sstp: fix compound mac validation with broken clients

sstp-client sends SSTP_MSG_CALL_CONNECTED message too early, before auth response, so HLAK can't be known yet and subsequent HLAK-based validation fails. workaround the issue by defer accepting SSTP_MSG_CALL_CONNECTED after auth either has been succeeded or bypassed.
author: Vladislav Grishenko <themiron@mail.ru> 2020-06-28 20:57:57 +0500
committer: Vladislav Grishenko <themiron@mail.ru> 2020-06-29 04:38:42 +0500
commit: 7dd9766a72d9ad26f4db09c8a52067d1dd4e777c (patch)
tree: d66af95e18d13175ba055c36386c677ff63fdcd7 /accel-pppd/ppp
parent: 38af8fca2c87d4e1afff4cb612de871941a36301 (diff)
download: accel-ppp-7dd9766a72d9ad26f4db09c8a52067d1dd4e777c.tar.gz
accel-ppp-7dd9766a72d9ad26f4db09c8a52067d1dd4e777c.zip
1 files changed, 3 insertions, 4 deletions
diff --git a/accel-pppd/ppp/ppp_auth.c b/accel-pppd/ppp/ppp_auth.c
index c475dad..33d0021 100644
--- a/accel-pppd/ppp/ppp_auth.c
+++ b/accel-pppd/ppp/ppp_auth.c
@@ -279,13 +279,12 @@ static void __ppp_auth_started(struct ppp_t *ppp)
 	if (ppp->ses.terminating)
 		return;
 
-	log_ppp_debug("auth_layer_started\n");
-	ppp_layer_started(ppp, &ad->ld);
-
-
 	log_ppp_info1("%s: authentication succeeded\n", ppp->ses.username);
 
 	triton_event_fire(EV_SES_AUTHORIZED, &ppp->ses);
+
+	log_ppp_debug("auth_layer_started\n");
+	ppp_layer_started(ppp, &ad->ld);
 }
 
 int __export ppp_auth_succeeded(struct ppp_t *ppp, char *username)
author	Vladislav Grishenko <themiron@mail.ru>	2020-06-28 20:57:57 +0500
committer	Vladislav Grishenko <themiron@mail.ru>	2020-06-29 04:38:42 +0500
commit	7dd9766a72d9ad26f4db09c8a52067d1dd4e777c (patch)
tree	d66af95e18d13175ba055c36386c677ff63fdcd7 /accel-pppd/ppp
parent	38af8fca2c87d4e1afff4cb612de871941a36301 (diff)
download	accel-ppp-7dd9766a72d9ad26f4db09c8a52067d1dd4e777c.tar.gz accel-ppp-7dd9766a72d9ad26f4db09c8a52067d1dd4e777c.zip