1 |
|
|
/* $OpenBSD: npppd.c,v 1.47 2017/08/12 11:20:34 goda Exp $ */ |
2 |
|
|
|
3 |
|
|
/*- |
4 |
|
|
* Copyright (c) 2005-2008,2009 Internet Initiative Japan Inc. |
5 |
|
|
* All rights reserved. |
6 |
|
|
* |
7 |
|
|
* Redistribution and use in source and binary forms, with or without |
8 |
|
|
* modification, are permitted provided that the following conditions |
9 |
|
|
* are met: |
10 |
|
|
* 1. Redistributions of source code must retain the above copyright |
11 |
|
|
* notice, this list of conditions and the following disclaimer. |
12 |
|
|
* 2. Redistributions in binary form must reproduce the above copyright |
13 |
|
|
* notice, this list of conditions and the following disclaimer in the |
14 |
|
|
* documentation and/or other materials provided with the distribution. |
15 |
|
|
* |
16 |
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
17 |
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
18 |
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
19 |
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
20 |
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
21 |
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
22 |
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
23 |
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
24 |
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
25 |
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
26 |
|
|
* SUCH DAMAGE. |
27 |
|
|
*/ |
28 |
|
|
/**@file |
29 |
|
|
* Next pppd(nppd). This file provides a npppd daemon process and operations |
30 |
|
|
* for npppd instance. |
31 |
|
|
* @author Yasuoka Masahiko |
32 |
|
|
* $Id: npppd.c,v 1.47 2017/08/12 11:20:34 goda Exp $ |
33 |
|
|
*/ |
34 |
|
|
#include "version.h" |
35 |
|
|
#include <sys/param.h> /* ALIGNED_POINTER */ |
36 |
|
|
#include <sys/types.h> |
37 |
|
|
#include <sys/socket.h> |
38 |
|
|
#include <sys/sysctl.h> |
39 |
|
|
#include <sys/wait.h> |
40 |
|
|
#include <netinet/in.h> |
41 |
|
|
#include <netinet/ip.h> |
42 |
|
|
#include <net/route.h> |
43 |
|
|
#include <arpa/inet.h> |
44 |
|
|
#include <net/if_dl.h> |
45 |
|
|
#include <unistd.h> |
46 |
|
|
#include <time.h> |
47 |
|
|
#include <syslog.h> |
48 |
|
|
#include <string.h> |
49 |
|
|
#include <stdlib.h> |
50 |
|
|
#include <stdio.h> |
51 |
|
|
#include <signal.h> |
52 |
|
|
#include <netdb.h> |
53 |
|
|
#include <libgen.h> |
54 |
|
|
#include <fcntl.h> |
55 |
|
|
#include <event.h> |
56 |
|
|
#include <errno.h> |
57 |
|
|
#include <ifaddrs.h> |
58 |
|
|
#include <err.h> |
59 |
|
|
#include <pwd.h> |
60 |
|
|
|
61 |
|
|
#include "pathnames.h" |
62 |
|
|
#include "debugutil.h" |
63 |
|
|
#include "addr_range.h" |
64 |
|
|
#include "npppd_subr.h" |
65 |
|
|
#include "npppd_local.h" |
66 |
|
|
#include "npppd_auth.h" |
67 |
|
|
#include "radish.h" |
68 |
|
|
#include "net_utils.h" |
69 |
|
|
#include "time_utils.h" |
70 |
|
|
|
71 |
|
|
#include "l2tp_local.h" /* XXX sa_cookie */ |
72 |
|
|
|
73 |
|
|
#ifdef USE_NPPPD_ARP |
74 |
|
|
#include "npppd_arp.h" |
75 |
|
|
#endif |
76 |
|
|
|
77 |
|
|
#ifdef USE_NPPPD_PIPEX |
78 |
|
|
#ifdef USE_NPPPD_PPPOE |
79 |
|
|
#include "pppoe_local.h" |
80 |
|
|
#endif /* USE_NPPPD_PPPOE */ |
81 |
|
|
#include "psm-opt.h" |
82 |
|
|
#include <sys/ioctl.h> |
83 |
|
|
#include <net/pipex.h> |
84 |
|
|
#endif /* USE_NPPPD_PIPEX */ |
85 |
|
|
|
86 |
|
|
#include "accept.h" |
87 |
|
|
#include "log.h" |
88 |
|
|
|
89 |
|
|
static npppd s_npppd; /* singleton */ |
90 |
|
|
|
91 |
|
|
static void npppd_reload0 (npppd *); |
92 |
|
|
static void npppd_update_pool_reference (npppd *); |
93 |
|
|
static int npppd_rd_walktree_delete(struct radish_head *); |
94 |
|
|
static __dead void usage (void); |
95 |
|
|
static void npppd_stop_really (npppd *); |
96 |
|
|
static uint32_t str_hash(const void *, int); |
97 |
|
|
static void npppd_on_sighup (int, short, void *); |
98 |
|
|
static void npppd_on_sigterm (int, short, void *); |
99 |
|
|
static void npppd_on_sigint (int, short, void *); |
100 |
|
|
static void npppd_on_sigchld (int, short, void *); |
101 |
|
|
static void npppd_reset_timer(npppd *); |
102 |
|
|
static void npppd_timer(int, short, void *); |
103 |
|
|
static void npppd_auth_finalizer_periodic(npppd *); |
104 |
|
|
static int rd2slist_walk (struct radish *, void *); |
105 |
|
|
static int rd2slist (struct radish_head *, slist *); |
106 |
|
|
static slist *npppd_get_ppp_by_user (npppd *, const char *); |
107 |
|
|
static int npppd_get_all_users (npppd *, slist *); |
108 |
|
|
static struct ipcpstat |
109 |
|
|
*npppd_get_ipcp_stat(struct ipcpstat_head *, const char *); |
110 |
|
|
static void npppd_destroy_ipcp_stats(struct ipcpstat_head *); |
111 |
|
|
static void npppd_ipcp_stats_reload(npppd *); |
112 |
|
|
|
113 |
|
|
#ifndef NO_ROUTE_FOR_POOLED_ADDRESS |
114 |
|
|
static struct in_addr loop; /* initialize at npppd_init() */ |
115 |
|
|
#endif |
116 |
|
|
static uint32_t str_hash(const void *, int); |
117 |
|
|
|
118 |
|
|
#ifdef USE_NPPPD_PIPEX |
119 |
|
|
static int npppd_ppp_pipex_ip_disable(npppd *, npppd_ppp *); |
120 |
|
|
static void pipex_periodic(npppd *); |
121 |
|
|
#endif /* USE_NPPPD_PIPEX */ |
122 |
|
|
|
123 |
|
|
#ifdef NPPPD_DEBUG |
124 |
|
|
#define NPPPD_DBG(x) log_printf x |
125 |
|
|
#define NPPPD_ASSERT(x) ASSERT(x) |
126 |
|
|
#else |
127 |
|
|
#define NPPPD_DBG(x) |
128 |
|
|
#define NPPPD_ASSERT(x) |
129 |
|
|
#endif |
130 |
|
|
|
131 |
|
|
/*********************************************************************** |
132 |
|
|
* Daemon process |
133 |
|
|
***********************************************************************/ |
134 |
|
|
int main (int, char *[]); |
135 |
|
|
int debugsyslog = 0; /* used by log.c */ |
136 |
|
|
|
137 |
|
|
int |
138 |
|
|
main(int argc, char *argv[]) |
139 |
|
|
{ |
140 |
|
|
int ch, stop_by_error, runasdaemon = 1, nflag = 0; |
141 |
|
|
extern char *optarg; |
142 |
|
|
const char *npppd_conf0 = DEFAULT_NPPPD_CONF; |
143 |
|
|
struct passwd *pw; |
144 |
|
|
|
145 |
|
|
while ((ch = getopt(argc, argv, "nf:d")) != -1) { |
146 |
|
|
switch (ch) { |
147 |
|
|
case 'n': |
148 |
|
|
nflag = 1; |
149 |
|
|
break; |
150 |
|
|
case 'f': |
151 |
|
|
npppd_conf0 = optarg; |
152 |
|
|
break; |
153 |
|
|
case 'd': |
154 |
|
|
debuglevel++; |
155 |
|
|
runasdaemon = 0; |
156 |
|
|
break; |
157 |
|
|
default: |
158 |
|
|
usage(); |
159 |
|
|
} |
160 |
|
|
} |
161 |
|
|
argc -= optind; |
162 |
|
|
argv += optind; |
163 |
|
|
if (argc != 0) |
164 |
|
|
usage(); |
165 |
|
|
if (nflag) { |
166 |
|
|
debuglevel++; |
167 |
|
|
runasdaemon = 0; |
168 |
|
|
} |
169 |
|
|
|
170 |
|
|
/* for log.c */ |
171 |
|
|
log_init(debuglevel); |
172 |
|
|
if (debuglevel > 0) { |
173 |
|
|
/* for ../common/debugutil.c */ |
174 |
|
|
debug_set_debugfp(stderr); |
175 |
|
|
debug_use_syslog(0); |
176 |
|
|
} |
177 |
|
|
if (runasdaemon) |
178 |
|
|
daemon(0, 0); |
179 |
|
|
|
180 |
|
|
/* check for root privileges */ |
181 |
|
|
if (geteuid()) |
182 |
|
|
errx(1, "need root privileges"); |
183 |
|
|
/* check for npppd user */ |
184 |
|
|
if (getpwnam(NPPPD_USER) == NULL) |
185 |
|
|
errx(1, "unknown user %s", NPPPD_USER); |
186 |
|
|
|
187 |
|
|
if (privsep_init() != 0) |
188 |
|
|
err(1, "cannot drop privileges"); |
189 |
|
|
|
190 |
|
|
if (nflag) { |
191 |
|
|
if (npppd_config_check(npppd_conf0) == 0) { |
192 |
|
|
fprintf(stderr, "configuration OK\n"); |
193 |
|
|
exit(EXIT_SUCCESS); |
194 |
|
|
} |
195 |
|
|
exit(EXIT_FAILURE); |
196 |
|
|
} |
197 |
|
|
if (npppd_init(&s_npppd, npppd_conf0) != 0) |
198 |
|
|
exit(EXIT_FAILURE); |
199 |
|
|
|
200 |
|
|
if ((pw = getpwnam(NPPPD_USER)) == NULL) |
201 |
|
|
err(EXIT_FAILURE, "gwpwnam"); |
202 |
|
|
if (chroot(pw->pw_dir) == -1) |
203 |
|
|
err(EXIT_FAILURE, "chroot"); |
204 |
|
|
if (chdir("/") == -1) |
205 |
|
|
err(EXIT_FAILURE, "chdir(\"/\")"); |
206 |
|
|
if (setgroups(1, &pw->pw_gid) || |
207 |
|
|
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || |
208 |
|
|
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) |
209 |
|
|
err(EXIT_FAILURE, "cannot drop privileges"); |
210 |
|
|
/* privileges is dropped */ |
211 |
|
|
|
212 |
|
|
npppd_start(&s_npppd); |
213 |
|
|
stop_by_error = s_npppd.stop_by_error; |
214 |
|
|
npppd_fini(&s_npppd); |
215 |
|
|
privsep_fini(); |
216 |
|
|
log_printf(LOG_NOTICE, "Terminate npppd."); |
217 |
|
|
|
218 |
|
|
exit((!stop_by_error)? EXIT_SUCCESS : EXIT_FAILURE); |
219 |
|
|
} |
220 |
|
|
|
221 |
|
|
static __dead void |
222 |
|
|
usage(void) |
223 |
|
|
{ |
224 |
|
|
fprintf(stderr, "usage: npppd [-dn] [-f config_file]\n"); |
225 |
|
|
exit(1); |
226 |
|
|
} |
227 |
|
|
|
228 |
|
|
/** Returns the singleton npppd instance */ |
229 |
|
|
npppd * |
230 |
|
|
npppd_get_npppd() |
231 |
|
|
{ |
232 |
|
|
return &s_npppd; |
233 |
|
|
} |
234 |
|
|
|
235 |
|
|
/*********************************************************************** |
236 |
|
|
* Operations to npppd itself (initialize/finalize/start/stop) |
237 |
|
|
***********************************************************************/ |
238 |
|
|
/** Initialize the npppd */ |
239 |
|
