welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

more CHAP changes

Browse source
This commit is contained in:
bodea 2005-05-07 08:17:25 +00:00
parent a2e6b92a23
commit 59b55de4d7
4 changed files with 113 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

4
garden.c
View file

@ -9,7 +9,7 @@
/* walled garden */
char const *cvs_id = "$Id: garden.c,v 1.21 2005/03/10 03:31:25 bodea Exp $";
char const *cvs_id = "$Id: garden.c,v 1.22 2005/05/07 08:17:25 bodea Exp $";
int plugin_api_version = PLUGIN_API_VERSION;
static struct pluginfuncs *p = 0;
@ -223,7 +223,7 @@ int garden_session(sessiont *s, int flag, char *newuser)
{
/* OK, we're up! */
uint16_t r = p->radiusnew(p->get_id_by_session(s));
p->radiussend(r, RADIUSSTART);
if (r) p->radiussend(r, RADIUSSTART);
}
}

93
l2tpns.c
View file

@ -4,7 +4,7 @@
// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.95 2005/05/06 23:31:50 bodea Exp $";
char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.96 2005/05/07 08:17:25 bodea Exp $";
#include <arpa/inet.h>
#include <assert.h>
@ -1458,20 +1458,16 @@ void sessionshutdown(sessionidt s, char *reason, int result, int error)
// RADIUS Stop message
uint16_t r = sess_local[s].radius;
if (!r)
{
if (!(r = radiusnew(s)))
{
LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n");
STAT(radius_overflow);
}
else
{
random_data(radius[r].auth, sizeof(radius[r].auth));
}
}
r = radiusnew(s);
if (r && radius[r].state != RADIUSSTOP)
radiussend(r, RADIUSSTOP); // stop, if not already trying
if (r)
{
// stop, if not already trying
if (radius[r].state != RADIUSSTOP)
radiussend(r, RADIUSSTOP);
}
else
LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Stop message\n");
// Save counters to dump to accounting file
if (*config->accounting_dir && shut_acct_n < sizeof(shut_acct) / sizeof(*shut_acct))
@ -1546,6 +1542,12 @@ void sendipcp(tunnelidt t, sessionidt s)
if (!r)
r = radiusnew(s);
if (!r)
{
sessionshutdown(s, "No free RADIUS sessions for IPCP");
return;
}
if (radius[r].state != RADIUSIPCP)
{
radius[r].state = RADIUSIPCP;
@ -1600,6 +1602,17 @@ void sendipcp(tunnelidt t, sessionidt s)
}
}
static void sessionclear(sessionidt s)
{
memset(&session[s], 0, sizeof(session[s]));
memset(&sess_local[s], 0, sizeof(sess_local[s]));
memset(&cli_session_actions[s], 0, sizeof(cli_session_actions[s]));
session[s].tunnel = T_FREE; // Mark it as free.
session[s].next = sessionfree;
sessionfree = s;
}
// kill a session now
void sessionkill(sessionidt s, char *reason)
{
@ -1621,12 +1634,7 @@ void sessionkill(sessionidt s, char *reason)
radiusclear(sess_local[s].radius, s); // cant send clean accounting data, session is killed
LOG(2, s, session[s].tunnel, "Kill session %d (%s): %s\n", s, session[s].user, reason);
memset(&session[s], 0, sizeof(session[s]));
session[s].tunnel = T_FREE; // Mark it as free.
session[s].next = sessionfree;
sessionfree = s;
cli_session_actions[s].action = 0;
sessionclear(s);
cluster_send_session(s);
}
@ -2081,14 +2089,14 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
// LOG(4, s, t, "Firmware revision\n");
break;
case 7: // host name
memset(tunnel[t].hostname, 0, 128);
memcpy(tunnel[t].hostname, b, (n >= 127) ? 127 : n);
memset(tunnel[t].hostname, 0, sizeof(tunnel[t].hostname));
memcpy(tunnel[t].hostname, b, (n < sizeof(tunnel[t].hostname)) ? n : sizeof(tunnel[t].hostname) - 1);
LOG(4, s, t, " Tunnel hostname = \"%s\"\n", tunnel[t].hostname);
// TBA - to send to RADIUS
break;
