diff options
author | Dmitry Kozlov <xeb@mail.ru> | 2010-10-25 16:21:25 +0400 |
---|---|---|
committer | Dmitry Kozlov <xeb@mail.ru> | 2010-10-25 16:21:25 +0400 |
commit | 788923a042b90bc5ff1922b9b46648c4f4c0218c (patch) | |
tree | 70ef58296a98960975d07dbeda504999396802ef | |
parent | 5d039c59acb58eb90f8d1256245b2c99aea129b0 (diff) | |
download | accel-ppp-xebd-788923a042b90bc5ff1922b9b46648c4f4c0218c.tar.gz accel-ppp-xebd-788923a042b90bc5ff1922b9b46648c4f4c0218c.zip |
implemented chap-secrets module which reads username,password and ip address from pppd compatible chap-secrets file
-rw-r--r-- | accel-pptpd/CMakeLists.txt | 10 | ||||
-rw-r--r-- | accel-pptpd/accel-pptp.conf | 1 | ||||
-rw-r--r-- | accel-pptpd/auth/auth_chap_md5.c | 1 | ||||
-rw-r--r-- | accel-pptpd/auth/auth_mschap_v1.c | 3 | ||||
-rw-r--r-- | accel-pptpd/auth/auth_mschap_v2.c | 4 | ||||
-rw-r--r-- | accel-pptpd/auth/auth_pap.c | 3 | ||||
-rw-r--r-- | accel-pptpd/extra/CMakeLists.txt | 3 | ||||
-rw-r--r-- | accel-pptpd/extra/chap-secrets.c | 217 | ||||
-rw-r--r-- | accel-pptpd/extra/pppd_compat.c | 17 | ||||
-rw-r--r-- | accel-pptpd/extra/shaper_tbf.c | 24 |
10 files changed, 269 insertions, 14 deletions
diff --git a/accel-pptpd/CMakeLists.txt b/accel-pptpd/CMakeLists.txt index 8a629cb..270f0a6 100644 --- a/accel-pptpd/CMakeLists.txt +++ b/accel-pptpd/CMakeLists.txt @@ -15,10 +15,18 @@ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -fvisibility=hidden -D_GNU_SOURCE -DGC INCLUDE_DIRECTORIES(include) +IF (NOT DEFINED RADIUS) + SET(RADIUS TRUE) +ENDIF (NOT DEFINED RADIUS) + +IF (RADIUS) + ADD_DEFINITIONS("-DRADIUS") + ADD_SUBDIRECTORY(radius) +ENDIF (RADIUS) + ADD_SUBDIRECTORY(triton) ADD_SUBDIRECTORY(ctrl) ADD_SUBDIRECTORY(auth) -ADD_SUBDIRECTORY(radius) ADD_SUBDIRECTORY(logs) ADD_SUBDIRECTORY(extra) diff --git a/accel-pptpd/accel-pptp.conf b/accel-pptpd/accel-pptp.conf index 24b560a..bff0f87 100644 --- a/accel-pptpd/accel-pptp.conf +++ b/accel-pptpd/accel-pptp.conf @@ -14,6 +14,7 @@ ippool sigchld pppd_compat #shaper_tbf +#chap-secrets [core] log-error=/var/log/accel-pptp/core.log diff --git a/accel-pptpd/auth/auth_chap_md5.c b/accel-pptpd/auth/auth_chap_md5.c index 0e22908..a29cedb 100644 --- a/accel-pptpd/auth/auth_chap_md5.c +++ b/accel-pptpd/auth/auth_chap_md5.c @@ -316,7 +316,6 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h auth_successed(ad->ppp, name); } } - _free(name); _free(passwd); } else if (r == PWDB_DENIED) { chap_send_failure(ad); diff --git a/accel-pptpd/auth/auth_mschap_v1.c b/accel-pptpd/auth/auth_mschap_v1.c index d1dccef..d74f8e9 100644 --- a/accel-pptpd/auth/auth_mschap_v1.c +++ b/accel-pptpd/auth/auth_mschap_v1.c @@ -307,7 +307,8 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h r = pwdb_check(ad->ppp, name, PPP_CHAP, MSCHAP_V1, ad->id, ad->val, VALUE_SIZE, msg->lm_hash, msg->nt_hash, msg->flags); if (r == PWDB_NO_IMPL) - r = chap_check_response(ad, msg, name); + if (chap_check_response(ad, msg, name)) + r = PWDB_DENIED; if (r == PWDB_DENIED) { chap_send_failure(ad); diff --git a/accel-pptpd/auth/auth_mschap_v2.c b/accel-pptpd/auth/auth_mschap_v2.c index 3b2da7b..8e4a7c0 100644 --- a/accel-pptpd/auth/auth_mschap_v2.c +++ b/accel-pptpd/auth/auth_mschap_v2.c @@ -384,7 +384,9 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h if (r == PWDB_NO_IMPL) { r = chap_check_response(ad, msg, name); - if (generate_response(ad, msg, name, authenticator)) + if (r) + r = PWDB_DENIED; + else if (generate_response(ad, msg, name, authenticator)) r = PWDB_DENIED; } diff --git a/accel-pptpd/auth/auth_pap.c b/accel-pptpd/auth/auth_pap.c index e1b48bd..814d02d 100644 --- a/accel-pptpd/auth/auth_pap.c +++ b/accel-pptpd/auth/auth_pap.c @@ -170,7 +170,7 @@ static int pap_recv_req(struct pap_auth_data_t *p, struct pap_hdr_t *hdr) int ret, r; char *peer_id; char *passwd; - const char *passwd2; + char *passwd2; int peer_id_len; int passwd_len; uint8_t *ptr = (uint8_t*)(hdr + 1); @@ -204,6 +204,7 @@ static int pap_recv_req(struct pap_auth_data_t *p, struct pap_hdr_t *hdr) r = PWDB_DENIED; else r = PWDB_SUCCESS; + _free(passwd2); } if (r == PWDB_DENIED) { if (conf_ppp_verbose) diff --git a/accel-pptpd/extra/CMakeLists.txt b/accel-pptpd/extra/CMakeLists.txt index c354c04..dc55840 100644 --- a/accel-pptpd/extra/CMakeLists.txt +++ b/accel-pptpd/extra/CMakeLists.txt @@ -1,8 +1,9 @@ ADD_LIBRARY(pppd_compat SHARED pppd_compat.c) ADD_LIBRARY(ippool SHARED ippool.c) ADD_LIBRARY(sigchld SHARED sigchld.c) +ADD_LIBRARY(chap-secrets SHARED chap-secrets.c) -INSTALL(TARGETS pppd_compat ippool sigchld +INSTALL(TARGETS pppd_compat ippool sigchld chap-secrets LIBRARY DESTINATION usr/lib/accel-pptp ) diff --git a/accel-pptpd/extra/chap-secrets.c b/accel-pptpd/extra/chap-secrets.c new file mode 100644 index 0000000..d60ceb7 --- /dev/null +++ b/accel-pptpd/extra/chap-secrets.c @@ -0,0 +1,217 @@ +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +#include "pwdb.h" +#include "ipdb.h" +#include "ppp.h" +#include "events.h" +#include "triton.h" +#include "log.h" + +#include "memdebug.h" + +static const char *conf_chap_secrets = "/etc/ppp/chap-secrets"; +static in_addr_t conf_gw_ip_address = 0; + +static void *pd_key; +static struct ipdb_t ipdb; + +struct cs_pd_t +{ + struct ppp_pd_t pd; + struct ipdb_item_t ip; + char *passwd; +}; + +static char *skip_word(char *ptr) +{ + for(; *ptr; ptr++) + if (*ptr == ' ' || *ptr == '\t' || *ptr == '\n') + break; + return ptr; +} +static char *skip_space(char *ptr) +{ + for(; *ptr; ptr++) + if (*ptr != ' ' && *ptr != '\t') + break; + return ptr; +} +static int split(char *buf, char **ptr) +{ + int i; + + for (i = 0; i < 3; i++) { + buf = skip_word(buf); + if (!*buf) + return i; + + *buf = 0; + + buf = skip_space(buf + 1); + if (!*buf) + return i; + + ptr[i] = buf; + } + + buf = skip_word(buf); + //if (*buf == '\n') + *buf = 0; + //else if (*buf) + // return -1; + + return i; +} + + +static struct cs_pd_t *create_pd(struct ppp_t *ppp, const char *username) +{ + FILE *f; + char *buf; + char *ptr[4]; + int n; + struct cs_pd_t *pd; + + if (!conf_chap_secrets) + return NULL; + + f = fopen(conf_chap_secrets, "r"); + if (!f) { + log_error("chap-secrets: open '%s': %s\n", conf_chap_secrets, strerror(errno)); + return NULL; + } + + buf = _malloc(4096); + if (!buf) { + log_emerg("chap-secrets: out of