|
int |
240 |
|
|
npppd_init(npppd *_this, const char *config_file) |
241 |
|
|
{ |
242 |
|
|
int i, status = -1, value; |
243 |
|
|
const char *pidpath0; |
244 |
|
|
FILE *pidfp = NULL; |
245 |
|
|
struct tunnconf *tunn; |
246 |
|
|
struct ipcpconf *ipcpconf; |
247 |
|
|
struct ipcpstat *ipcpstat; |
248 |
|
|
int mib[] = { CTL_NET, PF_PIPEX, PIPEXCTL_ENABLE }; |
249 |
|
|
size_t size; |
250 |
|
|
|
251 |
|
|
memset(_this, 0, sizeof(npppd)); |
252 |
|
|
#ifndef NO_ROUTE_FOR_POOLED_ADDRESS |
253 |
|
|
loop.s_addr = htonl(INADDR_LOOPBACK); |
254 |
|
|
#endif |
255 |
|
|
|
256 |
|
|
NPPPD_ASSERT(config_file != NULL); |
257 |
|
|
|
258 |
|
|
pidpath0 = NULL; |
259 |
|
|
_this->pid = getpid(); |
260 |
|
|
slist_init(&_this->realms); |
261 |
|
|
npppd_conf_init(&_this->conf); |
262 |
|
|
|
263 |
|
|
log_printf(LOG_NOTICE, "Starting npppd pid=%u version=%s", |
264 |
|
|
_this->pid, VERSION); |
265 |
|
|
#if defined(BUILD_DATE) && defined(BUILD_TIME) |
266 |
|
|
log_printf(LOG_INFO, "Build %s %s ", BUILD_DATE, BUILD_TIME); |
267 |
|
|
#endif |
268 |
|
|
if (get_nanotime() == INT64_MIN) { |
269 |
|
|
log_printf(LOG_ERR, "get_nanotime() failed: %m"); |
270 |
|
|
return 1; |
271 |
|
|
} |
272 |
|
|
|
273 |
|
|
if (realpath(config_file, _this->config_file) == NULL) { |
274 |
|
|
log_printf(LOG_ERR, "realpath(%s,) failed in %s(): %m", |
275 |
|
|
config_file, __func__); |
276 |
|
|
return 1; |
277 |
|
|
} |
278 |
|
|
/* we assume 4.4 compatible realpath(). See realpath(3) on BSD. */ |
279 |
|
|
NPPPD_ASSERT(_this->config_file[0] == '/'); |
280 |
|
|
|
281 |
|
|
_this->boot_id = arc4random(); |
282 |
|
|
|
283 |
|
|
#ifdef USE_NPPPD_L2TP |
284 |
|
|
if (l2tpd_init(&_this->l2tpd) != 0) |
285 |
|
|
return (-1); |
286 |
|
|
#endif |
287 |
|
|
#ifdef USE_NPPPD_PPTP |
288 |
|
|
if (pptpd_init(&_this->pptpd) != 0) |
289 |
|
|
return (-1); |
290 |
|
|
#endif |
291 |
|
|
#ifdef USE_NPPPD_PPPOE |
292 |
|
|
if (pppoed_init(&_this->pppoed) != 0) |
293 |
|
|
return (-1); |
294 |
|
|
#endif |
295 |
|
|
LIST_INIT(&_this->ipcpstats); |
296 |
|
|
|
297 |
|
|
/* load configuration */ |
298 |
|
|
if ((status = npppd_reload_config(_this)) != 0) |
299 |
|
|
return status; |
300 |
|
|
|
301 |
|
|
TAILQ_FOREACH(tunn, &_this->conf.tunnconfs, entry) { |
302 |
|
|
if (tunn->pipex) { |
303 |
|
|
size = sizeof(value); |
304 |
|
|
if (!sysctl(mib, nitems(mib), &value, &size, NULL, 0) |
305 |
|
|
&& value == 0) |
306 |
|
|
log_printf(LOG_WARNING, |
307 |
|
|
"pipex(4) is disabled by sysctl"); |
308 |
|
|
break; |
309 |
|
|
} |
310 |
|
|
} |
311 |
|
|
|
312 |
|
|
if ((_this->map_user_ppp = hash_create( |
313 |
|
|
(int (*) (const void *, const void *))strcmp, str_hash, |
314 |
|
|
NPPPD_USER_HASH_SIZ)) == NULL) { |
315 |
|
|
log_printf(LOG_ERR, "hash_create() failed in %s(): %m", |
316 |
|
|
__func__); |
317 |
|
|
return -1; |
318 |
|
|
} |
319 |
|
|
|
320 |
|
|
if (npppd_ifaces_load_config(_this) != 0) { |
321 |
|
|
return -1; |
322 |
|
|
} |
323 |
|
|
|
324 |
|
|
TAILQ_FOREACH(ipcpconf, &_this->conf.ipcpconfs, entry) { |
325 |
|
|
ipcpstat = malloc(sizeof(*ipcpstat)); |
326 |
|
|
if (ipcpstat == NULL) { |
327 |
|
|
log_printf(LOG_ERR, "initializing ipcp_stats failed : %m"); |
328 |
|
|
npppd_destroy_ipcp_stats(&_this->ipcpstats); |
329 |
|
|
return -1; |
330 |
|
|
} |
331 |
|
|
memset(ipcpstat, 0, sizeof(*ipcpstat)); |
332 |
|
|
strlcpy(ipcpstat->name, ipcpconf->name, sizeof(ipcpstat->name)); |
333 |
|
|
LIST_INSERT_HEAD(&_this->ipcpstats, ipcpstat, entry); |
334 |
|
|
} |
335 |
|
|
|
336 |
|
|
pidpath0 = DEFAULT_NPPPD_PIDFILE; |
337 |
|
|
|
338 |
|
|
/* initialize event(3) */ |
339 |
|
|
event_init(); |
340 |
|
|
_this->ctl_sock.cs_name = NPPPD_SOCKET; |
341 |
|
|
_this->ctl_sock.cs_ctx = _this; |
342 |
|
|
if (control_init(&_this->ctl_sock) == -1) { |
343 |
|
|
log_printf(LOG_ERR, "control_init() failed %s(): %m", |
344 |
|
|
__func__); |
345 |
|
|
return (-1); |
346 |
|
|
} |
347 |
|
|
if (control_listen(&_this->ctl_sock) == -1) { |
348 |
|
|
log_printf(LOG_ERR, "control_listen() failed %s(): %m", |
349 |
|
|
__func__); |
350 |
|
|
return (-1); |
351 |
|
|
} |
352 |
|
|
accept_init(); |
353 |
|
|
|
354 |
|
|
/* ignore signals */ |
355 |
|
|
signal(SIGPIPE, SIG_IGN); |
356 |
|
|
signal(SIGURG, SIG_IGN); |
357 |
|
|
|
358 |
|
|
/* set signal handlers */ |
359 |
|
|
signal_set(&_this->ev_sigterm, SIGTERM, npppd_on_sigterm, _this); |
360 |
|
|
signal_set(&_this->ev_sigint, SIGINT, npppd_on_sigint, _this); |
361 |
|
|
signal_set(&_this->ev_sighup, SIGHUP, npppd_on_sighup, _this); |
362 |
|
|
signal_set(&_this->ev_sigchld, SIGCHLD, npppd_on_sigchld, _this); |
363 |
|
|
signal_add(&_this->ev_sigterm, NULL); |
364 |
|
|
signal_add(&_this->ev_sigint, NULL); |
365 |
|
|
signal_add(&_this->ev_sighup, NULL); |
366 |
|
|
signal_add(&_this->ev_sigchld, NULL); |
367 |
|
|
|
368 |
|
|
evtimer_set(&_this->ev_timer, npppd_timer, _this); |
369 |
|
|
|
370 |
|
|
/* start tun(4) or pppac(4) */ |
371 |
|
|
status = 0; |
372 |
|
|
for (i = 0; i < countof(_this->iface); i++) { |
373 |
|
|
if (_this->iface[i].initialized != 0) |
374 |
|
|
status |= npppd_iface_start(&_this->iface[i]); |
375 |
|
|
} |
376 |
|
|
if (status != 0) |
377 |
|
|
return -1; |
378 |
|
|
|
379 |
|
|
/* |
380 |
|
|
* If the npppd can start(open) interfaces successfully, it can |
381 |
|
|
* act as only one npppd process on the system and overwrite the pid |
382 |
|
|
* file. |
383 |
|
|
*/ |
384 |
|
|
if ((pidfp = fopen(pidpath0, "w+")) == NULL) { |
385 |
|
|
log_printf(LOG_ERR, "fopen(%s,w+) failed in %s(): %m", |
386 |
|
|
pidpath0, __func__); |
387 |
|
|
return -1; |
388 |
|
|
} |
389 |
|
|
strlcpy(_this->pidpath, pidpath0, sizeof(_this->pidpath)); |
390 |
|
|
fprintf(pidfp, "%u\n", _this->pid); |
391 |
|
|
fclose(pidfp); |
392 |
|
|
pidfp = NULL; |
393 |
|
|
#ifdef USE_NPPPD_ARP |
394 |
|
|
arp_set_strictintfnetwork(npppd_config_str_equali(_this, "arpd.strictintfnetwork", "true", ARPD_STRICTINTFNETWORK_DEFAULT)); |
395 |
|
|
if (npppd_config_str_equali(_this, "arpd.enabled", "true", ARPD_DEFAULT) == 1) |
396 |
|
|
arp_sock_init(); |
397 |
|
|
#endif |
398 |
|
|
if ((status = npppd_modules_reload(_this)) != 0) |
399 |
|
|
return status; |
400 |
|
|
|
401 |
|
|
npppd_update_pool_reference(_this); |
402 |
|
|
|
403 |
|
|
return 0; |
404 |
|
|
} |
405 |
|
|
|
406 |
|
|
/** start the npppd */ |
407 |
|
|
void |
408 |
|
|
npppd_start(npppd *_this) |
409 |
|
|
{ |
410 |
|
|
int rval = 0; |
411 |
|
|
|
412 |
|
|
npppd_reset_timer(_this); |
413 |
|
|
while ((rval = event_loop(EVLOOP_ONCE)) == 0) { |
414 |
|
|
if (_this->finalized != 0) |
415 |
|
|
break; |
416 |
|
|
} |
417 |
|
|
if (rval != 0) { |
418 |
|
|
log_printf(LOG_CRIT, "event_loop() failed: %m"); |
419 |
|
|
abort(); |
420 |
|
|
} |
421 |
|
|
} |
422 |
|
|
|
423 |
|
|
/** stop the npppd */ |
424 |
|
|
void |
425 |
|
|
npppd_stop(npppd *_this) |
426 |
|
|
{ |
427 |
|
|
int i; |
428 |
|
|
#ifdef USE_NPPPD_L2TP |
429 |
|
|
l2tpd_stop(&_this->l2tpd); |
430 |
|
|
#endif |
431 |
|
|
#ifdef USE_NPPPD_PPTP |
432 |
|
|
pptpd_stop(&_this->pptpd); |
433 |
|
|
#endif |
434 |
|
|
#ifdef USE_NPPPD_PPPOE |
435 |
|
|
pppoed_stop(&_this->pppoed); |
436 |
|
|
#endif |
437 |
|
|
#ifdef USE_NPPPD_ARP |
438 |
|
|
arp_sock_fini(); |
439 |
|
|
#endif |
440 |
|
|
close(_this->ctl_sock.cs_fd); |
441 |
|
|
control_cleanup(&_this->ctl_sock); |
442 |
|
|
|
443 |
|
|
for (i = countof(_this->iface) - 1; i >= 0; i--) { |
444 |
|
|
if (_this->iface[i].initialized != 0) |
445 |
|
|
npppd_iface_stop(&_this->iface[i]); |
446 |
|
|
} |
447 |
|
|
npppd_set_radish(_this, NULL); |
448 |
|
|
|
449 |
|
|
_this->finalizing = 1; |
450 |
|
|
npppd_reset_timer(_this); |
451 |
|
|
} |
452 |
|
|
|
453 |
|
|
static void |
454 |
|
|
npppd_stop_really(npppd *_this) |
455 |
|
|
{ |
456 |
|
|
int i; |
457 |
|
|
#if defined(USE_NPPPD_L2TP) || defined(USE_NPPPD_PPTP) |
458 |
|
|
int wait_again; |
459 |
|
|
|
460 |
|
|
wait_again = 0; |
461 |
|
|
|
462 |
|
|
#ifdef USE_NPPPD_L2TP |
463 |
|
|
if (!l2tpd_is_stopped(&_this->l2tpd)) |
464 |
|
|
wait_again |= 1; |
465 |
|
|
#endif |
466 |
|
|
#ifdef USE_NPPPD_PPTP |
467 |
|
|
if (!pptpd_is_stopped(&_this->pptpd)) |
468 |
|
|
wait_again |= 1; |
469 |
|
|
#endif |
470 |
|
|
if (wait_again != 0) { |
471 |
|
|
npppd_reset_timer(_this); |
472 |
|
|
return; |
473 |
|
|
} |
474 |
|
|
#endif |
475 |
|
|
for (i = countof(_this->iface) - 1; i >= 0; i--) { |
476 |
|
|
npppd_iface_fini(&_this->iface[i]); |
477 |
|
|
} |
478 |
|
|
_this->finalized = 1; |
479 |
|
|
} |
480 |
|
|
|
481 |
|
|
/** finalize the npppd */ |
482 |
|
|
void |
483 |
|
|
npppd_fini(npppd *_this) |
484 |
|
|
{ |
485 |
|
|
int i; |
486 |
|
|
npppd_auth_base *auth_base; |
487 |
|
|
|
488 |
|
|
#ifdef USE_NPPPD_L2TP |
489 |
|
|
l2tpd_uninit(&_this->l2tpd); |
490 |
|
|
#endif |
491 |
|
|
#ifdef USE_NPPPD_PPTP |
492 |
|
|
pptpd_uninit(&_this->pptpd); |
493 |
|
|
#endif |
494 |
|
|
#ifdef USE_NPPPD_PPPOE |
495 |
|
|
pppoed_uninit(&_this->pppoed); |
496 |
|
|
#endif |
497 |
|
|
for (slist_itr_first(&_this->realms); |
498 |
|
|
slist_itr_has_next(&_this->realms);) { |
