIT_FAILURE); + } else if (parse_server(opt, &conf_auth_server, &conf_auth_server_port, &conf_auth_server_secret)) { + log_error("radius: failed to parse auth_server\n"); + _exit(EXIT_FAILURE); + } + + opt = conf_get_opt("radius", "acct_server"); + if (opt && parse_server(opt, &conf_acct_server, &conf_acct_server_port, &conf_acct_server_secret)) { + log_error("radius: failed to parse acct_server\n"); + _exit(EXIT_FAILURE); + } + + opt = conf_get_opt("radius", "dictionary"); + if (!opt) { fprintf(stderr, "radius: dictionary not specified\n"); _exit(EXIT_FAILURE); } - if (!rad_dict_load(dict)) + if (rad_dict_load(opt)) _exit(EXIT_FAILURE); pwdb_register(&pwdb); + ipdb_register(&ipdb); ppp_register_notified(¬ified); } diff --git a/accel-pptpd/radius/radius.h b/accel-pptpd/radius/radius.h index 109981a6..40b83201 100644 --- a/accel-pptpd/radius/radius.h +++ b/accel-pptpd/radius/radius.h @@ -1,6 +1,7 @@ #ifndef __RADIUS_H #define __RADIUS_H +#include #include #include "triton.h" #include "ppp.h" @@ -13,17 +14,21 @@ #define ATTR_TYPE_IPADDR 3 #define CODE_ACCESS_REQUEST 1 +#define CODE_ACCESS_ACCEPT 2 +#define CODE_ACCESS_REJECT 3 +#define CODE_ACCESS_CHALLENGE 11 struct radius_pd_t { struct ppp_pd_t pd; struct ppp_t *ppp; + in_addr_t ipaddr; }; typedef union { int integer; - const char *string; + char *string; time_t date; in_addr_t ipaddr; } rad_value_t; @@ -56,6 +61,7 @@ struct rad_req_attr_t //struct rad_dict_value_t *val; rad_value_t val; int len; + int printable:1; }; struct rad_packet_t @@ -68,9 +74,11 @@ struct rad_packet_t }; struct rad_req_t { + struct triton_context_t ctx; struct triton_md_handler_t hnd; struct triton_timer_t timeout; - struct rad_packet_t pack; + uint8_t RA[16]; + struct rad_packet_t *pack; struct rad_packet_t *reply; const char *server_name; int server_port; @@ -81,14 +89,18 @@ struct rad_req_t extern int conf_max_try; extern int conf_timeout; +extern int conf_verbose; extern char *conf_nas_identifier; extern char *conf_nas_ip_address; +extern char *conf_auth_server; +extern char *conf_acct_server; int rad_dict_load(const char *fname); void rad_dict_free(struct rad_dict_t *dict); struct rad_dict_attr_t *rad_dict_find_attr(const char *name); -struct rad_dict_attr_t *rad_dict_find_attr_type(int type); -struct rad_dict_value_t *rad_dict_find_val(struct rad_dict_attr_t *, const char *name); +struct rad_dict_attr_t *rad_dict_find_attr_id(int type); +struct rad_dict_value_t *rad_dict_find_val_name(struct rad_dict_attr_t *, const char *name); +struct rad_dict_value_t *rad_dict_find_val(struct rad_dict_attr_t *, rad_value_t val); struct rad_req_t *rad_req_alloc(struct radius_pd_t *rpd, int code, const char *username); void rad_req_free(struct rad_req_t *); @@ -96,11 +108,13 @@ int rad_req_send(struct rad_req_t *); int rad_req_wait(struct rad_req_t *, int); int rad_req_add_int(struct rad_req_t *req, const char *name, int val); int rad_req_add_val(struct rad_req_t *req, const char *name, const char *val, int len); -int rad_req_add_str(struct rad_req_t *req, const char *name, const char *val, int len); +int rad_req_add_str(struct rad_req_t *req, const char *name, const char *val, int len, int printable); -int rad_packet_build(struct rad_packet_t *pack); +struct rad_packet_t *rad_packet_alloc(int code); +int rad_packet_build(struct rad_packet_t *pack, uint8_t *RA); struct rad_packet_t *rad_packet_recv(int fd); void rad_packet_free(struct rad_packet_t *); +void rad_packet_print(struct rad_packet_t *pack, void (*print)(const char *fmt, ...)); #endif diff --git a/accel-pptpd/radius/req.c b/accel-pptpd/radius/req.c index ae761547..cc59a431 100644 --- a/accel-pptpd/radius/req.c +++ b/accel-pptpd/radius/req.c @@ -11,11 +11,12 @@ #include "log.h" #include "radius.h" +static int urandom_fd; static int rad_req_read(struct triton_md_handler_t *h); static void rad_req_timeout(struct triton_timer_t *t); -struct rad_req_t *rad_rec_alloc(struct radius_pd_t *rpd, int code, const char *username) +struct rad_req_t *rad_req_alloc(struct radius_pd_t *rpd, int code, const char *username) { struct rad_req_t *req = malloc(sizeof(*req)); @@ -23,26 +24,37 @@ struct rad_req_t *rad_rec_alloc(struct radius_pd_t *rpd, int code, const char *u return NULL; memset(req, 0, sizeof(*req)); - INIT_LIST_HEAD(&req->pack.attrs); req->rpd = rpd; - req->pack.code = code; - req->pack.len = 20; req->hnd.fd = -1; req->hnd.read = rad_req_read; req->timeout.expire = rad_req_timeout; - if (rad_req_add_str(req, "User-Name", username, strlen(username))) + while (1) { + if (read(urandom_fd, req->RA, 16) != 16) { + if (errno == EINTR) + continue; + log_error("radius:req:read urandom: %s\n", strerror(errno)); + goto out_err; + } + break; + } + + req->pack = rad_packet_alloc(code); + if (!req->pack) + goto out_err; + + if (rad_req_add_str(req, "User-Name", username, strlen(username), 1)) goto out_err; if (conf_nas_identifier) - if (rad_req_add_str(req, "NAS-Identifier", conf_nas_identifier, strlen(conf_nas_identifier))) + if (rad_req_add_str(req, "NAS-Identifier", conf_nas_identifier, strlen(conf_nas_identifier), 1)) goto out_err; if (rad_req_add_int(req, "NAS-Port-Id", rpd->ppp->unit_idx)) goto out_err; - if (rad_req_add_str(req, "NAS-Port-Type", "Sync", 4)) + if (rad_req_add_val(req, "NAS-Port-Type", "Sync", 4)) goto out_err; - if (rad_req_add_str(req, "Service-Type", "Framed-User", 11)) + if (rad_req_add_val(req, "Service-Type", "Framed-User", 4)) goto out_err; - if (rad_req_add_str(req, "Framed-Protocol", "PPP", 3)) + if (rad_req_add_val(req, "Framed-Protocol", "PPP", 4)) goto out_err; return req; @@ -52,9 +64,15 @@ out_err: return NULL; } -void rad_rec_free(struct rad_req_t *req) +void rad_req_free(struct rad_req_t *req) { - + if (req->hnd.fd >= 0 ) + close(req->hnd.fd); + if (req->pack) + rad_packet_free(req->pack); + if (req->reply) + rad_packet_free(req->reply); + free(req); } int rad_req_send(struct rad_req_t *req) @@ -63,22 +81,24 @@ int rad_req_send(struct rad_req_t *req) int n; if (req->hnd.fd == -1) { - req->hnd.fd = socket(PF_INET, SOCK_DGRAM ,0); - if (!req->hnd.fd) { + req->hnd.fd = socket(PF_INET, SOCK_DGRAM, 0); + if (req->hnd.fd < 0) { log_error("radius:socket: %s\n", strerror(errno)); return -1; } + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + if (conf_nas_ip_address) { - addr.sin_family = AF_INET; - addr.sin_addr.s_addr = htonl(inet_addr(conf_nas_ip_address)); + addr.sin_addr.s_addr = inet_addr(conf_nas_ip_address); if (bind(req->hnd.fd, (struct sockaddr *) &addr, sizeof(addr))) { log_error("radius:bind: %s\n", strerror(errno)); goto out_err; } } - addr.sin_addr.s_addr = htonl(inet_addr(req->server_name)); + addr.sin_addr.s_addr = inet_addr(req->server_name); addr.sin_port = htons(req->server_port); if (connect(req->hnd.fd, (struct sockaddr *) &addr, sizeof(addr))) { @@ -91,28 +111,32 @@ int rad_req_send(struct rad_req_t *req) goto out_err; } - if (rad_packet_build(&req->pack)) + if (rad_packet_build(req->pack, req->RA)) goto out_err; } + if (conf_verbose) { + log_debug("send "); + rad_packet_print(req->pack, log_debug); + } + while (1) { - n = write(req->hnd.fd, req->pack.buf, req->pack.len); + n = write(req->hnd.fd, req->pack->buf, req->pack->len); + //n = sendto(req->hnd.fd, req->pack->buf, req->pack->len, 0, &addr, sizeof(addr)); if (n < 0) { if (errno == EINTR) continue; log_error("radius:write: %s\n", strerror(errno)); - goto out_err_free_pack; - } else if (n != req->pack.len) { - log_error("radius:write: short write %i, excpected %i\n", n, req->pack.len); - goto out_err_free_pack; + goto out_err; + } else if (n != req->pack->len) { + log_error("radius:write: short write %i, excpected %i\n", n, req->pack->len); + goto out_err; } break; } return 0; -out_err_free_pack: - rad_packet_free(&req->pack); out_err: close(req->hnd.fd); req->hnd.fd = -1; @@ -124,7 +148,7 @@ int rad_req_add_int(struct rad_req_t *req, const char *name, int val) struct rad_req_attr_t *ra; struct rad_dict_attr_t *attr; - if (req->pack.len + 2 + 4 >= REQ_LENGTH_MAX) + if (req->pack->len + 2 + 4 >= REQ_LENGTH_MAX) return -1; attr = rad_dict_find_attr(name); @@ -138,18 +162,19 @@ int rad_req_add_int(struct rad_req_t *req, const char *name, int val) ra->attr = attr; ra->len = 4; ra->val.integer = val; - list_add_tail(&ra->entry, &req->pack.attrs); - req->pack.len += 2 + 4; + ra->printable = 1; + list_add_tail(&ra->entry, &req->pack->attrs); + req->pack->len += 2 + 4; return 0; } -int rad_req_add_str(struct rad_req_t *req, const char *name, const char *val, int len) +int rad_req_add_str(struct rad_req_t *req, const char *name, const char *val, int len, int printable) { struct rad_req_attr_t *ra; struct rad_dict_attr_t *attr; - if (req->pack.len + 2 + len >= REQ_LENGTH_MAX) + if (req->pack->len + 2 + len >= REQ_LENGTH_MAX) return -1; attr = rad_dict_find_attr(name); @@ -157,14 +182,24 @@ int rad_req_add_str(struct rad_req_t *req, const char *name, const char *val, in return -1; ra = malloc(sizeof(*ra)); - if (!ra) + if (!ra) { + log_error("radius: aout of memory\n"); return -1; + } ra->attr = attr; ra->len = len; - ra->val.string = strdup(val); - list_add_tail(&ra->entry, &req->pack.attrs); - req->pack.len += 2 + len; + ra->val.string = malloc(len+1); + if (!ra->val.string) { + log_error("radius: out of memory\n"); + free(ra); + return -1; + } + memcpy(ra->val.string, val, len); + ra->val.string[len] = 0; + ra->printable = printable; + list_add_tail(&ra->entry, &req->pack->attrs); + req->pack->len += 2 + len; return 0; } @@ -175,14 +210,14 @@ int rad_req_add_val(struct rad_req_t *req, const char *name, const char *val, in struct rad_dict_attr_t *attr; struct rad_dict_value_t *v; - if (req->pack.len + 2 + len >= REQ_LENGTH_MAX) + if (req->pack->len + 2 + len >= REQ_LENGTH_MAX) return -1; attr = rad_dict_find_attr(name); if (!attr) return -1; - v = rad_dict_find_val(attr, val); + v = rad_dict_find_val_name(attr, val); if (!v) return -1; @@ -193,39 +228,61 @@ int rad_req_add_val(struct rad_req_t *req, const char *name, const char *val, in ra->attr = attr; ra->len = len; ra->val = v->val; - list_add_tail(&ra->entry, &req->pack.attrs); - req->pack.len += 2 + len; + ra->printable = 1; + list_add_tail(&ra->entry, &req->pack->attrs); + req->pack->len += 2 + len; return 0; } +static void req_wakeup(struct rad_req_t *req) +{ + triton_context_wakeup(req->rpd->ppp->ctrl->ctx); + triton_timer_del(&req->timeout); + triton_md_unregister_handler(&req->hnd); + triton_context_unregister(&req->ctx); +} static