accel-ppp-xebd.git/accel-pppd/auth, branch 1.12.0 High performance PPTP/L2TP/PPPoE/IPoE server for Linux (mirror of https://github.com/marekm72/accel-ppp-xebd.git) https://git.amelek.net/marekm72/accel-ppp-xebd.git/atom?h=1.12.0 2018-11-27T06:56:56+00:00 auth: remove .recv_conf_req from struct ppp_auth_handler_t 2018-11-27T06:56:56+00:00 Guillaume Nault g.nault@alphalink.fr 2018-11-19T16:44:37+00:00 urn:sha1:9de2460f922eba2c8e0ace09be5f42e74a0f0ff7 This callback isn't used anymore. Let's remove it from all authentication backends. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> auth: fix re-authentication of peer in all chap modules 2018-03-24T06:41:38+00:00 Guillaume Nault g.nault@alphalink.fr 2018-03-21T17:09:14+00:00 urn:sha1:10ede239609e41e259be9c38932e33f7dc74bd8a If the peer re-authenticates (because of option conf_interval) and pwdb calls auth_result(), we may add the interval timer again to the session context. This crashes accel-ppp when deleting the session, because the interval timer is removed only once and the superfluous timers are still running. Therefore, when removing the context, triton detects this issue and calls abort(). To fix this, we need to detect if the session is already started and just send a CHAP Success message in this case. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> auth: avoid sending duplicate CHAP Failure messages in mschap-v1 and mschap-v2 2018-03-24T06:41:22+00:00 Guillaume Nault g.nault@alphalink.fr 2018-03-21T17:09:12+00:00 urn:sha1:29c626683ea1aa6136360a6afcc6a053d0342a3d When pwdb returns PWDB_NO_IMPL and chap_recv_response() performs the authentication itself, it delegates this task to chap_check_response(). This function sends a CHAP Failure message if it can't retrieve the password, but not in case of password mismatch. Since chap_recv_response() already sends a CHAP Failure message on error, the one sent by chap_check_response() is useless. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> auth: fix missing CHAP Success message in chap-md5 2018-03-24T06:41:01+00:00 Guillaume Nault g.nault@alphalink.fr 2018-03-21T17:09:10+00:00 urn:sha1:5da833d512870bfb4d39741df2bec7fad2969ebd When pwdb returns PWDB_NO_IMPL, then chap_recv_response() tries to authenticate the peer itself. If this authentication succeeds but the session is already started (in case of re-authentication, with option conf_interval), no CHAP Success is sent. This patch sends the missing CHAP Success message in this case, so that the peer knows that its response has been received and accepted, and that no retransmission is required. Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> ppp_auth: fixed possible use after free 2016-03-04T19:08:17+00:00 Dmitry Kozlov xeb@mail.ru 2016-03-04T19:08:17+00:00 urn:sha1:3fa9e6ad35c7768ccba7381599119656b18e5eb9 remove trailing whitespaces 2014-11-22T05:56:40+00:00 Dmitry Kozlov xeb@mail.ru 2014-11-22T05:56:40+00:00 urn:sha1:81ca3923a29ea9b67f7291be23b210019546aa5f fixed compilation warnings 2014-09-22T09:12:36+00:00 Dmitry Kozlov xeb@mail.ru 2014-09-22T09:12:36+00:00 urn:sha1:fb1f7723afe46d696ba62597909066fea42bfaec rewrite of authentication/accounting procedures 2014-09-20T08:18:49+00:00 Dmitry Kozlov xeb@mail.ru 2014-09-20T08:18:49+00:00 urn:sha1:62e89248160d3592c2d754fcaa15e37586a5b091 This patch gets rid of synchronuos style of authentication/accounting. Synchronous style of authentication/accounting produced sleeping threads which becomes a problem when lots of sessions started/stopped and all they want authorization/accounting. auth: do not decrement id on retransmit 2014-07-11T10:29:41+00:00 Dmitry Kozlov xeb@mail.ru 2014-07-11T10:29:41+00:00 urn:sha1:1cc4499b0244ccd82c2f99d1a2c3ff6632bd5b40 ppp: auth: answer "Success" to retrasmitted messages if auth layer is already started 2014-07-09T14:05:54+00:00 Dmitry Kozlov xeb@mail.ru 2014-07-09T14:02:51+00:00 urn:sha1:a35ddd5d7184f4d285d5070ee9dda157687b2e9f