499 |
|
|
auth_base = slist_itr_next(&_this->realms); |
500 |
|
|
npppd_auth_destroy(auth_base); |
501 |
|
|
} |
502 |
|
|
for (i = countof(_this->iface) - 1; i >= 0; i--) { |
503 |
|
|
if (_this->iface[i].initialized != 0) |
504 |
|
|
npppd_iface_fini(&_this->iface[i]); |
505 |
|
|
} |
506 |
|
|
|
507 |
|
|
for (i = countof(_this->pool) - 1; i >= 0; i--) { |
508 |
|
|
if (_this->pool[i].initialized != 0) |
509 |
|
|
npppd_pool_uninit(&_this->pool[i]); |
510 |
|
|
} |
511 |
|
|
|
512 |
|
|
npppd_destroy_ipcp_stats(&_this->ipcpstats); |
513 |
|
|
|
514 |
|
|
signal_del(&_this->ev_sigterm); |
515 |
|
|
signal_del(&_this->ev_sigint); |
516 |
|
|
signal_del(&_this->ev_sighup); |
517 |
|
|
signal_del(&_this->ev_sigchld); |
518 |
|
|
|
519 |
|
|
npppd_conf_fini(&_this->conf); |
520 |
|
|
|
521 |
|
|
slist_fini(&_this->realms); |
522 |
|
|
|
523 |
|
|
if (_this->map_user_ppp != NULL) |
524 |
|
|
hash_free(_this->map_user_ppp); |
525 |
|
|
} |
526 |
|
|
|
527 |
|
|
/*********************************************************************** |
528 |
|
|
* Timer related functions |
529 |
|
|
***********************************************************************/ |
530 |
|
|
static void |
531 |
|
|
npppd_reset_timer(npppd *_this) |
532 |
|
|
{ |
533 |
|
|
struct timeval tv; |
534 |
|
|
|
535 |
|
|
if (_this->finalizing != 0) { |
536 |
|
|
/* we can use the timer exclusively on finalizing */ |
537 |
|
|
tv.tv_usec = 500000; |
538 |
|
|
tv.tv_sec = 0; |
539 |
|
|
evtimer_add(&_this->ev_timer, &tv); |
540 |
|
|
} else { |
541 |
|
|
tv.tv_usec = 0; |
542 |
|
|
tv.tv_sec = NPPPD_TIMER_TICK_IVAL; |
543 |
|
|
evtimer_add(&_this->ev_timer, &tv); |
544 |
|
|
} |
545 |
|
|
} |
546 |
|
|
|
547 |
|
|
static void |
548 |
|
|
npppd_timer(int fd, short evtype, void *ctx) |
549 |
|
|
{ |
550 |
|
|
npppd *_this; |
551 |
|
|
|
552 |
|
|
_this = ctx; |
553 |
|
|
if (_this->finalizing != 0) { |
554 |
|
|
npppd_stop_really(_this); /* The timer has been reset */ |
555 |
|
|
return; /* we can use the timer exclusively on finalizing */ |
556 |
|
|
} |
557 |
|
|
_this->secs += NPPPD_TIMER_TICK_IVAL; |
558 |
|
|
if (_this->reloading_count > 0) { |
559 |
|
|
_this->reloading_count -= NPPPD_TIMER_TICK_IVAL; |
560 |
|
|
if (_this->reloading_count <= 0) { |
561 |
|
|
npppd_reload0(_this); |
562 |
|
|
_this->reloading_count = 0; |
563 |
|
|
} |
564 |
|
|
} else { |
565 |
|
|
if ((_this->secs % TIMER_TICK_RUP( |
566 |
|
|
NPPPD_AUTH_REALM_FINALIZER_INTERVAL)) == 0) |
567 |
|
|
npppd_auth_finalizer_periodic(_this); |
568 |
|
|
} |
569 |
|
|
|
570 |
|
|
#ifdef USE_NPPPD_PPPOE |
571 |
|
|
if (pppoed_need_polling(&_this->pppoed)) |
572 |
|
|
pppoed_reload_listeners(&_this->pppoed); |
573 |
|
|
#endif |
574 |
|
|
#ifdef USE_NPPPD_PIPEX |
575 |
|
|
pipex_periodic(_this); |
576 |
|
|
#endif |
577 |
|
|
|
578 |
|
|
npppd_reset_timer(_this); |
579 |
|
|
} |
580 |
|
|
|
581 |
|
|
int |
582 |
|
|
npppd_reset_routing_table(npppd *_this, int pool_only) |
583 |
|
|
{ |
584 |
|
|
#ifndef NO_ROUTE_FOR_POOLED_ADDRESS |
585 |
|
|
slist rtlist0; |
586 |
|
|
|
587 |
|
|
if (_this->iface[0].using_pppx) |
588 |
|
|
return 0; |
589 |
|
|
|
590 |
|
|
slist_init(&rtlist0); |
591 |
|
|
if (rd2slist(_this->rd, &rtlist0) != 0) |
592 |
|
|
return 1; |
593 |
|
|
|
594 |
|
|
for (slist_itr_first(&rtlist0); slist_itr_has_next(&rtlist0); ) { |
595 |
|
|
struct radish *rd; |
596 |
|
|
struct sockaddr_npppd *snp; |
597 |
|
|
npppd_ppp *ppp; |
598 |
|
|
int is_first; |
599 |
|
|
|
600 |
|
|
rd = slist_itr_next(&rtlist0); |
601 |
|
|
snp = rd->rd_rtent; |
602 |
|
|
|
603 |
|
|
is_first = 1; |
604 |
|
|
for (snp = rd->rd_rtent; snp != NULL; snp = snp->snp_next) { |
605 |
|
|
switch (snp->snp_type) { |
606 |
|
|
case SNP_POOL: |
607 |
|
|
case SNP_DYN_POOL: |
608 |
|
|
if (is_first) |
609 |
|
|
in_route_add(&snp->snp_addr, |
610 |
|
|
&snp->snp_mask, &loop, |
611 |
|
|
LOOPBACK_IFNAME, RTF_BLACKHOLE, 0); |
612 |
|
|
break; |
613 |
|
|
|
614 |
|
|
case SNP_PPP: |
615 |
|
|
if (pool_only) |
616 |
|
|
break; |
617 |
|
|
ppp = snp->snp_data_ptr; |
618 |
|
|
if (ppp->ppp_framed_ip_netmask.s_addr |
619 |
|
|
== 0xffffffffL) { |
620 |
|
|
in_host_route_add(&ppp-> |
621 |
|
|
ppp_framed_ip_address, |
622 |
|
|
&ppp_iface(ppp)->ip4addr, |
623 |
|
|
ppp_iface(ppp)->ifname, |
624 |
|
|
MRU_IPMTU(ppp->peer_mru)); |
625 |
|
|
} else { |
626 |
|
|
in_route_add(&ppp-> |
627 |
|
|
ppp_framed_ip_address, |
628 |
|
|
&ppp->ppp_framed_ip_netmask, |
629 |
|
|
&ppp_iface(ppp)->ip4addr, |
630 |
|
|
ppp_iface(ppp)->ifname, 0, |
631 |
|
|
MRU_IPMTU(ppp->peer_mru)); |
632 |
|
|
} |
633 |
|
|
break; |
634 |
|
|
} |
635 |
|
|
is_first = 0; |
636 |
|
|
} |
637 |
|
|
|
638 |
|
|
} |
639 |
|
|
|
640 |
|
|
slist_fini(&rtlist0); |
641 |
|
|
#endif |
642 |
|
|
return 0; |
643 |
|
|
} |
644 |
|
|
|
645 |
|
|
/*********************************************************************** |
646 |
|
|
* Other npppd related functions. |
647 |
|
|
***********************************************************************/ |
648 |
|
|
/** |
649 |
|
|
* Get the user's password. Return 0 on success. |
650 |
|
|
* |
651 |
|
|
* @param username Username who acquires password |
652 |
|
|
* @param password A pointer to a buffer space to store the password. |
653 |
|
|
* Use NULL when you need to know only the length of |
654 |
|
|
* the password. |
655 |
|
|
* @param plpassword A pointer to the length of the password parameter. |
656 |
|
|
* This function uses this parameter value and stores |
657 |
|
|
* the required length value pointed to by this |
658 |
|
|
* parameter. Use NULL when use don't need to know |
659 |
|
|
* the password and its length. |
660 |
|
|
* @return If the function succeeds, 0 is returned. The function returns |
661 |
|
|
* 1 if the username is unknown, returns 2 if the password buffer |
662 |
|
|
* length is not enough. It returns negative value for other |
663 |
|
|
* errors. |
664 |
|
|
*/ |
665 |
|
|
int |
666 |
|
|
npppd_get_user_password(npppd *_this, npppd_ppp *ppp, |
667 |
|
|
const char *username, char *password, int *plpassword) |
668 |
|
|
{ |
669 |
|
|
char buf0[MAX_USERNAME_LENGTH]; |
670 |
|
|
|
671 |
|
|
NPPPD_ASSERT(ppp->realm != NULL); |
672 |
|
|
return npppd_auth_get_user_password(ppp->realm, |
673 |
|
|
npppd_auth_username_for_auth(ppp->realm, username, buf0), password, |
674 |
|
|
plpassword); |
675 |
|
|
} |
676 |
|
|
|
677 |
|
|
/** Get the Framed-IP-Address attribute of the user */ |
678 |
|
|
struct in_addr * |
679 |
|
|
npppd_get_user_framed_ip_address(npppd *_this, npppd_ppp *ppp, |
680 |
|
|
const char *username) |
681 |
|
|
{ |
682 |
|
|
|
683 |
|
|
if (ppp->peer_auth == 0) { |
684 |
|
|
ppp->realm_framed_ip_address.s_addr = 0; |
685 |
|
|
goto do_default; |
686 |
|
|
} |
687 |
|
|
NPPPD_ASSERT(ppp->realm != NULL); |
688 |
|
|
|
689 |
|
|
if (ppp->realm_framed_ip_address.s_addr != 0) |
690 |
|
|
return &ppp->realm_framed_ip_address; |
691 |
|
|
|
692 |
|
|
/* assign by the authentication realm */ |
693 |
|
|
if (npppd_auth_get_framed_ip(ppp->realm, username, |
694 |
|
|
&ppp->realm_framed_ip_address, |
695 |
|
|
&ppp->realm_framed_ip_netmask) != 0) |
696 |
|
|
ppp->realm_framed_ip_address.s_addr = 0; |
697 |
|
|
|
698 |
|
|
do_default: |
699 |
|
|
/* Use USER_SELECT if the realm doesn't specify the ip address */ |
700 |
|
|
if (ppp->realm_framed_ip_address.s_addr == 0) |
701 |
|
|
ppp->realm_framed_ip_address.s_addr = INADDR_USER_SELECT; |
702 |
|
|
|
703 |
|
|
|
704 |
|
|
if (ppp->realm_framed_ip_address.s_addr == INADDR_USER_SELECT) { |
705 |
|
|
/* Use NAS_SELECT if USER_SELECT is not allowed by the config */ |
706 |
|
|
if (!ppp_ipcp(ppp)->allow_user_select) |
707 |
|
|
ppp->realm_framed_ip_address.s_addr = INADDR_NAS_SELECT; |
708 |
|
|
} |
709 |
|
|
NPPPD_DBG((LOG_DEBUG, "%s() = %s", __func__, |
710 |
|
|
inet_ntoa(ppp->realm_framed_ip_address))); |
711 |
|
|
|
712 |
|
|
return &ppp->realm_framed_ip_address; |
713 |
|
|
} |
714 |
|
|
|
715 |
|
|
/** XXX */ |
716 |
|
|
int |
717 |
|
|
npppd_check_calling_number(npppd *_this, npppd_ppp *ppp) |
718 |
|
|
{ |
719 |
|
|
struct tunnconf *conf; |
720 |
|
|
int lnumber, rval; |
721 |
|
|
char number[NPPPD_PHONE_NUMBER_LEN + 1]; |
722 |
|
|
|
723 |
|
|
conf = ppp_get_tunnconf(ppp); |
724 |
|
|
if (conf->callnum_check != 0) { |
725 |
|
|
lnumber = sizeof(number); |
726 |
|
|
if ((rval = npppd_auth_get_calling_number(ppp->realm, |
727 |
|
|
ppp->username, number, &lnumber)) == 0) |
728 |
|
|
return |
729 |
|
|
(strcmp(number, ppp->calling_number) == 0)? 1 : 0; |
730 |
|
|
if ((conf->callnum_check & NPPPD_CALLNUM_CHECK_STRICT) != 0) |
731 |
|
|
return 0; |
732 |
|
|
} |
733 |
|
|
|
734 |
|
|
return 1; |
735 |
|
|
} |
736 |
|
|
|
737 |
|
|
/** |
738 |
|
|
* This function finds a {@link npppd_ppp} instance that is assigned the |
739 |
|
|
* specified ip address and returns it |
740 |
|
|
* @param ipaddr IP Address(Specify in network byte order) |
741 |
|
|
*/ |
742 |
|
|
npppd_ppp * |
743 |
|
|
npppd_get_ppp_by_ip(npppd *_this, struct in_addr ipaddr) |
744 |
|
|
{ |
745 |
|
|
struct sockaddr_npppd *snp; |
746 |
