summaryrefslogtreecommitdiff
path: root/accel-pppd/auth
diff options
context:
space:
mode:
authorDmitry Kozlov <xeb@mail.ru>2014-07-09 18:02:51 +0400
committerDmitry Kozlov <xeb@mail.ru>2014-07-09 18:05:54 +0400
commita35ddd5d7184f4d285d5070ee9dda157687b2e9f (patch)
treec35337f15b9356e396f08fecf8bb403f2741130c /accel-pppd/auth
parent1df4a4e757e1356d1bd558f0fca1c6169d97fa90 (diff)
downloadaccel-ppp-a35ddd5d7184f4d285d5070ee9dda157687b2e9f.tar.gz
accel-ppp-a35ddd5d7184f4d285d5070ee9dda157687b2e9f.zip
ppp: auth: answer "Success" to retrasmitted messages if auth layer is already started
Diffstat (limited to 'accel-pppd/auth')
-rw-r--r--accel-pppd/auth/auth_chap_md5.c42
-rw-r--r--accel-pppd/auth/auth_mschap_v1.c36
-rw-r--r--accel-pppd/auth/auth_mschap_v2.c37
-rw-r--r--accel-pppd/auth/auth_pap.c5
4 files changed, 71 insertions, 49 deletions
diff --git a/accel-pppd/auth/auth_chap_md5.c b/accel-pppd/auth/auth_chap_md5.c
index 8aa3018..f843b92 100644
--- a/accel-pppd/auth/auth_chap_md5.c
+++ b/accel-pppd/auth/auth_chap_md5.c
@@ -37,41 +37,36 @@ static int conf_interval = 0;
static int conf_max_failure = 3;
static int conf_any_login = 0;
-struct chap_hdr_t
-{
+struct chap_hdr_t {
uint16_t proto;
uint8_t code;
uint8_t id;
uint16_t len;
} __attribute__((packed));
-struct chap_challenge_t
-{
+struct chap_challenge_t {
struct chap_hdr_t hdr;
uint8_t val_size;
uint8_t val[VALUE_SIZE];
char name[0];
} __attribute__((packed));
-struct chap_failure_t
-{
+struct chap_failure_t {
struct chap_hdr_t hdr;
char message[sizeof(MSG_FAILURE)];
} __attribute__((packed));
-struct chap_success_t
-{
+struct chap_success_t {
struct chap_hdr_t hdr;
char message[sizeof(MSG_SUCCESS)];
} __attribute__((packed));
-struct chap_auth_data_t
-{
+struct chap_auth_data_t {
struct auth_data_t auth;
struct ppp_handler_t h;
struct ppp_t *ppp;
- int id;
+ uint8_t id;
uint8_t val[VALUE_SIZE];
struct triton_timer_t timeout;
struct triton_timer_t interval;
@@ -131,6 +126,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth)
d->timeout.period = conf_timeout * 1000;
d->interval.expire = chap_restart_timer;
d->interval.period = conf_interval * 1000;
+ d->id = 1;
ppp_register_chan_handler(ppp, &d->h);
@@ -208,12 +204,12 @@ static void chap_send_failure(struct chap_auth_data_t *ad)
ppp_chan_send(ad->ppp, &msg, ntohs(msg.hdr.len) + 2);
}
-static void chap_send_success(struct chap_auth_data_t *ad)
+static void chap_send_success(struct chap_auth_data_t *ad, int id)
{
struct chap_success_t msg = {
.hdr.proto = htons(PPP_CHAP),
.hdr.code = CHAP_SUCCESS,
- .hdr.id = ad->id,
+ .hdr.id = id,
.hdr.len = htons(sizeof(msg)-1-2),
.message = MSG_SUCCESS,
};
@@ -229,7 +225,7 @@ static void chap_send_challenge(struct chap_auth_data_t *ad, int new)
struct chap_challenge_t msg = {
.hdr.proto = htons(PPP_CHAP),
.hdr.code = CHAP_CHALLENGE,
- .hdr.id = ++ad->id,
+ .hdr.id = ad->id,
.hdr.len = htons(sizeof(msg) - 2),
.val_size = VALUE_SIZE,
};
@@ -270,6 +266,11 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
print_str(msg->name, ntohs(msg->hdr.len) - sizeof(*msg) + 2);
log_ppp_info2("\"]\n");
}
+
+ if (ad->started && msg->hdr.id == ad->id - 1) {
+ chap_send_success(ad, msg->hdr.id);
+ return;
+ }
if (msg->hdr.id != ad->id) {
if (conf_ppp_verbose)
@@ -296,8 +297,9 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
_free(name);
return;
}
- chap_send_success(ad);
+ chap_send_success(ad, ad->id);
ad->started = 1;
+ ad->id++;
return;
}
@@ -337,13 +339,15 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0);
_free(name);
} else {
- chap_send_success(ad);
+ chap_send_success(ad, ad->id);
ad->started = 1;
if (conf_interval)
triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0);
}
} else
_free(name);
+
+ ad->id++;
}
_free(passwd);
} else if (r == PWDB_DENIED) {
@@ -360,15 +364,17 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0);
_free(name);
} else {
- chap_send_success(ad);
+ chap_send_success(ad, ad->id);
ad->started = 1;
if (conf_interval)
triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0);
}
} else {
- chap_send_success(ad);
+ chap_send_success(ad, ad->id);
_free(name);
}
+
+ ad->id++;
}
}
diff --git a/accel-pppd/auth/auth_mschap_v1.c b/accel-pppd/auth/auth_mschap_v1.c
index 8491e2c..7ae0ab3 100644
--- a/accel-pppd/auth/auth_mschap_v1.c
+++ b/accel-pppd/auth/auth_mschap_v1.c
@@ -37,26 +37,22 @@ static int conf_max_failure = 3;
static int conf_any_login = 0;
static char *conf_msg_failure = "E=691 R=0";
static char *conf_msg_success = "Authentication succeeded";
-;
-struct chap_hdr_t
-{
+struct chap_hdr_t {
uint16_t proto;
uint8_t code;
uint8_t id;
uint16_t len;
} __attribute__((packed));
-struct chap_challenge_t
-{
+struct chap_challenge_t {
struct chap_hdr_t hdr;
uint8_t val_size;
uint8_t val[VALUE_SIZE];
char name[0];
} __attribute__((packed));
-struct chap_response_t
-{
+struct chap_response_t {
struct chap_hdr_t hdr;
uint8_t val_size;
uint8_t lm_hash[24];
@@ -65,12 +61,11 @@ struct chap_response_t
char name[0];
} __attribute__((packed));
-struct chap_auth_data_t
-{
+struct chap_auth_data_t {
struct auth_data_t auth;
struct ppp_handler_t h;
struct ppp_t *ppp;
- int id;
+ uint8_t id;
uint8_t val[VALUE_SIZE];
struct triton_timer_t timeout;
struct triton_timer_t interval;
@@ -132,6 +127,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth)
d->timeout.period = conf_timeout * 1000;
d->interval.expire = chap_restart_timer;
d->interval.period = conf_interval * 1000;
+ d->id = 1;
ppp_register_chan_handler(ppp, &d->h);
@@ -210,12 +206,12 @@ static void chap_send_failure(struct chap_auth_data_t *ad, char *mschap_error)
_free(hdr);
}
-static void chap_send_success(struct chap_auth_data_t *ad)
+static void chap_send_success(struct chap_auth_data_t *ad, int id)
{
struct chap_hdr_t *hdr = _malloc(sizeof(*hdr) + strlen(conf_msg_success) + 1);
hdr->proto = htons(PPP_CHAP);
hdr->code = CHAP_SUCCESS;
- hdr->id = ad->id;
+ hdr->id = id;
hdr->len = htons(HDR_LEN + strlen(conf_msg_success));
strcpy((char *)(hdr + 1), conf_msg_success);
@@ -232,7 +228,7 @@ static void chap_send_challenge(struct chap_auth_data_t *ad, int new)
struct chap_challenge_t msg = {
.hdr.proto = htons(PPP_CHAP),
.hdr.code = CHAP_CHALLENGE,
- .hdr.id = ++ad->id,
+ .hdr.id = ad->id,
.hdr.len = htons(sizeof(msg) - 2),
.val_size = VALUE_SIZE,
};
@@ -274,6 +270,11 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
log_ppp_info2("\"]\n");
}
+ if (ad->started && msg->hdr.id == ad->id - 1) {
+ chap_send_success(ad, msg->hdr.id);
+ return;
+ }
+
if (msg->hdr.id != ad->id) {
if (conf_ppp_verbose)
log_ppp_warn("mschap-v1: id mismatch\n");
@@ -306,8 +307,9 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
_free(name);
return;
}
- chap_send_success(ad);
+ chap_send_success(ad, ad->id);
ad->started = 1;
+ ad->id++;
return;
}
@@ -332,15 +334,17 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0);
_free(name);
} else {
- chap_send_success(ad);
+ chap_send_success(ad, ad->id);
ad->started = 1;
if (conf_interval)
triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0);
}
} else {
- chap_send_success(ad);
+ chap_send_success(ad, ad->id);
_free(name);
}
+
+ ad->id++;
}
}
diff --git a/accel-pppd/auth/auth_mschap_v2.c b/accel-pppd/auth/auth_mschap_v2.c
index d679aca..1d3aed9 100644
--- a/accel-pppd/auth/auth_mschap_v2.c