case 8: // vendor name
memset(tunnel[t].vendor, 0, sizeof(tunnel[t].vendor));
memcpy(tunnel[t].vendor, b, (n >= sizeof(tunnel[t].vendor) - 1) ? sizeof(tunnel[t].vendor) - 1 : n);
memcpy(tunnel[t].vendor, b, (n < sizeof(tunnel[t].vendor)) ? n : sizeof(tunnel[t].vendor) - 1);
LOG(4, s, t, " Vendor name = \"%s\"\n", tunnel[t].vendor);
break;
case 9: // assigned tunnel
@ -2128,13 +2136,13 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
// TBA
break;
case 21: // called number
memset(called, 0, MAXTEL);
memcpy(called, b, (n >= MAXTEL) ? (MAXTEL-1) : n);
memset(called, 0, sizeof(called));
memcpy(called, b, (n < sizeof(called)) ? n : sizeof(called) - 1);
LOG(4, s, t, " Called <%s>\n", called);
break;
case 22: // calling number
memset(calling, 0, MAXTEL);
memcpy(calling, b, (n >= MAXTEL) ? (MAXTEL-1) : n);
memset(calling, 0, sizeof(calling));
memcpy(calling, b, (n < sizeof(calling)) ? n : sizeof(calling) - 1);
LOG(4, s, t, " Calling <%s>\n", calling);
break;
case 23: // subtype
@ -2147,8 +2155,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
else
{
// AS5300s send connect speed as a string
char tmp[30] = {0};
memcpy(tmp, b, (n >= 30) ? 30 : n);
char tmp[30];
memset(tmp, 0, sizeof(tmp));
memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
session[s].tx_connect_speed = atol(tmp);
}
LOG(4, s, t, " TX connect speed <%u>\n", session[s].tx_connect_speed);
@ -2161,8 +2170,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
else
{
// AS5300s send connect speed as a string
char tmp[30] = {0};
memcpy(tmp, b, (n >= 30) ? 30 : n);
char tmp[30];
memset(tmp, 0, sizeof(tmp));
memcpy(tmp, b, (n < sizeof(tmp)) ? n : sizeof(tmp) - 1);
session[s].rx_connect_speed = atol(tmp);
}
LOG(4, s, t, " RX connect speed <%u>\n", session[s].rx_connect_speed);
@ -2182,8 +2192,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
}
case 30: // Proxy Authentication Name
{
char authname[64] = {0};
memcpy(authname, b, (n > 63) ? 63 : n);
char authname[64];
memset(authname, 0, sizeof(authname));
memcpy(authname, b, (n < sizeof(authname)) ? n : sizeof(authname) - 1);
LOG(4, s, t, " Proxy Auth Name (%s)\n",
authname);
break;
@ -2204,13 +2215,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
break;
}
case 33: // Proxy Authentication Response
{
char authresp[64] = {0};
memcpy(authresp, b, (n > 63) ? 63 : n);
LOG(4, s, t, " Proxy Auth Response\n");
break;
}
case 27: // last send lcp
LOG(4, s, t, " Proxy Auth Response\n");
break;
case 27: // last sent lcp
{ // find magic number
uint8_t *p = b, *e = p + n;
while (p + 1 < e && p[1] && p + p[1] <= e)
@ -2315,7 +2322,7 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
if (!(r = radiusnew(s)))
{
LOG(1, s, t, "No free RADIUS sessions for ICRQ\n");
sessionkill(s, "no free RADIUS sesions");
sessionclear(s);
return;
}
@ -2328,8 +2335,6 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
control16(c, 14, s, 1); // assigned session
controladd(c, t, s); // send the reply
// Generate a random challenge
random_data(radius[r].auth, sizeof(radius[r].auth));
strncpy(radius[r].calling, calling, sizeof(radius[r].calling) - 1);
strncpy(session[s].called, called, sizeof(session[s].called) - 1);
strncpy(session[s].calling, calling, sizeof(session[s].calling) - 1);
@ -2748,8 +2753,6 @@ static int regular_cleanups(void)
continue;
}
random_data(radius[r].auth, sizeof(radius[r].auth));
LOG(3, s, session[s].tunnel, "Sending RADIUS Interim for %s (%u)\n",
session[s].user, session[s].unique_id);