int rad_req_read(struct triton_md_handler_t *h) { struct rad_req_t *req = container_of(h, typeof(*req), hnd); req->reply = rad_packet_recv(h->fd); - + req_wakeup(req); + return 0; } static void rad_req_timeout(struct triton_timer_t *t) { + struct rad_req_t *req = container_of(t, typeof(*req), timeout); + + req_wakeup(req); } int rad_req_wait(struct rad_req_t *req, int timeout) { - triton_md_register_handler(req->rpd->ppp->ctrl->ctx, &req->hnd); + triton_context_register(&req->ctx); + triton_md_register_handler(&req->ctx, &req->hnd); if (triton_md_enable_handler(&req->hnd, MD_MODE_READ)) return -1; req->timeout.period = timeout * 1000; - if (triton_timer_add(req->rpd->ppp->ctrl->ctx, &req->timeout, 0)) + if (triton_timer_add(&req->ctx, &req->timeout, 0)) return -1; - triton_ctx_schedule(&req->hnd, &req->timeout); - - triton_timer_del(&req->timeout); - triton_md_unregister_handler(&req->hnd); + triton_context_schedule(req->rpd->ppp->ctrl->ctx); + if (conf_verbose && req->reply) { + log_debug("recv "); + rad_packet_print(req->reply, log_debug); + } return 0; } +void __init req_init(void) +{ + urandom_fd = open("/dev/urandom", O_RDONLY); + if (!urandom_fd) { + perror("radius:req: open /dev/urandom"); + _exit(EXIT_FAILURE); + } +} diff --git a/accel-pptpd/triton/md.c b/accel-pptpd/triton/md.c index 3cb47a6d..05d814cc 100644 --- a/accel-pptpd/triton/md.c +++ b/accel-pptpd/triton/md.c @@ -86,16 +86,16 @@ static void *md_thread(void *arg) return NULL; } -void __export triton_md_register_handler(struct triton_ctx_t *ctx, struct triton_md_handler_t *ud) +void __export triton_md_register_handler(struct triton_context_t *ctx, struct triton_md_handler_t *ud) { struct _triton_md_handler_t *h = mempool_alloc(md_pool); memset(h, 0, sizeof(*h)); h->ud = ud; h->epoll_event.data.ptr = h; if (ctx) - h->ctx = (struct _triton_ctx_t *)ctx->tpd; + h->ctx = (struct _triton_context_t *)ctx->tpd; else - h->ctx = (struct _triton_ctx_t *)default_ctx->tpd; + h->ctx = (struct _triton_context_t *)default_ctx->tpd; ud->tpd = h; spin_lock(&h->ctx->lock); list_add_tail(&h->entry, &h->ctx->handlers); diff --git a/accel-pptpd/triton/timer.c b/accel-pptpd/triton/timer.c index f34c19d1..e9fd66a0 100644 --- a/accel-pptpd/triton/timer.c +++ b/accel-pptpd/triton/timer.c @@ -86,7 +86,7 @@ void *timer_thread(void *arg) return NULL; } -int __export triton_timer_add(struct triton_ctx_t *ctx, struct triton_timer_t *ud, int abs_time) +int __export triton_timer_add(struct triton_context_t *ctx, struct triton_timer_t *ud, int abs_time) { struct _triton_timer_t *t = mempool_alloc(timer_pool); @@ -95,9 +95,9 @@ int __export triton_timer_add(struct triton_ctx_t *ctx, struct triton_timer_t *u t->epoll_event.data.ptr = t; t->epoll_event.events = EPOLLIN | EPOLLET; if (ctx) - t->ctx = (struct _triton_ctx_t *)ctx->tpd; + t->ctx = (struct _triton_context_t *)ctx->tpd; else - t->ctx = (struct _triton_ctx_t *)default_ctx->tpd; + t->ctx = (struct _triton_context_t *)default_ctx->tpd; t->fd = timerfd_create(CLOCK_MONOTONIC, TFD_NONBLOCK); if (t->fd < 0) { triton_log_error("timer:timerfd_create: %s" ,strerror(errno)); diff --git a/accel-pptpd/triton/triton.c b/accel-pptpd/triton/triton.c index 9aa7462b..ba08c122 100644 --- a/accel-pptpd/triton/triton.c +++ b/accel-pptpd/triton/triton.c @@ -7,7 +7,7 @@ #include "triton_p.h" -int thread_count = 4; +int thread_count = 1; int max_events = 64; static spinlock_t threads_lock = SPINLOCK_INITIALIZER; @@ -19,7 +19,7 @@ static