+++ b/accel-pppd/auth/auth_mschap_v2.c
@@ -38,24 +38,21 @@ static char *conf_msg_failure = "E=691 R=0 V=3";
static char *conf_msg_failure2 = "Authentication failure";
static char *conf_msg_success = "Authentication succeeded";
-struct chap_hdr_t
-{
+struct chap_hdr_t {
uint16_t proto;
uint8_t code;
uint8_t id;
uint16_t len;
} __attribute__((packed));
-struct chap_challenge_t
-{
+struct chap_challenge_t {
struct chap_hdr_t hdr;
uint8_t val_size;
uint8_t val[VALUE_SIZE];
char name[0];
} __attribute__((packed));
-struct chap_response_t
-{
+struct chap_response_t {
struct chap_hdr_t hdr;
uint8_t val_size;
uint8_t peer_challenge[16];
@@ -65,15 +62,15 @@ struct chap_response_t
char name[0];
} __attribute__((packed));
-struct chap_auth_data_t
-{
+struct chap_auth_data_t {
struct auth_data_t auth;
struct ppp_handler_t h;
struct ppp_t *ppp;
- int id;
+ uint8_t id;
uint8_t val[VALUE_SIZE];
struct triton_timer_t timeout;
struct triton_timer_t interval;
+ char authenticator[41];
int failure;
int started:1;
};
@@ -119,7 +116,7 @@ static void auth_data_free(struct ppp_t *ppp, struct auth_data_t *auth)
if (d->interval.tpd)
triton_timer_del(&d->interval);
-
+
_free(d);
}
@@ -133,6 +130,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth)
d->timeout.period = conf_timeout * 1000;
d->interval.expire = chap_restart_timer;
d->interval.period = conf_interval * 1000;
+ d->id = 1;
ppp_register_chan_handler(ppp, &d->h);
@@ -212,12 +210,12 @@ static void chap_send_failure(struct chap_auth_data_t *ad, char *mschap_error, c
_free(hdr);
}
-static void chap_send_success(struct chap_auth_data_t *ad, struct chap_response_t *res_msg, const char *authenticator)
+static void chap_send_success(struct chap_auth_data_t *ad, int id, const char *authenticator)
{
struct chap_hdr_t *hdr = _malloc(sizeof(*hdr) + strlen(conf_msg_success) + 1 + 45);
hdr->proto = htons(PPP_CHAP),
hdr->code = CHAP_SUCCESS,
- hdr->id = ad->id,
+ hdr->id = id,
hdr->len = htons(HDR_LEN + strlen(conf_msg_success) + 45),
sprintf((char *)(hdr + 1), "S=%s M=%s", authenticator, conf_msg_success);
@@ -305,7 +303,7 @@ static void chap_send_challenge(struct chap_auth_data_t *ad, int new)
struct chap_challenge_t msg = {
.hdr.proto = htons(PPP_CHAP),
.hdr.code = CHAP_CHALLENGE,
- .hdr.id = ++ad->id,
+ .hdr.id = ad->id,
.hdr.len = htons(sizeof(msg) - 2),
.val_size = VALUE_SIZE,
};
@@ -351,6 +349,11 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
log_ppp_info2("\"]\n");
}
+ if (ad->started && msg->hdr.id == ad->id - 1) {
+ chap_send_success(ad, msg->hdr.id, ad->authenticator);
+ return;
+ }
+
if (msg->hdr.id != ad->id) {
if (conf_ppp_verbose)
log_ppp_warn("mschap-v2: id mismatch\n");
@@ -405,15 +408,19 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0);
_free(name);
} else {
- chap_send_success(ad, msg, authenticator);
+ chap_send_success(ad, ad->id, authenticator);
ad->started = 1;
if (conf_interval)
triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0);
}
} else {
- chap_send_success(ad, msg, authenticator);
+ chap_send_success(ad, ad->id, authenticator);
_free(name);
}
+
+ memcpy(ad->authenticator, authenticator, 41);
+
+ ad->id++;
}
}
diff --git a/accel-pppd/auth/auth_pap.c b/accel-pppd/auth/auth_pap.c
index c0faad9..5f07337 100644
--- a/accel-pppd/auth/auth_pap.c
+++ b/accel-pppd/auth/auth_pap.c
@@ -182,6 +182,11 @@ static int pap_recv_req(struct pap_auth_data_t *p, struct pap_hdr_t *hdr)
if (conf_ppp_verbose)
log_ppp_info2("recv [PAP AuthReq id=%x]\n", hdr->id);
+
+ if (p->started) {
+ pap_send_ack(p, hdr->id);
+ return 0;
+ }
peer_id_len = *(uint8_t*)ptr; ptr++;
if (peer_id_len > ntohs(hdr->len) - sizeof(*hdr) + 2 - 1) {