|
|
struct radish *rdp; |
747 |
|
|
struct sockaddr_in npppd_get_ppp_by_ip_sin4; |
748 |
|
|
|
749 |
|
|
npppd_get_ppp_by_ip_sin4.sin_family = AF_INET; |
750 |
|
|
npppd_get_ppp_by_ip_sin4.sin_len = sizeof(struct sockaddr_in); |
751 |
|
|
npppd_get_ppp_by_ip_sin4.sin_addr = ipaddr; |
752 |
|
|
if (_this->rd == NULL) |
753 |
|
|
return NULL; /* no radix tree on startup */ |
754 |
|
|
if (rd_match((struct sockaddr *)&npppd_get_ppp_by_ip_sin4, _this->rd, |
755 |
|
|
&rdp)) { |
756 |
|
|
snp = rdp->rd_rtent; |
757 |
|
|
if (snp->snp_type == SNP_PPP) |
758 |
|
|
return snp->snp_data_ptr; |
759 |
|
|
} |
760 |
|
|
return NULL; |
761 |
|
|
} |
762 |
|
|
|
763 |
|
|
/** |
764 |
|
|
* This function finds {@link npppd_ppp} instances that are authenticated |
765 |
|
|
* as the specified username and returns them as a {@link slist} list. |
766 |
|
|
* @param username PPP Username. |
767 |
|
|
* @return {@link slist} that contans the {@link npppd_ppp} instances. |
768 |
|
|
* NULL may be returned if no instance has been found. |
769 |
|
|
*/ |
770 |
|
|
static slist * |
771 |
|
|
npppd_get_ppp_by_user(npppd *_this, const char *username) |
772 |
|
|
{ |
773 |
|
|
hash_link *hl; |
774 |
|
|
|
775 |
|
|
if ((hl = hash_lookup(_this->map_user_ppp, username)) != NULL) |
776 |
|
|
return hl->item; |
777 |
|
|
|
778 |
|
|
return NULL; |
779 |
|
|
} |
780 |
|
|
|
781 |
|
|
/** |
782 |
|
|
* This function finds a {@link npppd_ppp} instance that matches the specified |
783 |
|
|
* ppp id and returns it. |
784 |
|
|
* @param id {@link npppd_ppp#id ppp's id} |
785 |
|
|
* @return This function returns the pointer if the instance which has |
786 |
|
|
* specified ID is found, otherwise it returns NULL. |
787 |
|
|
*/ |
788 |
|
|
npppd_ppp * |
789 |
|
|
npppd_get_ppp_by_id(npppd *_this, u_int ppp_id) |
790 |
|
|
{ |
791 |
|
|
slist users; |
792 |
|
|
npppd_ppp *ppp0, *ppp; |
793 |
|
|
|
794 |
|
|
NPPPD_ASSERT(_this != NULL); |
795 |
|
|
|
796 |
|
|
ppp = NULL; |
797 |
|
|
slist_init(&users); |
798 |
|
|
if (npppd_get_all_users(_this, &users) != 0) { |
799 |
|
|
log_printf(LOG_WARNING, |
800 |
|
|
"npppd_get_all_users() failed in %s()", __func__); |
801 |
|
|
} else { |
802 |
|
|
/* FIXME: This linear search eats CPU. */ |
803 |
|
|
for (slist_itr_first(&users); slist_itr_has_next(&users); ) { |
804 |
|
|
ppp0 = slist_itr_next(&users); |
805 |
|
|
if (ppp0->id == ppp_id) { |
806 |
|
|
ppp = ppp0; |
807 |
|
|
break; |
808 |
|
|
} |
809 |
|
|
} |
810 |
|
|
} |
811 |
|
|
slist_fini(&users); |
812 |
|
|
|
813 |
|
|
return ppp; |
814 |
|
|
} |
815 |
|
|
|
816 |
|
|
static struct ipcpstat * |
817 |
|
|
npppd_get_ipcp_stat(struct ipcpstat_head *head , const char *ipcp_name) |
818 |
|
|
{ |
819 |
|
|
struct ipcpstat *ipcpstat = NULL; |
820 |
|
|
|
821 |
|
|
LIST_FOREACH(ipcpstat, head, entry) { |
822 |
|
|
if (strncmp(ipcpstat->name, ipcp_name, |
823 |
|
|
sizeof(ipcpstat->name)) == 0) |
824 |
|
|
return ipcpstat; |
825 |
|
|
} |
826 |
|
|
|
827 |
|
|
return NULL; |
828 |
|
|
} |
829 |
|
|
|
830 |
|
|
static void |
831 |
|
|
npppd_destroy_ipcp_stats(struct ipcpstat_head *head) |
832 |
|
|
{ |
833 |
|
|
struct ipcpstat *ipcpstat, *tipcpstat; |
834 |
|
|
npppd_ppp *ppp, *tppp; |
835 |
|
|
|
836 |
|
|
LIST_FOREACH_SAFE(ipcpstat, head, entry, tipcpstat) { |
837 |
|
|
LIST_FOREACH_SAFE(ppp, &ipcpstat->ppp, ipcpstat_entry, tppp) { |
838 |
|
|
ppp->ipcpstat = NULL; |
839 |
|
|
LIST_REMOVE(ppp, ipcpstat_entry); |
840 |
|
|
} |
841 |
|
|
free(ipcpstat); |
842 |
|
|
} |
843 |
|
|
} |
844 |
|
|
|
845 |
|
|
static void |
846 |
|
|
npppd_ipcp_stats_reload(npppd *_this) |
847 |
|
|
{ |
848 |
|
|
struct ipcpstat *ipcpstat, *tipcpstat; |
849 |
|
|
struct ipcpconf *ipcpconf; |
850 |
|
|
struct ipcpstat_head destroy_list; |
851 |
|
|
|
852 |
|
|
LIST_INIT(&destroy_list); |
853 |
|
|
LIST_FOREACH_SAFE(ipcpstat, &_this->ipcpstats, entry, tipcpstat) { |
854 |
|
|
LIST_REMOVE(ipcpstat, entry); |
855 |
|
|
LIST_INSERT_HEAD(&destroy_list, ipcpstat, entry); |
856 |
|
|
} |
857 |
|
|
|
858 |
|
|
TAILQ_FOREACH(ipcpconf, &_this->conf.ipcpconfs, entry) { |
859 |
|
|
ipcpstat = npppd_get_ipcp_stat(&destroy_list, ipcpconf->name); |
860 |
|
|
if (ipcpstat != NULL) { |
861 |
|
|
LIST_REMOVE(ipcpstat, entry); |
862 |
|
|
LIST_INSERT_HEAD(&_this->ipcpstats, ipcpstat, entry); |
863 |
|
|
continue; |
864 |
|
|
} |
865 |
|
|
|
866 |
|
|
ipcpstat = malloc(sizeof(*ipcpstat)); |
867 |
|
|
if (ipcpstat == NULL) { |
868 |
|
|
log_printf(LOG_ERR, "initializing ipcp_stats failed : %m"); |
869 |
|
|
continue; |
870 |
|
|
} |
871 |
|
|
memset(ipcpstat, 0, sizeof(*ipcpstat)); |
872 |
|
|
strlcpy(ipcpstat->name, ipcpconf->name, sizeof(ipcpconf->name)); |
873 |
|
|
LIST_INSERT_HEAD(&_this->ipcpstats, ipcpstat, entry); |
874 |
|
|
} |
875 |
|
|
npppd_destroy_ipcp_stats(&destroy_list); |
876 |
|
|
} |
877 |
|
|
|
878 |
|
|
/** |
879 |
|
|
* Checks whether the user reaches the maximum session limit |
880 |
|
|
* (user_max_serssion). |
881 |
|
|
* @return This function returns 1(true) if the user does not reach the |
882 |
|
|
* limit, otherwise it returns 0(false). |
883 |
|
|
*/ |
884 |
|
|
int |
885 |
|
|
npppd_check_user_max_session(npppd *_this, npppd_ppp *ppp) |
886 |
|
|
{ |
887 |
|
|
int global_count, realm_count; |
888 |
|
|
npppd_ppp *ppp1; |
889 |
|
|
slist *uppp; |
890 |
|
|
|
891 |
|
|
/* user_max_session == 0 means unlimit */ |
892 |
|
|
if (_this->conf.user_max_session == 0 && |
893 |
|
|
npppd_auth_user_session_unlimited(ppp->realm)) |
894 |
|
|
return 1; |
895 |
|
|
|
896 |
|
|
global_count = realm_count = 0; |
897 |
|
|
if ((uppp = npppd_get_ppp_by_user(_this, ppp->username)) != NULL) { |
898 |
|
|
for (slist_itr_first(uppp); slist_itr_has_next(uppp); ) { |
899 |
|
|
ppp1 = slist_itr_next(uppp); |
900 |
|
|
if (ppp->realm == ppp1->realm) |
901 |
|
|
realm_count++; |
902 |
|
|
global_count++; |
903 |
|
|
} |
904 |
|
|
} |
905 |
|
|
|
906 |
|
|
if (npppd_check_auth_user_max_session(ppp->realm, realm_count)) { |
907 |
|
|
ppp_log(ppp, LOG_WARNING, |
908 |
|
|
"user %s exceeds user-max-session limit per auth", |
909 |
|
|
ppp->username); |
910 |
|
|
return 0; |
911 |
|
|
} else if (_this->conf.user_max_session != 0 && |
912 |
|
|
_this->conf.user_max_session <= global_count) { |
913 |
|
|
ppp_log(ppp, LOG_WARNING, |
914 |
|
|
"user %s exceeds user-max-session limit", ppp->username); |
915 |
|
|
return 0; |
916 |
|
|
} else |
917 |
|
|
return 1; |
918 |
|
|
} |
919 |
|
|
|
920 |
|
|
/*********************************************************************** |
921 |
|
|
* Network I/O ralated functions. |
922 |
|
|
***********************************************************************/ |
923 |
|
|
/** |
924 |
|
|
* Call this function to output packets to the network(tun). This function |
925 |
|
|
* currently assumes the packet is a IPv4 datagram. |
926 |
|
|
*/ |
927 |
|
|
void |
928 |
|
|
npppd_network_output(npppd *_this, npppd_ppp *ppp, int proto, u_char *pktp, |
929 |
|
|
int lpktp) |
930 |
|
|
{ |
931 |
|
|
struct ip *pip; |
932 |
|
|
int lbuf; |
933 |
|
|
u_char buf[256]; /* enough size for TCP/IP header */ |
934 |
|
|
|
935 |
|
|
NPPPD_ASSERT(ppp != NULL); |
936 |
|
|
|
937 |
|
|
if (!ppp_ip_assigned(ppp)) |
938 |
|
|
return; |
939 |
|
|
|
940 |
|
|
if (lpktp < sizeof(struct ip)) { |
941 |
|
|
ppp_log(ppp, LOG_DEBUG, "Received IP packet is too small"); |
942 |
|
|
return; |
943 |
|
|
} |
944 |
|
|
lbuf = MINIMUM(lpktp, sizeof(buf)); |
945 |
|
|
if (!ALIGNED_POINTER(pktp, struct ip)) { |
946 |
|
|
memcpy(buf, pktp, lbuf); |
947 |
|
|
pip = (struct ip *)buf; |
948 |
|
|
} else { |
949 |
|
|
pip = (struct ip *)pktp; |
950 |
|
|
} |
951 |
|
|
|
952 |
|
|
if (ppp->ingress_filter != 0 && |
953 |
|
|
(pip->ip_src.s_addr & ppp->ppp_framed_ip_netmask.s_addr) |
954 |
|
|
!= (ppp->ppp_framed_ip_address.s_addr & |
955 |
|
|
ppp->ppp_framed_ip_netmask.s_addr)) { |
956 |
|
|
char logbuf[80]; |
957 |
|
|
strlcpy(logbuf, inet_ntoa(pip->ip_dst), sizeof(logbuf)); |
958 |
|
|
ppp_log(ppp, LOG_INFO, |
959 |
|
|
"Drop packet by ingress filter. %s => %s", |
960 |
|
|
inet_ntoa(pip->ip_src), logbuf); |
961 |
|
|
|
962 |
|
|
return; |
963 |
|
|
} |
964 |
|
|
if (ppp->timeout_sec > 0 && !ip_is_idle_packet(pip, lbuf)) |
965 |
|
|
ppp_reset_idle_timeout(ppp); |
966 |
|
|
|
967 |
|
|
#ifndef NO_ADJUST_MSS |
968 |
|
|
if (ppp->adjust_mss) { |
969 |
|
|
if (lpktp == lbuf) { |
970 |
|
|
/* |
971 |
|
|
* We can assume the packet length is less than |
972 |
|
|
* sizeof(buf). |
973 |
|
|
*/ |
974 |
|
|
if (!ALIGNED_POINTER(pktp, struct ip)) |
975 |
|
|
pktp = buf; |
976 |
|
|
adjust_tcp_mss(pktp, lpktp, MRU_IPMTU(ppp->peer_mru)); |
977 |
|
|
} |
978 |
|
|
} |
979 |
|
|
#endif |
980 |
|
|
npppd_iface_write(ppp_iface(ppp), ppp, proto, pktp, lpktp); |
981 |
|
|
} |
982 |
|
|
|
983 |
|
|
#ifdef USE_NPPPD_PIPEX |
984 |
|
|
/*********************************************************************** |
985 |
|
|
* PIPEX related functions |
986 |
|
|
***********************************************************************/ |
987 |
|
|
static void |
988 |
|
|