LIST_HEAD(ctx_queue); static spinlock_t ctx_list_lock = SPINLOCK_INITIALIZER; static LIST_HEAD(ctx_list); -struct triton_ctx_t *default_ctx; +struct triton_context_t *default_ctx; static int terminate; static mempool_t *ctx_pool; @@ -31,61 +31,25 @@ void triton_thread_wakeup(struct _triton_thread_t *thread) static void* triton_thread(struct _triton_thread_t *thread) { - struct _triton_md_handler_t *h; - struct _triton_timer_t *t; sigset_t set; int sig; - uint64_t tt; sigemptyset(&set); sigaddset(&set, SIGUSR1); sigaddset(&set, SIGQUIT); - while(1){ + while (1) { sigwait(&set, &sig); cont: - if (thread->ctx->need_close) { - if (thread->ctx->ud->close) - thread->ctx->ud->close(thread->ctx->ud); - thread->ctx->need_close = 0; - } - - while (1) { - spin_lock(&thread->ctx->lock); - if (!list_empty(&thread->ctx->pending_timers)) { - t = list_entry(thread->ctx->pending_timers.next, typeof(*t), entry2); - list_del(&t->entry2); - t->pending = 0; - spin_unlock(&thread->ctx->lock); - read(t->fd, &tt, sizeof(tt)); - t->ud->expire(t->ud); - } - if (!list_empty(&thread->ctx->pending_handlers)) { - h = list_entry(thread->ctx->pending_handlers.next, typeof(*h), entry2); - list_del(&h->entry2); - h->pending = 0; - spin_unlock(&thread->ctx->lock); - - if (h->trig_epoll_events & (EPOLLIN | EPOLLERR | EPOLLHUP)) - if (h->ud->read) - if (h->ud->read(h->ud)) - continue; - if (h->trig_epoll_events & (EPOLLOUT | EPOLLERR | EPOLLHUP)) - if (h->ud->write) - if (h->ud->write(h->ud)) - continue; - h->trig_epoll_events = 0; - continue; - } - thread->ctx->thread = NULL; - spin_unlock(&thread->ctx->lock); - if (thread->ctx->need_free) - mempool_free(thread->ctx); - thread->ctx = NULL; - break; + if (swapcontext(&thread->uctx, &thread->ctx->uctx)) { + triton_log_error("swapcontext: %s\n", strerror(errno)); } + if (thread->ctx->need_free) + mempool_free(thread->ctx); + thread->ctx = NULL; + spin_lock(&threads_lock); if (!list_empty(&ctx_queue)) { thread->ctx = list_entry(ctx_queue.next, typeof(*thread->ctx), entry2); @@ -106,6 +70,55 @@ cont: } } +static void ctx_thread(struct _triton_context_t *ctx) +{ + struct _triton_md_handler_t *h; + struct _triton_timer_t *t; + uint64_t tt; + ucontext_t *uctx; + + while (1) { + uctx = &ctx->thread->uctx; + if (ctx->need_close) { + if (ctx->ud->close) + ctx->ud->close(ctx->ud); + ctx->need_close = 0; + } + + while (1) { + spin_lock(&ctx->lock); + if (!list_empty(&ctx->pending_timers)) { + t = list_entry(ctx->pending_timers.next, typeof(*t), entry2); + list_del(&t->entry2); + t->pending = 0; + spin_unlock(&ctx->lock); + read(t->fd, &tt, sizeof(tt)); + t->ud->expire(t->ud); + continue; + } + if (!list_empty(&ctx->pending_handlers)) { + h = list_entry(ctx->pending_handlers.next, typeof(*h), entry2); + list_del(&h->entry2); + h->pending = 0; + spin_unlock(&ctx->lock); + if (h->trig_epoll_events & (EPOLLIN | EPOLLERR | EPOLLHUP)) + if (h->ud && h->ud->read) + h->ud->read(h->ud); + if (h->trig_epoll_events & (EPOLLOUT | EPOLLERR | EPOLLHUP)) + if (h->ud && h->ud->write) + h->ud->write(h->ud); + h->trig_epoll_events = 0; + continue; + } + ctx->thread = NULL; + spin_unlock(&ctx->lock); + + if (swapcontext(&ctx->uctx, uctx)) + triton_log_error("swapcontext: %s\n", strerror(errno)); + } + } +} + struct _triton_thread_t *create_thread() { struct _triton_thread_t *thread = malloc(sizeof(*thread)); @@ -121,9 +134,9 @@ struct _triton_thread_t *create_thread() return thread; } -int triton_queue_ctx(struct _triton_ctx_t *ctx) +int