81
ppp.c
View file

@ -1,6 +1,6 @@
// L2TPNS PPP Stuff
char const *cvs_id_ppp = "$Id: ppp.c,v 1.48 2005/05/05 10:02:08 bodea Exp $";
char const *cvs_id_ppp = "$Id: ppp.c,v 1.49 2005/05/07 08:17:25 bodea Exp $";
#include <stdio.h>
#include <string.h>
@ -279,8 +279,14 @@ static void dumplcp(uint8_t *p, int l)
{
int proto = ntohs(*(uint16_t *)(o + 2));
LOG(4, 0, 0, " %s 0x%x (%s)\n", lcp_type(type), proto,
proto == PPPCHAP ? "CHAP" :
proto == PPPPAP ? "PAP" : "UNKNOWN");
proto == PPPPAP ? "PAP" : "UNSUPPORTED");
}
else if (length == 5)
{
int proto = ntohs(*(uint16_t *)(o + 2));
int algo = *(uint8_t *)(o + 4);
LOG(4, 0, 0, " %s 0x%x 0x%x (%s)\n", lcp_types[type], proto, algo,
(proto == PPPCHAP && algo == 5) ? "CHAP MD5" : "UNSUPPORTED");
}
else
LOG(4, 0, 0, " %s odd length %d\n", lcp_type(type), length);
@ -397,18 +403,30 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
case 3: // Authentication-Protocol
{
int proto = ntohs(*(uint16_t *)(o + 2));
uint16_t wanted_proto;
char proto_name[] = "0x0000";
if (proto == PPPPAP)
break;
{
if (config->radius_authtypes & AUTHPAP)
break;
strcpy(proto_name, "PAP");
}
else if (proto == PPPCHAP)
{
if (config->radius_authtypes & AUTHCHAP
&& *(o + 4) == 5) // MD5
break;
strcpy(proto_name, "CHAP");
}
else
sprintf(proto_name, "%#4.4x", proto);
if (response && *response != ConfigNak) // rej already queued
break;
if (proto == PPPCHAP)
strcpy(proto_name, "CHAP");
else
sprintf(proto_name, "%#4.4x", proto);
LOG(2, s, t, " Remote requesting %s authentication. Rejecting.\n", proto_name);
if (!response)
@ -419,16 +437,27 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
q += 4;
}
if ((q - b + length) > sizeof(b))
if ((q - b + 5) > sizeof(b)) // 5 is the larger (CHAP+MD5) of the two NAKs
{
LOG(2, s, t, "LCP overflow for %s ConfigNak.\n", proto_name);
break;
}
memcpy(q, o, length);
*(uint16_t *)(q += 2) = htons(PPPPAP); // NAK -> Use PAP instead
q += length;
*((uint16_t *) (response + 2)) = htons(q - response);
*q++ = type;
if (config->radius_authprefer == AUTHCHAP)
{
*q++ = 5;
*(uint16_t *) q = htons(PPPCHAP); q += 2;
*q++ = 5; // MD5
}
else
{
*q++ = 4;
*(uint16_t *) q = htons(PPPPAP); q += 2;
}
*((uint16_t *) (response + 2)) = htons(q - response); // LCP header length
break;
}
break;
@ -483,7 +512,7 @@ void processlcp(tunnelidt t, sessionidt s, uint8_t *p, uint16_t l)
{
LOG(1, s, t, "Remote end sent a ConfigNak. Ignoring\n");
if (config->debug > 3) dumplcp(p, l);
return ;
return;
}
else if (*p == TerminateReq)
{
@ -1098,8 +1127,6 @@ void sendchap(tunnelidt t, sessionidt s)
LOG(1, s, t, "Send CHAP challenge\n");
// new challenge
random_data(radius[r].auth, sizeof(radius[r].auth));
radius[r].chap = 1; // CHAP not PAP
radius[r].id++;
if (radius[r].state != RADIUSCHAP)
@ -1173,6 +1200,7 @@ uint8_t *makeppp(uint8_t *b, int size, uint8_t *p, int l, tunnelidt t, sessionid
void initlcp(tunnelidt t, sessionidt s)
{
char b[500], *q;
int size;
if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP)))
return;
@ -1185,11 +1213,22 @@ void initlcp(tunnelidt t, sessionidt s)
*(uint8_t *)(q + 5) = 6;
*(uint32_t *)(q + 6) = htonl(session[s].magic);
*(uint8_t *)(q + 10) = 3;
*(uint8_t *)(q + 11) = 4;
*(uint16_t *)(q + 12) = htons(PPPPAP); // PAP
if (config->radius_authprefer == AUTHCHAP)
{
*(uint8_t *)(q + 11) = 5;
*(uint16_t *)(q + 12) = htons(PPPCHAP);
*(uint8_t *)(q + 14) = 5; // MD5
size = 15;
}
else
{
*(uint8_t *)(q + 11) = 4;
*(uint16_t *)(q + 12) = htons(PPPPAP);
size = 14;
}
LOG_HEX(5, "PPPLCP", q, 14);
tunnelsend(b, (q - b) + 14, t);
LOG_HEX(5, "PPPLCP", q, size);
tunnelsend(b, (q - b) + size, t);
}
// Send CCP request for no compression

4
radius.c
View file

@ -1,6 +1,6 @@
// L2TPNS Radius Stuff
char const *cvs_id_radius = "$Id: radius.c,v 1.29 2005/05/05 10:02:08 bodea Exp $";
char const *cvs_id_radius = "$Id: radius.c,v 1.30 2005/05/07 08:17:26 bodea Exp $";
#include <time.h>
#include <stdio.h>
@ -91,6 +91,8 @@ uint16_t radiusnew(sessionidt s)
radius[r].state = RADIUSWAIT;
radius[r].retry = TIME + 1200; // Wait at least 120 seconds to re-claim this.
random_data(radius[r].auth, sizeof(radius[r].auth));
LOG(3, s, session[s].tunnel, "Allocated radius %d\n", r);
return r;
}