pipex_setup_common(npppd_ppp *ppp, struct pipex_session_req *req) |
989 |
|
|
{ |
990 |
|
|
memset(req, 0, sizeof(*req)); |
991 |
|
|
if (psm_opt_is_accepted(&ppp->lcp, acfc)) |
992 |
|
|
req->pr_ppp_flags |= PIPEX_PPP_ACFC_ENABLED; |
993 |
|
|
if (psm_peer_opt_is_accepted(&ppp->lcp, acfc)) |
994 |
|
|
req->pr_ppp_flags |= PIPEX_PPP_ACFC_ACCEPTED; |
995 |
|
|
|
996 |
|
|
if (psm_peer_opt_is_accepted(&ppp->lcp, pfc)) |
997 |
|
|
req->pr_ppp_flags |= PIPEX_PPP_PFC_ACCEPTED; |
998 |
|
|
if (psm_opt_is_accepted(&ppp->lcp, pfc)) |
999 |
|
|
req->pr_ppp_flags |= PIPEX_PPP_PFC_ENABLED; |
1000 |
|
|
|
1001 |
|
|
if (ppp->has_acf != 0) |
1002 |
|
|
req->pr_ppp_flags |= PIPEX_PPP_HAS_ACF; |
1003 |
|
|
|
1004 |
|
|
if (ppp->adjust_mss != 0) |
1005 |
|
|
req->pr_ppp_flags |= PIPEX_PPP_ADJUST_TCPMSS; |
1006 |
|
|
if (ppp->ingress_filter != 0) |
1007 |
|
|
req->pr_ppp_flags |= PIPEX_PPP_INGRESS_FILTER; |
1008 |
|
|
|
1009 |
|
|
req->pr_ip_srcaddr = ppp->pppd->iface[0].ip4addr; |
1010 |
|
|
req->pr_ip_address = ppp->ppp_framed_ip_address; |
1011 |
|
|
req->pr_ip_netmask = ppp->ppp_framed_ip_netmask; |
1012 |
|
|
req->pr_peer_mru = ppp->peer_mru; |
1013 |
|
|
req->pr_ppp_id = ppp->id; |
1014 |
|
|
|
1015 |
|
|
req->pr_timeout_sec = ppp->timeout_sec; |
1016 |
|
|
|
1017 |
|
|
#ifdef USE_NPPPD_MPPE |
1018 |
|
|
req->pr_ccp_id = ppp->ccp.fsm.id; |
1019 |
|
|
if (ppp->mppe.send.keybits > 0) { |
1020 |
|
|
memcpy(req->pr_mppe_send.master_key, |
1021 |
|
|
ppp->mppe.send.master_key, |
1022 |
|
|
sizeof(req->pr_mppe_send.master_key)); |
1023 |
|
|
req->pr_mppe_send.stateless = ppp->mppe.send.stateless; |
1024 |
|
|
req->pr_mppe_send.keylenbits = ppp->mppe.send.keybits; |
1025 |
|
|
req->pr_ppp_flags |= PIPEX_PPP_MPPE_ENABLED; |
1026 |
|
|
} |
1027 |
|
|
if (ppp->mppe.recv.keybits > 0) { |
1028 |
|
|
memcpy(req->pr_mppe_recv.master_key, |
1029 |
|
|
ppp->mppe.recv.master_key, |
1030 |
|
|
sizeof(req->pr_mppe_recv.master_key)); |
1031 |
|
|
req->pr_mppe_recv.stateless = ppp->mppe.recv.stateless; |
1032 |
|
|
req->pr_mppe_recv.keylenbits = ppp->mppe.recv.keybits; |
1033 |
|
|
req->pr_ppp_flags |= PIPEX_PPP_MPPE_ACCEPTED; |
1034 |
|
|
} |
1035 |
|
|
if (ppp->mppe.required) |
1036 |
|
|
req->pr_ppp_flags |= PIPEX_PPP_MPPE_REQUIRED; |
1037 |
|
|
#endif /* USE_NPPPD_MPPE */ |
1038 |
|
|
} |
1039 |
|
|
|
1040 |
|
|
/** Enable PIPEX of the {@link npppd_ppp ppp} */ |
1041 |
|
|
int |
1042 |
|
|
npppd_ppp_pipex_enable(npppd *_this, npppd_ppp *ppp) |
1043 |
|
|
{ |
1044 |
|
|
struct pipex_session_req req; |
1045 |
|
|
#ifdef USE_NPPPD_PPPOE |
1046 |
|
|
pppoe_session *pppoe; |
1047 |
|
|
#endif |
1048 |
|
|
#ifdef USE_NPPPD_PPTP |
1049 |
|
|
pptp_call *call; |
1050 |
|
|
#endif |
1051 |
|
|
#ifdef USE_NPPPD_L2TP |
1052 |
|
|
l2tp_call *l2tp; |
1053 |
|
|
l2tp_ctrl *l2tpctrl; |
1054 |
|
|
#endif |
1055 |
|
|
int error; |
1056 |
|
|
|
1057 |
|
|
NPPPD_ASSERT(ppp != NULL); |
1058 |
|
|
NPPPD_ASSERT(ppp->phy_context != NULL); |
1059 |
|
|
NPPPD_ASSERT(ppp->use_pipex != 0); |
1060 |
|
|
|
1061 |
|
|
pipex_setup_common(ppp, &req); |
1062 |
|
|
|
1063 |
|
|
switch (ppp->tunnel_type) { |
1064 |
|
|
#ifdef USE_NPPPD_PPPOE |
1065 |
|
|
case NPPPD_TUNNEL_PPPOE: |
1066 |
|
|
{ |
1067 |
|
|
struct sockaddr *sa; |
1068 |
|
|
struct ether_header *eh; |
1069 |
|
|
pppoe = (pppoe_session *)ppp->phy_context; |
1070 |
|
|
|
1071 |
|
|
/* PPPoE specific informations */ |
1072 |
|
|
req.pr_protocol = PIPEX_PROTO_PPPOE; |
1073 |
|
|
req.pr_session_id = pppoe->session_id; |
1074 |
|
|
req.pr_peer_session_id = 0; |
1075 |
|
|
strlcpy(req.pr_proto.pppoe.over_ifname, |
1076 |
|
|
pppoe_session_listen_ifname(pppoe), |
1077 |
|
|
sizeof(req.pr_proto.pppoe.over_ifname)); |
1078 |
|
|
|
1079 |
|
|
sa = (struct sockaddr *)&req.pr_peer_address; |
1080 |
|
|
sa->sa_family = AF_UNSPEC; |
1081 |
|
|
sa->sa_len = sizeof(struct sockaddr); |
1082 |
|
|
|
1083 |
|
|
eh = (struct ether_header *)sa->sa_data; |
1084 |
|
|
eh->ether_type = htons(ETHERTYPE_PPPOE); |
1085 |
|
|
memcpy(eh->ether_dhost, pppoe->ether_addr, ETHER_ADDR_LEN); |
1086 |
|
|
memset(eh->ether_shost, 0, ETHER_ADDR_LEN); |
1087 |
|
|
|
1088 |
|
|
break; |
1089 |
|
|
} |
1090 |
|
|
#endif |
1091 |
|
|
#ifdef USE_NPPPD_PPTP |
1092 |
|
|
case NPPPD_TUNNEL_PPTP: |
1093 |
|
|
call = (pptp_call *)ppp->phy_context; |
1094 |
|
|
|
1095 |
|
|
/* PPTP specific informations */ |
1096 |
|
|
req.pr_session_id = call->id; |
1097 |
|
|
req.pr_protocol = PIPEX_PROTO_PPTP; |
1098 |
|
|
|
1099 |
|
|
req.pr_peer_session_id = call->peers_call_id; |
1100 |
|
|
req.pr_proto.pptp.snd_nxt = call->snd_nxt; |
1101 |
|
|
req.pr_proto.pptp.snd_una = call->snd_una; |
1102 |
|
|
req.pr_proto.pptp.rcv_nxt = call->rcv_nxt; |
1103 |
|
|
req.pr_proto.pptp.rcv_acked = call->rcv_acked; |
1104 |
|
|
req.pr_proto.pptp.winsz = call->winsz; |
1105 |
|
|
req.pr_proto.pptp.maxwinsz = call->maxwinsz; |
1106 |
|
|
req.pr_proto.pptp.peer_maxwinsz = call->peers_maxwinsz; |
1107 |
|
|
|
1108 |
|
|
NPPPD_ASSERT(call->ctrl->peer.ss_family == AF_INET); |
1109 |
|
|
NPPPD_ASSERT(call->ctrl->our.ss_family == AF_INET); |
1110 |
|
|
|
1111 |
|
|
memcpy(&req.pr_peer_address, &call->ctrl->peer, |
1112 |
|
|
call->ctrl->peer.ss_len); |
1113 |
|
|
memcpy(&req.pr_local_address, &call->ctrl->our, |
1114 |
|
|
call->ctrl->our.ss_len); |
1115 |
|
|
break; |
1116 |
|
|
#endif |
1117 |
|
|
#ifdef USE_NPPPD_L2TP |
1118 |
|
|
case NPPPD_TUNNEL_L2TP: |
1119 |
|
|
l2tp = (l2tp_call *)ppp->phy_context; |
1120 |
|
|
l2tpctrl = l2tp->ctrl; |
1121 |
|
|
|
1122 |
|
|
/* L2TPv2 specific context */ |
1123 |
|
|
/* Session KEYS */ |
1124 |
|
|
req.pr_protocol = PIPEX_PROTO_L2TP; |
1125 |
|
|
req.pr_proto.l2tp.tunnel_id = l2tpctrl->tunnel_id; |
1126 |
|
|
req.pr_proto.l2tp.peer_tunnel_id = l2tpctrl->peer_tunnel_id; |
1127 |
|
|
req.pr_session_id = l2tp->session_id; |
1128 |
|
|
req.pr_peer_session_id = l2tp->peer_session_id; |
1129 |
|
|
|
1130 |
|
|
if (l2tpctrl->data_use_seq) |
1131 |
|
|
req.pr_proto.l2tp.option_flags |= |
1132 |
|
|
PIPEX_L2TP_USE_SEQUENCING; |
1133 |
|
|
|
1134 |
|
|
/* transmission control contexts */ |
1135 |
|
|
req.pr_proto.l2tp.ns_nxt = l2tp->snd_nxt; |
1136 |
|
|
req.pr_proto.l2tp.nr_nxt = l2tp->rcv_nxt; |
1137 |
|
|
|
1138 |
|
|
memcpy(&req.pr_peer_address, &l2tpctrl->peer, |
1139 |
|
|
l2tpctrl->peer.ss_len); |
1140 |
|
|
memcpy(&req.pr_local_address, &l2tpctrl->sock, |
1141 |
|
|
l2tpctrl->sock.ss_len); |
1142 |
|
|
#ifdef USE_SA_COOKIE |
1143 |
|
|
if (l2tpctrl->sa_cookie != NULL) { |
1144 |
|
|
req.pr_proto.l2tp.ipsecflowinfo = |
1145 |
|
|
((struct in_ipsec_sa_cookie *)l2tpctrl->sa_cookie) |
1146 |
|
|
->ipsecflow; |
1147 |
|
|
} |
1148 |
|
|
#endif |
1149 |
|
|
break; |
1150 |
|
|
#endif |
1151 |
|
|
default: |
1152 |
|
|
return 1; |
1153 |
|
|
} |
1154 |
|
|
|
1155 |
|
|
if ((error = ioctl(_this->iface[ppp->ifidx].devf, PIPEXASESSION, &req)) |
1156 |
|
|
!= 0) { |
1157 |
|
|
if (errno == ENXIO) /* pipex is disabled on runtime */ |
1158 |
|
|
error = 0; |
1159 |
|
|
ppp->pipex_enabled = 0; |
1160 |
|
|
return error; |
1161 |
|
|
} |
1162 |
|
|
|
1163 |
|
|
if (_this->iface[ppp->ifidx].using_pppx) { |
1164 |
|
|
struct pipex_session_descr_req descr_req; |
1165 |
|
|
|
1166 |
|
|
descr_req.pdr_protocol = req.pr_protocol; |
1167 |
|
|
descr_req.pdr_session_id = req.pr_session_id; |
1168 |
|
|
memset(descr_req.pdr_descr, 0, sizeof(descr_req.pdr_descr)); |
1169 |
|
|
strlcpy(descr_req.pdr_descr, ppp->username, sizeof(descr_req.pdr_descr)); |
1170 |
|
|
error = ioctl(_this->iface[ppp->ifidx].devf, PIPEXSIFDESCR, &descr_req); |
1171 |
|
|
if (error != 0) { |
1172 |
|
|
log_printf(LOG_WARNING, "PIPEXSIFDESCR(%s) failed: %d\n", ppp->username, error); |
1173 |
|
|
} |
1174 |
|
|
} |
1175 |
|
|
|
1176 |
|
|
ppp->pipex_enabled = 1; |
1177 |
|
|
if (ppp->timeout_sec > 0) { |
1178 |
|
|
/* Stop the npppd's idle-timer. We use pipex's idle-timer */ |
1179 |
|
|
ppp->timeout_sec = 0; |
1180 |
|
|
ppp_reset_idle_timeout(ppp); |
1181 |
|
|
} |
1182 |
|
|
|
1183 |
|
|
return error; |
1184 |
|
|
} |
1185 |
|
|
|
1186 |
|
|
/** Disable PIPEX of the {@link npppd_ppp ppp} */ |
1187 |
|
|
int |
1188 |
|
|
npppd_ppp_pipex_disable(npppd *_this, npppd_ppp *ppp) |
1189 |
|
|
{ |
1190 |
|
|
struct pipex_session_close_req req; |
1191 |
|
|
#ifdef USE_NPPPD_PPPOE |
1192 |
|
|
pppoe_session *pppoe; |
1193 |
|
|
#endif |
1194 |
|
|
#ifdef USE_NPPPD_PPTP |
1195 |
|
|
pptp_call *call; |
1196 |
|
|
#endif |
1197 |
|
|
#ifdef USE_NPPPD_L2TP |
1198 |
|
|
l2tp_call *l2tp; |
1199 |
|
|
#endif |
1200 |
|
|
int error; |
1201 |
|
|
|
1202 |
|
|
if (ppp->pipex_started == 0) |
1203 |
|
|
return 0; /* not started */ |
1204 |
|
|
|
1205 |
|
|
bzero(&req, sizeof(req)); |
1206 |
|
|
switch(ppp->tunnel_type) { |
1207 |
|
|
#ifdef USE_NPPPD_PPPOE |
1208 |
|
|
case NPPPD_TUNNEL_PPPOE: |
1209 |
|
|
pppoe = (pppoe_session *)ppp->phy_context; |
1210 |
|
|
|
1211 |
|
|
/* PPPoE specific informations */ |
1212 |
|
|
req.pcr_protocol = PIPEX_PROTO_PPPOE; |
1213 |
|
|
req.pcr_session_id = pppoe->session_id; |
1214 |
|
|
break; |
1215 |
|
|
#endif |
1216 |
|
|
#ifdef USE_NPPPD_PPTP |
1217 |
|
|