triton_queue_ctx(struct _triton_context_t *ctx) { - if (ctx->thread || ctx->queued) + if (ctx->thread || ctx->queued || ctx->sleeping) return 0; spin_lock(&threads_lock); @@ -142,9 +155,9 @@ int triton_queue_ctx(struct _triton_ctx_t *ctx) return 1; } -void __export triton_register_ctx(struct triton_ctx_t *ud) +int __export triton_context_register(struct triton_context_t *ud) { - struct _triton_ctx_t *ctx = mempool_alloc(ctx_pool); + struct _triton_context_t *ctx = mempool_alloc(ctx_pool); memset(ctx, 0, sizeof(*ctx)); ctx->ud = ud; @@ -154,16 +167,33 @@ void __export triton_register_ctx(struct triton_ctx_t *ud) INIT_LIST_HEAD(&ctx->pending_handlers); INIT_LIST_HEAD(&ctx->pending_timers); + if (getcontext(&ctx->uctx)) { + triton_log_error("getcontext: %s\n", strerror(errno)); + free(ctx); + return -1; + } + + ctx->uctx.uc_stack.ss_size = CTX_STACK_SIZE; + ctx->uctx.uc_stack.ss_sp = malloc(CTX_STACK_SIZE); + if (!ctx->uctx.uc_stack.ss_sp) { + triton_log_error("out of memory\n"); + free(ctx); + return -1; + } + makecontext(&ctx->uctx, (void (*)())ctx_thread, 1, ctx); + ud->tpd = ctx; spin_lock(&ctx_list_lock); list_add_tail(&ctx->entry, &ctx_list); spin_unlock(&ctx_list_lock); + + return 0; } -void __export triton_unregister_ctx(struct triton_ctx_t *ud) +void __export triton_context_unregister(struct triton_context_t *ud) { - struct _triton_ctx_t *ctx = (struct _triton_ctx_t *)ud->tpd; + struct _triton_context_t *ctx = (struct _triton_context_t *)ud->tpd; if (!list_empty(&ctx->handlers)) { triton_log_error("BUG:ctx:triton_unregister_ctx: handlers is not empty"); @@ -175,6 +205,14 @@ void __export triton_unregister_ctx(struct triton_ctx_t *ud) } if (!list_empty(&ctx->timers)) { triton_log_error("BUG:ctx:triton_unregister_ctx: timers is not empty"); + { + struct _triton_timer_t *t; + while(!list_empty(&ctx->timers)) { + t = list_entry(ctx->timers.next, typeof(*t), entry); + t->ud->expire(t->ud); + list_del(&t->entry); + } + } abort(); } if (!list_empty(&ctx->pending_timers)) { @@ -187,17 +225,43 @@ void __export triton_unregister_ctx(struct triton_ctx_t *ud) list_del(&ctx->entry); spin_unlock(&ctx_list_lock); } +void __export triton_context_schedule(struct triton_context_t *ud) +{ + struct _triton_context_t *ctx = (struct _triton_context_t *)ud->tpd; + ucontext_t *uctx = &ctx->thread->uctx; + + spin_lock(&ctx->lock); + ctx->sleeping = 1; + ctx->thread = NULL; + spin_unlock(&ctx->lock); + + if (swapcontext(&ctx->uctx, uctx)) + triton_log_error("swaswpntext: %s\n", strerror(errno)); +} + +void __export triton_context_wakeup(struct triton_context_t *ud) +{ + struct _triton_context_t *ctx = (struct _triton_context_t *)ud->tpd; + int r; + + spin_lock(&ctx->lock); + ctx->sleeping = 0; + r = triton_queue_ctx(ctx); + spin_unlock(&ctx->lock); + if (r) + triton_thread_wakeup(ctx->thread); +} int __export triton_init(const char *conf_file, const char *mod_sect) { - ctx_pool = mempool_create(sizeof(struct _triton_ctx_t)); + ctx_pool = mempool_create(sizeof(struct _triton_context_t)); default_ctx = malloc(sizeof(*default_ctx)); if (!default_ctx) { fprintf(stderr,"cann't allocate memory\n"); return -1; } - triton_register_ctx(default_ctx); + triton_context_register(default_ctx); if (conf_load(conf_file)) return -1; @@ -237,7 +301,7 @@ void __export triton_run() void __export triton_terminate() { - struct _triton_ctx_t *ctx; + struct _triton_context_t *ctx; struct _triton_thread_t *t; md_terminate(); diff --git a/accel-pptpd/triton/triton.h