memory\n"); + fclose(f); + return NULL; + } + + while (fgets(buf, 4096, f)) { + n = split(buf, ptr); + if (n < 3) + continue; + if (!strcmp(buf, username)) + goto found; + } + +out: + fclose(f); + _free(buf); + return NULL; + +found: + pd = _malloc(sizeof(*pd)); + if (!pd) { + log_emerg("chap-secrets: out of memory\n"); + goto out; + } + + memset(pd, 0, sizeof(*pd)); + pd->pd.key = &pd_key; + pd->passwd = _strdup(ptr[1]); + if (!pd->passwd) { + log_emerg("chap-secrets: out of memory\n"); + _free(pd); + goto out; + } + + pd->ip.addr = conf_gw_ip_address; + if (n == 3) + pd->ip.peer_addr = inet_addr(ptr[2]); + pd->ip.owner = &ipdb; + + list_add_tail(&pd->pd.entry, &ppp->pd_list); + + fclose(f); + _free(buf); + + return pd; +} + +static struct cs_pd_t *find_pd(struct ppp_t *ppp) +{ + struct ppp_pd_t *pd; + + list_for_each_entry(pd, &ppp->pd_list, entry) { + if (pd->key == &pd_key) { + return container_of(pd, typeof(struct cs_pd_t), pd); + } + } + + return NULL; +} + +static void ev_ppp_finished(struct ppp_t *ppp) +{ + struct cs_pd_t *pd = find_pd(ppp); + + if (!pd) + return; + + list_del(&pd->pd.entry); + _free(pd->passwd); + _free(pd); +} + +static struct ipdb_item_t *get_ip(struct ppp_t *ppp) +{ + struct cs_pd_t *pd; + + if (!conf_gw_ip_address) + return NULL; + + pd = find_pd(ppp); + + if (!pd) + return NULL; + + if (!pd->ip.addr) + return NULL; + + return &pd->ip; +} + +static char* get_passwd(struct pwdb_t *pwdb, struct ppp_t *ppp, const char *username) +{ + struct cs_pd_t *pd = find_pd(ppp); + + if (!pd) + pd = create_pd(ppp, username); + + if (!pd) + return NULL; + + return _strdup(pd->passwd); +} + +static struct ipdb_t ipdb = { + .get = get_ip, +}; + +static struct pwdb_t pwdb = { + .get_passwd = get_passwd, +}; + +static void __init init(void) +{ + const char *opt; + + opt = conf_get_opt("chap-secrets", "chap-secrets"); + if (opt) + conf_chap_secrets = opt; + + opt = conf_get_opt("chap-secrets", "gw-ip-address"); + if (opt) + conf_gw_ip_address = inet_addr(opt); + + pwdb_register(&pwdb); + ipdb_register(&ipdb); + + triton_event_register_handler(EV_PPP_FINISHED, (triton_event_func)ev_ppp_finished); +} diff --git a/accel-pptpd/extra/pppd_compat.c b/accel-pptpd/extra/pppd_compat.c index db46dd4..d50c929 100644 --- a/accel-pptpd/extra/pppd_compat.c +++ b/accel-pptpd/extra/pppd_compat.c @@ -15,10 +15,13 @@ #include "events.h" #include "ppp.h" #include "log.h" -#include "radius.h" #include "utils.h" #include "sigchld.h" +#ifdef RADIUS +#include "radius.h" +#endif + #include "memdebug.h" static char *conf_ip_up = "/etc/ppp/ip-up"; @@ -38,18 +41,22 @@ struct pppd_compat_pd_t struct sigchld_handler_t ip_up_hnd; struct sigchld_handler_t ip_change_hnd; struct sigchld_handler_t ip_down_hnd; +#ifdef RADIUS int radattr_saved:1; +#endif int started:1; int res; int bytes_sent; int bytes_rcvd; }; -static void remove_radattr(struct ppp_t *ppp); static struct pppd_compat_pd_t *find_pd(struct ppp_t *ppp); static void fill_argv(char **argv, struct ppp_t *ppp, char *path); static void fill_env(char **env, struct pppd_compat_pd_t *pd); +#ifdef RADIUS +static void remove_radattr(struct ppp_t *ppp); static void write_radattr(struct