case NPPPD_TUNNEL_PPTP: |
1218 |
|
|
call = (pptp_call *)ppp->phy_context; |
1219 |
|
|
|
1220 |
|
|
/* PPTP specific informations */ |
1221 |
|
|
req.pcr_session_id = call->id; |
1222 |
|
|
req.pcr_protocol = PIPEX_PROTO_PPTP; |
1223 |
|
|
break; |
1224 |
|
|
#endif |
1225 |
|
|
#ifdef USE_NPPPD_L2TP |
1226 |
|
|
case NPPPD_TUNNEL_L2TP: |
1227 |
|
|
l2tp = (l2tp_call *)ppp->phy_context; |
1228 |
|
|
|
1229 |
|
|
/* L2TP specific context */ |
1230 |
|
|
req.pcr_session_id = l2tp->session_id; |
1231 |
|
|
req.pcr_protocol = PIPEX_PROTO_L2TP; |
1232 |
|
|
break; |
1233 |
|
|
#endif |
1234 |
|
|
default: |
1235 |
|
|
return 1; |
1236 |
|
|
} |
1237 |
|
|
|
1238 |
|
|
error = ioctl(_this->iface[ppp->ifidx].devf, PIPEXDSESSION, &req); |
1239 |
|
|
if (error == 0) { |
1240 |
|
|
ppp->ipackets += req.pcr_stat.ipackets; |
1241 |
|
|
ppp->opackets += req.pcr_stat.opackets; |
1242 |
|
|
ppp->ierrors += req.pcr_stat.ierrors; |
1243 |
|
|
ppp->oerrors += req.pcr_stat.oerrors; |
1244 |
|
|
ppp->ibytes += req.pcr_stat.ibytes; |
1245 |
|
|
ppp->obytes += req.pcr_stat.obytes; |
1246 |
|
|
ppp->pipex_enabled = 0; |
1247 |
|
|
} |
1248 |
|
|
|
1249 |
|
|
return error; |
1250 |
|
|
} |
1251 |
|
|
|
1252 |
|
|
/* XXX: s/npppd_ppp_pipex_ip_disable/npppd_ppp_pipex_stop/ ?? */ |
1253 |
|
|
|
1254 |
|
|
/** Stop PIPEX of the {@link npppd_ppp ppp} */ |
1255 |
|
|
static int |
1256 |
|
|
npppd_ppp_pipex_ip_disable(npppd *_this, npppd_ppp *ppp) |
1257 |
|
|
{ |
1258 |
|
|
struct pipex_session_config_req req; |
1259 |
|
|
#ifdef USE_NPPPD_PPPOE |
1260 |
|
|
pppoe_session *pppoe; |
1261 |
|
|
#endif |
1262 |
|
|
#ifdef USE_NPPPD_PPTP |
1263 |
|
|
pptp_call *call; |
1264 |
|
|
#endif |
1265 |
|
|
#ifdef USE_NPPPD_L2TP |
1266 |
|
|
l2tp_call *l2tp; |
1267 |
|
|
#endif |
1268 |
|
|
if (ppp->pipex_started == 0) |
1269 |
|
|
return 0; /* not started */ |
1270 |
|
|
|
1271 |
|
|
bzero(&req, sizeof(req)); |
1272 |
|
|
switch(ppp->tunnel_type) { |
1273 |
|
|
#ifdef USE_NPPPD_PPPOE |
1274 |
|
|
case NPPPD_TUNNEL_PPPOE: |
1275 |
|
|
pppoe = (pppoe_session *)ppp->phy_context; |
1276 |
|
|
|
1277 |
|
|
/* PPPoE specific informations */ |
1278 |
|
|
req.pcr_protocol = PIPEX_PROTO_PPPOE; |
1279 |
|
|
req.pcr_session_id = pppoe->session_id; |
1280 |
|
|
break; |
1281 |
|
|
#endif |
1282 |
|
|
#ifdef USE_NPPPD_PPTP |
1283 |
|
|
case NPPPD_TUNNEL_PPTP: |
1284 |
|
|
call = (pptp_call *)ppp->phy_context; |
1285 |
|
|
|
1286 |
|
|
/* PPTP specific informations */ |
1287 |
|
|
req.pcr_session_id = call->id; |
1288 |
|
|
req.pcr_protocol = PIPEX_PROTO_PPTP; |
1289 |
|
|
break; |
1290 |
|
|
#endif |
1291 |
|
|
#ifdef USE_NPPPD_L2TP |
1292 |
|
|
case NPPPD_TUNNEL_L2TP: |
1293 |
|
|
l2tp = (l2tp_call *)ppp->phy_context; |
1294 |
|
|
|
1295 |
|
|
/* L2TP specific context */ |
1296 |
|
|
req.pcr_session_id = l2tp->session_id; |
1297 |
|
|
req.pcr_protocol = PIPEX_PROTO_L2TP; |
1298 |
|
|
break; |
1299 |
|
|
#endif |
1300 |
|
|
default: |
1301 |
|
|
return 1; |
1302 |
|
|
} |
1303 |
|
|
req.pcr_ip_forward = 0; |
1304 |
|
|
|
1305 |
|
|
return ioctl(_this->iface[ppp->ifidx].devf, PIPEXCSESSION, &req); |
1306 |
|
|
} |
1307 |
|
|
|
1308 |
|
|
static void |
1309 |
|
|
pipex_periodic(npppd *_this) |
1310 |
|
|
{ |
1311 |
|
|
struct pipex_session_list_req req; |
1312 |
|
|
npppd_ppp *ppp; |
1313 |
|
|
int i, devf, error; |
1314 |
|
|
u_int ppp_id; |
1315 |
|
|
slist dlist, users; |
1316 |
|
|
|
1317 |
|
|
slist_init(&dlist); |
1318 |
|
|
slist_init(&users); |
1319 |
|
|
|
1320 |
|
|
devf = -1; |
1321 |
|
|
for (i = 0; i < nitems(_this->iface); i++) { |
1322 |
|
|
if (_this->iface[i].initialized != 0) { |
1323 |
|
|
devf = _this->iface[i].devf; |
1324 |
|
|
break; |
1325 |
|
|
} |
1326 |
|
|
} |
1327 |
|
|
if (devf >= 0) { |
1328 |
|
|
do { |
1329 |
|
|
error = ioctl(devf, PIPEXGCLOSED, &req); |
1330 |
|
|
if (error) { |
1331 |
|
|
if (errno != ENXIO) |
1332 |
|
|
log_printf(LOG_WARNING, |
1333 |
|
|
"PIPEXGCLOSED failed: %m"); |
1334 |
|
|
break; |
1335 |
|
|
} |
1336 |
|
|
for (i = 0; i < req.plr_ppp_id_count; i++) { |
1337 |
|
|
ppp_id = req.plr_ppp_id[i]; |
1338 |
|
|
slist_add(&dlist, (void *)(uintptr_t)ppp_id); |
1339 |
|
|
} |
1340 |
|
|
} while (req.plr_flags & PIPEX_LISTREQ_MORE); |
1341 |
|
|
} |
1342 |
|
|
|
1343 |
|
|
if (slist_length(&dlist) <= 0) |
1344 |
|
|
goto pipex_done; |
1345 |
|
|
if (npppd_get_all_users(_this, &users) != 0) { |
1346 |
|
|
log_printf(LOG_WARNING, |
1347 |
|
|
"npppd_get_all_users() failed in %s()", __func__); |
1348 |
|
|
slist_fini(&users); |
1349 |
|
|
goto pipex_done; |
1350 |
|
|
} |
1351 |
|
|
|
1352 |
|
|
/* Disconnect request */ |
1353 |
|
|
slist_itr_first(&dlist); |
1354 |
|
|
while (slist_itr_has_next(&dlist)) { |
1355 |
|
|
/* FIXME: Linear search by PPP Id eats CPU */ |
1356 |
|
|
ppp_id = (uintptr_t)slist_itr_next(&dlist); |
1357 |
|
|
slist_itr_first(&users); |
1358 |
|
|
ppp = NULL; |
1359 |
|
|
while (slist_itr_has_next(&users)) { |
1360 |
|
|
ppp = slist_itr_next(&users); |
1361 |
|
|
if (ppp_id == ppp->id) { |
1362 |
|
|
/* found */ |
1363 |
|
|
slist_itr_remove(&users); |
1364 |
|
|
break; |
1365 |
|
|
} |
1366 |
|
|
ppp = NULL; |
1367 |
|
|
} |
1368 |
|
|
if (ppp == NULL) { |
1369 |
|
|
log_printf(LOG_WARNING, |
1370 |
|
|
"kernel requested a ppp down, but it's not found. " |
1371 |
|
|
"ppp=%d", ppp_id); |
1372 |
|
|
continue; |
1373 |
|
|
} |
1374 |
|
|
ppp_log(ppp, LOG_INFO, "Stop requested by the kernel"); |
1375 |
|
|
/* TODO: PIPEX doesn't return the disconect reason */ |
1376 |
|
|
#ifdef USE_NPPPD_RADIUS |
1377 |
|
|
ppp_set_radius_terminate_cause(ppp, |
1378 |
|
|
RADIUS_TERMNATE_CAUSE_IDLE_TIMEOUT); |
1379 |
|
|
#endif |
1380 |
|
|
ppp_stop(ppp, NULL); |
1381 |
|
|
} |
1382 |
|
|
pipex_done: |
1383 |
|
|
slist_fini(&users); |
1384 |
|
|
slist_fini(&dlist); |
1385 |
|
|
} |
1386 |
|
|
#endif /* USE_NPPPD_PIPEX */ |
1387 |
|
|
|
1388 |
|
|
/*********************************************************************** |
1389 |
|
|
* IP address assignment related functions |
1390 |
|
|
***********************************************************************/ |
1391 |
|
|
/** Prepare to use IP */ |
1392 |
|
|
int |
1393 |
|
|
npppd_prepare_ip(npppd *_this, npppd_ppp *ppp) |
1394 |
|
|
{ |
1395 |
|
|
|
1396 |
|
|
if (ppp_ipcp(ppp) == NULL) |
1397 |
|
|
return 1; |
1398 |
|
|
|
1399 |
|
|
npppd_get_user_framed_ip_address(_this, ppp, ppp->username); |
1400 |
|
|
|
1401 |
|
|
if (npppd_iface_ip_is_ready(ppp_iface(ppp))) |
1402 |
|
|
ppp->ipcp.ip4_our = ppp_iface(ppp)->ip4addr; |
1403 |
|
|
else if (npppd_iface_ip_is_ready(&_this->iface[0])) |
1404 |
|
|
ppp->ipcp.ip4_our = _this->iface[0].ip4addr; |
1405 |
|
|
else |
1406 |
|
|
return -1; |
1407 |
|
|
ppp->ipcp.dns_pri = ppp_ipcp(ppp)->dns_servers[0]; |
1408 |
|
|
ppp->ipcp.dns_sec = ppp_ipcp(ppp)->dns_servers[1]; |
1409 |
|
|
ppp->ipcp.nbns_pri = ppp_ipcp(ppp)->nbns_servers[0]; |
1410 |
|
|
ppp->ipcp.nbns_sec = ppp_ipcp(ppp)->nbns_servers[1]; |
1411 |
|
|
|
1412 |
|
|
return 0; |
1413 |
|
|
} |
1414 |
|
|
|
1415 |
|
|
/** Notify stop using IP to npppd and release the resources. */ |
1416 |
|
|
void |
1417 |
|
|
npppd_release_ip(npppd *_this, npppd_ppp *ppp) |
1418 |
|
|
{ |
1419 |
|
|
|
1420 |
|
|
if (!ppp_ip_assigned(ppp)) |
1421 |
|
|
return; |
1422 |
|
|
|
1423 |
|
|
npppd_set_ip_enabled(_this, ppp, 0); |
1424 |
|
|
npppd_pool_release_ip(ppp->assigned_pool, ppp); |
1425 |
|
|
ppp->assigned_pool = NULL; |
1426 |
|
|
ppp->ppp_framed_ip_address.s_addr = 0; |
1427 |
|
|
} |
1428 |
|
|
|
1429 |
|
|
/** |
1430 |
|
|
* Change IP enableness. When the enableness is change, npppd will operate |
1431 |
|
|
* the route entry. |
1432 |
|
|
*/ |
1433 |
|
|
void |
1434 |
|
|
npppd_set_ip_enabled(npppd *_this, npppd_ppp *ppp, int enabled) |
1435 |
|
|
{ |
1436 |
|
|
int was_enabled, found; |
1437 |
|
|
slist *u; |
1438 |
|
|
hash_link *hl; |
1439 |
|
|
npppd_ppp *ppp1; |
1440 |
|
|
|
1441 |
|
|
NPPPD_ASSERT(ppp_ip_assigned(ppp)); |
1442 |
|
|
NPPPD_DBG((LOG_DEBUG, |
1443 |
|
|
"npppd_set_ip_enabled(%s/%s, %s)", ppp->username, |
1444 |
|
|
inet_ntoa(ppp->ppp_framed_ip_address), |
1445 |
|
|
(enabled)?"true" : "false")); |
1446 |
|
|
|
1447 |
|
|
/* |
1448 |
|
|
* Don't do anything if the enableness is not change. Changing route |
1449 |
|
|
* makes many programs will wake up and do heavy operations, it causes |
1450 |
|
|
* system overload, so we refrain useless changing route. |
1451 |
|
|
*/ |
1452 |
|
|
enabled = (enabled)? 1 : 0; |
1453 |
|
|
was_enabled = (ppp->assigned_ip4_enabled != 0)? 1 : 0; |
1454 |
|
|
if (enabled == was_enabled) |
1455 |
|
|
return; |
1456 |
|
|
|
1457 |
|
|
ppp->assigned_ip4_enabled = enabled; |
1458 |
|
|
if (enabled) { |
1459 |
|
|
if (ppp->username[0] != '\0') { |
1460 |
|
|
if ((u = npppd_get_ppp_by_user(_this, ppp->username)) |
1461 |
|
|
== NULL) { |
1462 |
|
|
if ((u = malloc(sizeof(slist))) == NULL) { |
1463 |
|
|
ppp_log(ppp, LOG_ERR, |
1464 |
|
|
"Out of memory on %s: %m", |
1465 |
|
|
__func__); |
1466 |
|
|
} else { |
1467 |
|
|
slist_init(u); |
1468 |
|
|
slist_set_size(u, 4); |
1469 |
|
|
hash_insert(_this->map_user_ppp, |