b/accel-pptpd/triton/triton.h index 2cc5ccf6..735264a8 100644 --- a/accel-pptpd/triton/triton.h +++ b/accel-pptpd/triton/triton.h @@ -5,11 +5,11 @@ #include "list.h" -struct triton_ctx_t +struct triton_context_t { const void *tpd; // triton private data, don't touch! - void (*close)(struct triton_ctx_t*); - void (*free)(struct triton_ctx_t*); + void (*close)(struct triton_context_t*); + void (*free)(struct triton_context_t*); }; struct triton_md_handler_t @@ -41,18 +41,19 @@ struct conf_sect_t struct list_head items; }; -void triton_register_ctx(struct triton_ctx_t *); -void triton_unregister_ctx(struct triton_ctx_t *); -void triton_ctx_schedule(struct triton_md_handler_t *, struct triton_timer_t *); +int triton_context_register(struct triton_context_t *); +void triton_context_unregister(struct triton_context_t *); +void triton_context_schedule(struct triton_context_t *); +void triton_context_wakeup(struct triton_context_t *); #define MD_MODE_READ 1 #define MD_MODE_WRITE 2 -void triton_md_register_handler(struct triton_ctx_t *, struct triton_md_handler_t *); +void triton_md_register_handler(struct triton_context_t *, struct triton_md_handler_t *); void triton_md_unregister_handler(struct triton_md_handler_t *h); int triton_md_enable_handler(struct triton_md_handler_t *h, int mode); int triton_md_disable_handler(struct triton_md_handler_t *h,int mode); -int triton_timer_add(struct triton_ctx_t *ctx, struct triton_timer_t*,int abs_time); +int triton_timer_add(struct triton_context_t *ctx, struct triton_timer_t*,int abs_time); int triton_timer_mod(struct triton_timer_t *,int abs_time); void triton_timer_del(struct triton_timer_t *); diff --git a/accel-pptpd/triton/triton_p.h b/accel-pptpd/triton/triton_p.h index c31efd6e..0aa37b1f 100644 --- a/accel-pptpd/triton/triton_p.h +++ b/accel-pptpd/triton/triton_p.h @@ -3,43 +3,52 @@ #include #include +#include #include "triton.h" #include "list.h" #include "spinlock.h" +#define CTX_STACK_SIZE 8196 + struct _triton_thread_t { struct list_head entry; struct list_head entry2; pthread_t thread; int terminate:1; - struct _triton_ctx_t *ctx; + struct _triton_context_t *ctx; + ucontext_t uctx; }; -struct _triton_ctx_t +struct _triton_context_t { struct list_head entry; struct list_head entry2; + spinlock_t lock; + struct _triton_thread_t *thread; + struct list_head handlers; struct list_head timers; - - struct _triton_thread_t *thread; struct list_head pending_handlers; struct list_head pending_timers; + + ucontext_t uctx; + int queued:1; + int sleeping:1; int need_close:1; int need_free:1; - struct triton_ctx_t *ud; + struct triton_context_t *ud; }; struct _triton_md_handler_t { struct list_head entry; struct list_head entry2; - struct _triton_ctx_t *ctx; + struct _triton_context_t *ctx; struct epoll_event epoll_event; uint32_t trig_epoll_events; int pending:1; @@ -51,7 +60,7 @@ struct _triton_timer_t struct list_head entry; struct list_head entry2; struct epoll_event epoll_event; - struct _triton_ctx_t *ctx; + struct _triton_context_t *ctx; int fd; int pending:1; struct triton_timer_t *ud; @@ -76,8 +85,8 @@ void md_run(); void md_terminate(); void timer_run(); void timer_terminate(); -struct triton_ctx_t *default_ctx; -int triton_queue_ctx(struct _triton_ctx_t*); +struct triton_context_t *default_ctx; +int triton_queue_ctx(struct _triton_context_t*); void triton_thread_wakeup(struct _triton_thread_t*); int conf_load(const char *fname); void triton_log_error(const char *fmt,...); -- cgit v1.2.3