ppp_t *ppp, struct rad_packet_t *pack, int save_old); +#endif static void ip_pre_up_handler(struct sigchld_handler_t *h, int status) { @@ -287,13 +294,16 @@ static void ev_ppp_finished(struct ppp_t *ppp) pthread_mutex_unlock(&pd->ip_up_hnd.lock); skip: +#ifdef RADIUS if (pd->radattr_saved) remove_radattr(ppp); +#endif list_del(&pd->pd.entry); _free(pd); } +#ifdef RADIUS static void ev_radius_access_accept(struct ev_radius_t *ev) { struct pppd_compat_pd_t *pd = find_pd(ev->ppp); @@ -432,6 +442,7 @@ static void write_radattr(struct ppp_t *ppp, struct rad_packet_t *pack, int save if (save_old) _free(fname2); } +#endif static struct pppd_compat_pd_t *find_pd(struct ppp_t *ppp) { @@ -506,7 +517,9 @@ static void __init init(void) triton_event_register_handler(EV_PPP_STARTED, (triton_event_func)ev_ppp_started); triton_event_register_handler(EV_PPP_FINISHING, (triton_event_func)ev_ppp_finishing); triton_event_register_handler(EV_PPP_FINISHED, (triton_event_func)ev_ppp_finished); +#ifdef RADIUS triton_event_register_handler(EV_RADIUS_ACCESS_ACCEPT, (triton_event_func)ev_radius_access_accept); triton_event_register_handler(EV_RADIUS_COA, (triton_event_func)ev_radius_coa); +#endif } diff --git a/accel-pptpd/extra/shaper_tbf.c b/accel-pptpd/extra/shaper_tbf.c index cd1a88a..9c8e761 100644 --- a/accel-pptpd/extra/shaper_tbf.c +++ b/accel-pptpd/extra/shaper_tbf.c @@ -18,9 +18,13 @@ #include "triton.h" #include "events.h" -#include "radius.h" #include "log.h" #include "ppp.h" + +#ifdef RADIUS +#include "radius.h" +#endif + #include "memdebug.h" #define TIME_UNITS_PER_SEC 1000000 @@ -481,6 +485,7 @@ out_err: return -1; } +#ifdef RADIUS static int parse_attr(struct rad_attr_t *attr) { if (attr->attr->type == ATTR_TYPE_STRING) @@ -560,6 +565,7 @@ static void ev_radius_coa(struct ev_radius_t *ev) } } } +#endif static void ev_ctrl_finished(struct ppp_t *ppp) { @@ -606,6 +612,7 @@ static int clock_init(void) return 0; } +#ifdef RADIUS static int parse_attr_opt(const char *opt) { struct rad_dict_attr_t *attr; @@ -616,6 +623,7 @@ static int parse_attr_opt(const char *opt) return atoi(opt); } +#endif static void __init init(void) { @@ -624,6 +632,7 @@ static void __init init(void) if (clock_init()) return; +#ifdef RADIUS opt = conf_get_opt("tbf", "attr"); if (opt) { conf_attr_down = parse_attr_opt(opt); @@ -637,6 +646,12 @@ static void __init init(void) opt = conf_get_opt("tbf", "attr-up"); if (opt) conf_attr_up = parse_attr_opt(opt); + + if (conf_attr_up <= 0 || conf_attr_down <= 0) { + log_emerg("tbf: incorrect attribute(s), tbf disabled...\n"); + return; + } +#endif opt = conf_get_opt("tbf", "burst-factor"); if (opt) @@ -654,13 +669,10 @@ static void __init init(void) if (opt && atoi(opt) > 0) conf_verbose = 1; - if (conf_attr_up <= 0 || conf_attr_down <= 0) { - log_emerg("tbf: incorrect attribute(s), tbf disabled...\n"); - return; - } - +#ifdef RADIUS triton_event_register_handler(EV_RADIUS_ACCESS_ACCEPT, (triton_event_func)ev_radius_access_accept); triton_event_register_handler(EV_RADIUS_COA, (triton_event_func)ev_radius_coa); +#endif triton_event_register_handler(EV_CTRL_FINISHED, (triton_event_func)ev_ctrl_finished); } |