1470 |
|
|
ppp->username, u); |
1471 |
|
|
NPPPD_DBG((LOG_DEBUG, |
1472 |
|
|
"hash_insert(user->ppp, %s)", |
1473 |
|
|
ppp->username)); |
1474 |
|
|
} |
1475 |
|
|
} |
1476 |
|
|
if (u != NULL) /* above malloc() may failed */ |
1477 |
|
|
slist_add(u, ppp); |
1478 |
|
|
} |
1479 |
|
|
|
1480 |
|
|
#ifndef NO_ROUTE_FOR_POOLED_ADDRESS |
1481 |
|
|
if (_this->iface[ppp->ifidx].using_pppx == 0) { |
1482 |
|
|
if (ppp->snp.snp_next != NULL) |
1483 |
|
|
/* |
1484 |
|
|
* There is a blackhole route that has same |
1485 |
|
|
* address/mask. |
1486 |
|
|
*/ |
1487 |
|
|
in_route_delete(&ppp->ppp_framed_ip_address, |
1488 |
|
|
&ppp->ppp_framed_ip_netmask, &loop, |
1489 |
|
|
RTF_BLACKHOLE); |
1490 |
|
|
/* See the comment for MRU_IPMTU() on ppp.h */ |
1491 |
|
|
if (ppp->ppp_framed_ip_netmask.s_addr == 0xffffffffL) { |
1492 |
|
|
in_host_route_add(&ppp->ppp_framed_ip_address, |
1493 |
|
|
&ppp_iface(ppp)->ip4addr, |
1494 |
|
|
ppp_iface(ppp)->ifname, |
1495 |
|
|
MRU_IPMTU(ppp->peer_mru)); |
1496 |
|
|
} else { |
1497 |
|
|
in_route_add(&ppp->ppp_framed_ip_address, |
1498 |
|
|
&ppp->ppp_framed_ip_netmask, |
1499 |
|
|
&ppp_iface(ppp)->ip4addr, |
1500 |
|
|
ppp_iface(ppp)->ifname, 0, |
1501 |
|
|
MRU_IPMTU(ppp->peer_mru)); |
1502 |
|
|
} |
1503 |
|
|
} |
1504 |
|
|
#endif |
1505 |
|
|
} else { |
1506 |
|
|
#ifndef NO_ROUTE_FOR_POOLED_ADDRESS |
1507 |
|
|
if (_this->iface[ppp->ifidx].using_pppx == 0) { |
1508 |
|
|
if (ppp->ppp_framed_ip_netmask.s_addr == 0xffffffffL) { |
1509 |
|
|
in_host_route_delete(&ppp->ppp_framed_ip_address, |
1510 |
|
|
&ppp_iface(ppp)->ip4addr); |
1511 |
|
|
} else { |
1512 |
|
|
in_route_delete(&ppp->ppp_framed_ip_address, |
1513 |
|
|
&ppp->ppp_framed_ip_netmask, |
1514 |
|
|
&ppp_iface(ppp)->ip4addr, 0); |
1515 |
|
|
} |
1516 |
|
|
if (ppp->snp.snp_next != NULL) |
1517 |
|
|
/* |
1518 |
|
|
* There is a blackhole route that has same |
1519 |
|
|
* address/mask. |
1520 |
|
|
*/ |
1521 |
|
|
in_route_add(&ppp->snp.snp_addr, |
1522 |
|
|
&ppp->snp.snp_mask, &loop, LOOPBACK_IFNAME, |
1523 |
|
|
RTF_BLACKHOLE, 0); |
1524 |
|
|
} |
1525 |
|
|
#endif |
1526 |
|
|
if (ppp->username[0] != '\0') { |
1527 |
|
|
hl = hash_lookup(_this->map_user_ppp, ppp->username); |
1528 |
|
|
NPPPD_ASSERT(hl != NULL); |
1529 |
|
|
if (hl == NULL) { |
1530 |
|
|
ppp_log(ppp, LOG_ERR, |
1531 |
|
|
"Unexpected error: cannot find user(%s) " |
1532 |
|
|
"from user database", ppp->username); |
1533 |
|
|
return; |
1534 |
|
|
} |
1535 |
|
|
found = 0; |
1536 |
|
|
u = hl->item; |
1537 |
|
|
for (slist_itr_first(u); slist_itr_has_next(u);) { |
1538 |
|
|
ppp1 = slist_itr_next(u); |
1539 |
|
|
if (ppp1 == ppp) { |
1540 |
|
|
slist_itr_remove(u); |
1541 |
|
|
found++; |
1542 |
|
|
break; |
1543 |
|
|
} |
1544 |
|
|
} |
1545 |
|
|
if (found == 0) { |
1546 |
|
|
ppp_log(ppp, LOG_ERR, |
1547 |
|
|
"Unexpected error: PPP instance is " |
1548 |
|
|
"not found in the user's list."); |
1549 |
|
|
} |
1550 |
|
|
NPPPD_ASSERT(found != 0); |
1551 |
|
|
if (slist_length(u) <= 0) { |
1552 |
|
|
/* The last PPP */ |
1553 |
|
|
NPPPD_DBG((LOG_DEBUG, |
1554 |
|
|
"hash_delete(user->ppp, %s)", |
1555 |
|
|
ppp->username)); |
1556 |
|
|
if (hash_delete(_this->map_user_ppp, |
1557 |
|
|
ppp->username, 0) != 0) { |
1558 |
|
|
ppp_log(ppp, LOG_ERR, |
1559 |
|
|
"Unexpected error: cannot delete " |
1560 |
|
|
"user(%s) from user database", |
1561 |
|
|
ppp->username); |
1562 |
|
|
} |
1563 |
|
|
slist_fini(u); |
1564 |
|
|
free(u); |
1565 |
|
|
} else { |
1566 |
|
|
/* Replace the reference. */ |
1567 |
|
|
ppp1 = slist_get(u, 0); |
1568 |
|
|
hl->key = ppp1->username; |
1569 |
|
|
} |
1570 |
|
|
} |
1571 |
|
|
#ifdef USE_NPPPD_PIPEX |
1572 |
|
|
if (npppd_ppp_pipex_ip_disable(_this, ppp) != 0) |
1573 |
|
|
ppp_log(ppp, LOG_ERR, |
1574 |
|
|
"npppd_ppp_pipex_ip_disable() failed: %m"); |
1575 |
|
|
#endif /* USE_NPPPD_PIPEX */ |
1576 |
|
|
} |
1577 |
|
|
} |
1578 |
|
|
|
1579 |
|
|
/** |
1580 |
|
|
* Assign the IP address. Returning "struct in_addr" is stored IP address |
1581 |
|
|
* in network byte order. |
1582 |
|
|
* @param req_ip4 IP address request to assign. If the address is used |
1583 |
|
|
* already, this function will return fail. |
1584 |
|
|
*/ |
1585 |
|
|
int |
1586 |
|
|
npppd_assign_ip_addr(npppd *_this, npppd_ppp *ppp, uint32_t req_ip4) |
1587 |
|
|
{ |
1588 |
|
|
uint32_t ip4, ip4mask; |
1589 |
|
|
int dyna, rval, fallback_dyna; |
1590 |
|
|
const char *reason = "out of the pool"; |
1591 |
|
|
struct sockaddr_npppd *snp; |
1592 |
|
|
npppd_pool *pool; |
1593 |
|
|
npppd_auth_base *realm; |
1594 |
|
|
|
1595 |
|
|
NPPPD_DBG((LOG_DEBUG, "%s() assigned=%s", __func__, |
1596 |
|
|
(ppp_ip_assigned(ppp))? "true" : "false")); |
1597 |
|
|
if (ppp_ip_assigned(ppp)) |
1598 |
|
|
return 0; |
1599 |
|
|
|
1600 |
|
|
ip4 = INADDR_ANY; |
1601 |
|
|
ip4mask = 0xffffffffL; |
1602 |
|
|
realm = ppp->realm; |
1603 |
|
|
dyna = 0; |
1604 |
|
|
fallback_dyna = 0; |
1605 |
|
|
pool = NULL; |
1606 |
|
|
|
1607 |
|
|
if (ppp->realm_framed_ip_address.s_addr == INADDR_USER_SELECT) { |
1608 |
|
|
if (req_ip4 == INADDR_ANY) |
1609 |
|
|
dyna = 1; |
1610 |
|
|
} else if (ppp->realm_framed_ip_address.s_addr == INADDR_NAS_SELECT) { |
1611 |
|
|
dyna = 1; |
1612 |
|
|
} else { |
1613 |
|
|
NPPPD_ASSERT(realm != NULL); |
1614 |
|
|
fallback_dyna = 1; |
1615 |
|
|
req_ip4 = ntohl(ppp->realm_framed_ip_address.s_addr); |
1616 |
|
|
ip4mask = ntohl(ppp->realm_framed_ip_netmask.s_addr); |
1617 |
|
|
} |
1618 |
|
|
if (!dyna) { |
1619 |
|
|
/* |
1620 |
|
|
* Realm requires the fixed IP address, but the address |
1621 |
|
|
* doesn't belong any address pool. Fallback to dynamic |
1622 |
|
|
* assignment. |
1623 |
|
|
*/ |
1624 |
|
|
pool = ppp_pool(ppp); |
1625 |
|
|
rval = npppd_pool_get_assignability(pool, req_ip4, ip4mask, |
1626 |
|
|
&snp); |
1627 |
|
|
switch (rval) { |
1628 |
|
|
case ADDRESS_OK: |
1629 |
|
|
if (snp->snp_type == SNP_POOL) { |
1630 |
|
|
/* |
1631 |
|
|
* Fixed address pool can be used only if the |
1632 |
|
|
* realm specified to use it. |
1633 |
|
|
*/ |
1634 |
|
|
if (ppp->realm_framed_ip_address |
1635 |
|
|
.s_addr != INADDR_USER_SELECT) |
1636 |
|
|
ip4 = req_ip4; |
1637 |
|
|
break; |
1638 |
|
|
} |
1639 |
|
|
ppp->assign_dynapool = 1; |
1640 |
|
|
ip4 = req_ip4; |
1641 |
|
|
break; |
1642 |
|
|
case ADDRESS_RESERVED: |
1643 |
|
|
reason = "reserved"; |
1644 |
|
|
break; |
1645 |
|
|
case ADDRESS_OUT_OF_POOL: |
1646 |
|
|
reason = "out of the pool"; |
1647 |
|
|
break; |
1648 |
|
|
case ADDRESS_BUSY: |
1649 |
|
|
fallback_dyna = 0; |
1650 |
|
|
reason = "busy"; |
1651 |
|
|
break; |
1652 |
|
|
default: |
1653 |
|
|
case ADDRESS_INVALID: |
1654 |
|
|
fallback_dyna = 0; |
1655 |
|
|
reason = "invalid"; |
1656 |
|
|
break; |
1657 |
|
|
} |
1658 |
|
|
#define IP_4OCT(v) ((0xff000000 & (v)) >> 24), ((0x00ff0000 & (v)) >> 16),\ |
1659 |
|
|
((0x0000ff00 & (v)) >> 8), (0x000000ff & (v)) |
1660 |
|
|
if (ip4 == 0) { |
1661 |
|
|
ppp_log(ppp, LOG_NOTICE, |
1662 |
|
|
"Requested IP address (%d.%d.%d.%d)/%d " |
1663 |
|
|
"is %s", IP_4OCT(req_ip4), |
1664 |
|
|
netmask2prefixlen(htonl(ip4mask)), reason); |
1665 |
|
|
if (fallback_dyna) |
1666 |
|
|
goto dyna_assign; |
1667 |
|
|
return 1; |
1668 |
|
|
} |
1669 |
|
|
ppp->assigned_pool = pool; |
1670 |
|
|
|
1671 |
|
|
ppp->ppp_framed_ip_address.s_addr = htonl(ip4); |
1672 |
|
|
ppp->ppp_framed_ip_netmask.s_addr = htonl(ip4mask); |
1673 |
|
|
ppp->acct_framed_ip_address = ppp->ppp_framed_ip_address; |
1674 |
|
|
} else { |
1675 |
|
|
dyna_assign: |
1676 |
|
|
pool = ppp_pool(ppp); |
1677 |
|
|
ip4 = npppd_pool_get_dynamic(pool, ppp); |
1678 |
|
|
if (ip4 == 0) { |
1679 |
|
|
ppp_log(ppp, LOG_NOTICE, |
1680 |
|
|
"No free address in the pool."); |
1681 |
|
|
return 1; |
1682 |
|
|
} |
1683 |
|
|
ppp->assigned_pool = pool; |
1684 |
|
|
ppp->assign_dynapool = 1; |
1685 |
|
|
ppp->ppp_framed_ip_address.s_addr = htonl(ip4); |
1686 |
|
|
ppp->ppp_framed_ip_netmask.s_addr = htonl(0xffffffffL); |
1687 |
|
|
ppp->acct_framed_ip_address = ppp->ppp_framed_ip_address; |
1688 |
|
|
} |
1689 |
|
|
|
1690 |
|
|
return npppd_pool_assign_ip(ppp->assigned_pool, ppp); |
1691 |
|
|
} |
1692 |
|
|
|
1693 |
|
|
static void * |
1694 |
|
|
rtlist_remove(slist *prtlist, struct radish *radish) |
1695 |
|
|
{ |
1696 |
|
|
struct radish *r; |
1697 |
|
|
|
1698 |
|
|
slist_itr_first(prtlist); |
1699 |
|
|
while (slist_itr_has_next(prtlist)) { |
1700 |
|
|
r = slist_itr_next(prtlist); |
1701 |
|
|
if (!sockaddr_npppd_match(radish->rd_route, r->rd_route) || |
1702 |
|
|
!sockaddr_npppd_match(radish->rd_mask, r->rd_mask)) |
1703 |
|
|
continue; |
1704 |
|
|
|
1705 |
|
|
return slist_itr_remove(prtlist); |
1706 |
|
|
} |
1707 |
|
|
|
1708 |
|
|
return NULL; |
1709 |
|
|
} |
1710 |
|
|
|
1711 |
|
|
/** Set {@link ::npppd#rd the only radish of npppd} */ |
1712 |
|
|
int |
1713 |
|
|
npppd_set_radish(npppd *_this, void *radish_head) |
1714 |
|
|
{ |
1715 |
|
|
int rval, delppp0, count; |
1716 |
|
|
struct sockaddr_npppd *snp; |
1717 |
|
|
struct radish *radish, *r; |
1718 |
|
|
slist rtlist0, rtlist1, delppp; |
1719 |
|
|
npppd_ppp *ppp; |
1720 |
|
|
void *dummy; |
1721 |
|
|
|
1722 |
|
|
slist_init(&rtlist0); |
1723 |
|
|
slist_init(&rtlist1); |
1724 |
|
|
slist_init(&delppp); |
1725 |
|
|
|
1726 |
|
|
if (radish_head != NULL) { |
1727 |
|
|
if (rd2slist(radish_head, &rtlist1) != 0) { |
1728 |
|
|
log_printf(LOG_WARNING, "rd2slist failed: %m"); |
1729 |
|
|
goto fail; |
1730 |
|
|
} |
1731 |
|
|
} |
1732 |
|
|
if (_this->rd != NULL) { |
1733 |
|
|
if (rd2slist(_this->rd, &rtlist0) != 0) { |
1734 |
|
|
log_printf(LOG_WARNING, "rd2slist failed: %m"); |
1735 |
|
|
goto fail; |
1736 |
|
|
} |
1737 |
|
|
} |
1738 |
|
|
if (_this->rd != NULL && radish_head != NULL) { |
1739 |
|
|
for (slist_itr_first(&rtlist0); slist_itr_has_next(&rtlist0);) { |
1740 |
|
|
radish = slist_itr_next(&rtlist0); |
1741 |
|
|
snp = radish->rd_rtent; |
1742 |
|
|
/* |
1743 |
|
|
* replace the pool address |
1744 |
|
|
*/ |
1745 |
|
|
if (snp->snp_type == SNP_POOL || |
1746 |
|
|
snp->snp_type == SNP_DYN_POOL) { |
1747 |
|
|
if (rd_lookup(radish->rd_route, radish->rd_mask, |
1748 |
|
|
radish_head) == NULL) |
1749 |
|
|
continue; |
1750 |
|
|
/* don't add */ |
1751 |
|
|
rtlist_remove(&rtlist1, radish); |
1752 |
|
|
/* don't delete */ |
1753 |
|
|
slist_itr_remove(&rtlist0); |
1754 |
|
|
continue; |
1755 |
|
|
} |
1756 |
|
|
/* |
1757 |
|
|
* handle the active PPP sessions. |
1758 |
|
|
*/ |
1759 |
|
|
NPPPD_ASSERT(snp->snp_type == SNP_PPP); |
1760 |
|
|
ppp = snp->snp_data_ptr; |
1761 |
|
|
|
1762 |
|
|
/* Don't delete the route of active PPP session */ |
1763 |
|
|
slist_itr_remove(&rtlist0); |
1764 |
|
|
|
1765 |
|
|
/* clear informations about old pool configuration */ |
1766 |
|
|
snp->snp_next = NULL; |
1767 |
|
|
|
1768 |
|
|
delppp0 = 0; |
1769 |
|
|
if (!rd_match((struct sockaddr *)snp, radish_head, &r)){ |
1770 |
|
|
/* |
1771 |
|
|
* If the address doesn't belong the new pools, |
1772 |
|
|
* add the PPP session to the deletion list. |
1773 |
|
|
*/ |
1774 |
|
|
slist_add(&delppp, snp->snp_data_ptr); |
1775 |
|
|
delppp0 = 1; |
1776 |
|
|
} else { |
1777 |
|
|
NPPPD_ASSERT( |
1778 |
|
|
((struct sockaddr_npppd *)r->rd_rtent) |
1779 |
|
|
->snp_type == SNP_POOL || |
1780 |
|
|
((struct sockaddr_npppd *)r->rd_rtent) |
1781 |
|
|
->snp_type == SNP_DYN_POOL); |
1782 |
|
|
/* |
1783 |
|
|
* If there is a pool entry that has same |
1784 |
|
|
* address/mask, then make the RADISH entry a |
1785 |
|
|
* list. Set SNP_PPP as the first in the list, |
1786 |
|
|
* set current entry in snp->snp_next and |
1787 |
|
|
* delete it. |
1788 |
|
|
*/ |
1789 |
|
|
if (sockaddr_npppd_match( |
1790 |
|
|
radish->rd_route, r->rd_route) && |
1791 |
|
|
sockaddr_npppd_match( |
1792 |
|
|
radish->rd_mask, r->rd_mask)) { |
1793 |
|
|
/* |
1794 |
|
|
* Releasing it, so remove it from the |
1795 |
|
|
* new routing list. |
1796 |
|
|
*/ |
1797 |
|
|
rtlist_remove(&rtlist1, radish); |
1798 |
|
|
/* set as snp_snp_next */ |
1799 |
|
|
snp->snp_next = r->rd_rtent; |
1800 |
|
|
rval = rd_delete(r->rd_route, |
1801 |
|
|
r->rd_mask, radish_head, &dummy); |
1802 |
|
|
NPPPD_ASSERT(rval == 0); |
1803 |
|
|
} |
1804 |
|
|
} |
1805 |
|
|
/* Register to the new radish */ |
1806 |
|
|
rval = rd_insert(radish->rd_route, radish->rd_mask, |
1807 |
|
|
radish_head, snp); |
1808 |
|
|
if (rval != 0) { |
1809 |
|
|
errno = rval; |
1810 |
|
|
ppp_log(((npppd_ppp *)snp->snp_data_ptr), |
1811 |
|
|
LOG_ERR, |
1812 |
|
|
"Fatal error on %s, cannot continue " |
1813 |
|
|
"this ppp session: %m", __func__); |
1814 |
|
|
if (!delppp0) |
1815 |
|
|
slist_add(&delppp, snp->snp_data_ptr); |
1816 |
|
|
} |
1817 |
|
|
} |
1818 |
|
|
} |
1819 |
|
|
count = 0; |
1820 |
|
|
#ifndef NO_ROUTE_FOR_POOLED_ADDRESS |
1821 |
|
|
if (_this->iface[0].using_pppx == 0) { |
1822 |
|
|
for (slist_itr_first(&rtlist0); slist_itr_has_next(&rtlist0);) { |
1823 |
|
|
radish = slist_itr_next(&rtlist0); |
1824 |
|
|
in_route_delete(&SIN(radish->rd_route)->sin_addr, |
1825 |
|
|
&SIN(radish->rd_mask)->sin_addr, &loop, |
1826 |
|
|
RTF_BLACKHOLE); |
1827 |
|
|
count++; |
1828 |
|
|
} |
1829 |
|
|
if (count > 0) |
1830 |
|
|
log_printf(LOG_INFO, |
1831 |
|
|
"Deleted %d routes for old pool addresses", count); |
1832 |
|
|
|
1833 |
|
|
count = 0; |
1834 |
|
|
for (slist_itr_first(&rtlist1); slist_itr_has_next(&rtlist1);) { |
1835 |
|
|
radish = slist_itr_next(&rtlist1); |
1836 |
|
|
in_route_add(&(SIN(radish->rd_route)->sin_addr), |
1837 |
|
|
&SIN(radish->rd_mask)->sin_addr, &loop, |
1838 |
|
|
LOOPBACK_IFNAME, RTF_BLACKHOLE, 0); |
1839 |
|
|
count++; |
1840 |
|
|
} |
1841 |
|
|
if (count > 0) |
1842 |
|
|
log_printf(LOG_INFO, |
1843 |
|
|
"Added %d routes for new pool addresses", |
1844 |
|
|
count); |
1845 |
|
|
} |
1846 |
|
|
#endif |
1847 |
|
|
slist_fini(&rtlist0); |
1848 |
|
|
slist_fini(&rtlist1); |
1849 |
|
|
|
1850 |
|
|
if (_this->rd != NULL) { |
1851 |
|
|
npppd_rd_walktree_delete(_this->rd); |
1852 |
|
|
_this->rd = NULL; |
1853 |
|
|
} |
1854 |
|
|
if (radish_head == NULL) |
1855 |
|
|
npppd_get_all_users(_this, &delppp); |
1856 |
|
|
_this->rd = radish_head; |
1857 |
|
|
|
1858 |
|
|
for (slist_itr_first(&delppp); slist_itr_has_next(&delppp);) { |
1859 |
|
|
ppp = slist_itr_next(&delppp); |
1860 |
|
|
ppp_log(ppp, LOG_NOTICE, |
1861 |
|
|
"stop. IP address of this ppp is out of the pool.: %s", |
1862 |
|
|
inet_ntoa(ppp->ppp_framed_ip_address)); |
1863 |
|
|
ppp_stop(ppp, NULL); |
1864 |
|
|
} |
1865 |
|
|
slist_fini(&delppp); |
1866 |
|
|
|
1867 |
|
|
return 0; |
1868 |
|
|
fail: |
1869 |
|
|
slist_fini(&rtlist0); |
1870 |
|
|
slist_fini(&rtlist1); |
1871 |
|
|
slist_fini(&delppp); |
1872 |
|
|
|
1873 |
|
|
return 1; |
1874 |
|
|
} |
1875 |
|
|
|
1876 |
|
|
/** |
1877 |
|
|
* This function stores all users to {@link slist} and returns them. |
1878 |
|
|
* References to {@link ::npppd_ppp} will be stored in users. |
1879 |
|
|
*/ |
1880 |
|
|
static int |
1881 |
|
|
npppd_get_all_users(npppd *_this, slist *users) |
1882 |
|
|
{ |
1883 |
|
|
int rval; |
1884 |
|
|
struct radish *rd; |
1885 |
|
|
struct sockaddr_npppd *snp; |
1886 |
|
|
slist list; |
1887 |
|
|
|
1888 |
|
|
NPPPD_ASSERT(_this != NULL); |
1889 |
|
|
|
1890 |
|
|
slist_init(&list); |
1891 |
|
|
if (_this->rd == NULL) |
1892 |
|
|
return 0; |
1893 |
|
|
rval = rd2slist(_this->rd, &list); |
1894 |
|
|
if (rval != 0) |
1895 |
|
|
return rval; |
1896 |
|
|
|
1897 |
|
|
for (slist_itr_first(&list); slist_itr_has_next(&list);) { |
1898 |
|
|
rd = slist_itr_next(&list); |
1899 |
|
|
snp = rd->rd_rtent; |
1900 |
|
|
if (snp->snp_type == SNP_PPP) { |
1901 |
|
|
if (slist_add(users, snp->snp_data_ptr) == NULL) { |
1902 |
|
|
log_printf(LOG_ERR, |
1903 |
|
|
"slist_add() failed in %s: %m", __func__); |
1904 |
|
|
goto fail; |
1905 |
|
|
} |
1906 |
|
|
} |
1907 |
|
|
} |
1908 |
|
|
slist_fini(&list); |
1909 |
|
|
|
1910 |
|
|
return 0; |
1911 |
|
|
fail: |
1912 |
|
|
slist_fini(&list); |
1913 |
|
|
|
1914 |
|
|
return 1; |
1915 |
|
|
} |
1916 |
|
|
|
1917 |
|
|
static int |
1918 |
|
|
rd2slist_walk(struct radish *rd, void *list0) |
1919 |
|
|
{ |
1920 |
|
|
slist *list = list0; |
1921 |
|
|
void *r; |
1922 |
|
|
|
1923 |
|
|
r = slist_add(list, rd); |
1924 |
|
|
if (r == NULL) |
1925 |
|
|
return -1; |
1926 |
|
|
return 0; |
1927 |
|
|
} |
1928 |
|
|
static int |
1929 |
|
|
rd2slist(struct radish_head *h, slist *list) |
1930 |
|
|
{ |
1931 |
|
|
return rd_walktree(h, rd2slist_walk, list); |
1932 |
|
|
} |
1933 |
|
|
|
1934 |
|
|
static void |
1935 |
|
|
npppd_reload0(npppd *_this) |
1936 |
|
|
{ |
1937 |
|
|
int i; |
1938 |
|
|
|
1939 |
|
|
npppd_reload_config(_this); |
1940 |
|
|
#ifdef USE_NPPPD_ARP |
1941 |
|
|
arp_set_strictintfnetwork(npppd_config_str_equali(_this, "arpd.strictintfnetwork", "true", ARPD_STRICTINTFNETWORK_DEFAULT)); |
1942 |
|
|
if (npppd_config_str_equali(_this, "arpd.enabled", "true", ARPD_DEFAULT) == 1) |
1943 |
|
|
arp_sock_init(); |
1944 |
|
|
else |
1945 |
|
|
arp_sock_fini(); |
1946 |
|
|
#endif |
1947 |
|
|
npppd_modules_reload(_this); |
1948 |
|
|
npppd_ifaces_load_config(_this); |
1949 |
|
|
npppd_update_pool_reference(_this); |
1950 |
|
|
npppd_auth_finalizer_periodic(_this); |
1951 |
|
|
npppd_ipcp_stats_reload(_this); |
1952 |
|
|
|
1953 |
|
|
for (i = 0; i < countof(_this->iface); i++) { |
1954 |
|
|
if (_this->iface[i].initialized != 0 && |
1955 |
|
|
_this->iface[i].started == 0) |
1956 |
|
|
npppd_iface_start(&_this->iface[i]); |
1957 |
|
|
} |
1958 |
|
|
} |
1959 |
|
|
|
1960 |
|
|
static void |
1961 |
|
|
npppd_update_pool_reference(npppd *_this) |
1962 |
|
|
{ |
1963 |
|
|
int i, j; |
1964 |
|
|
/* update iface to pool reference */ |
1965 |
|
|
for (i = 0; i < countof(_this->iface_pool); i++) { |
1966 |
|
|
_this->iface_pool[i] = NULL; |
1967 |
|
|
if (_this->iface[i].initialized == 0) |
1968 |
|
|
continue; |
1969 |
|
|
if (_this->iface[i].ipcpconf == NULL) |
1970 |
|
|
continue; /* no IPCP for this interface */ |
1971 |
|
|
|
1972 |
|
|
for (j = 0; j < countof(_this->pool); j++) { |
1973 |
|
|
if (_this->pool[j].initialized == 0) |
1974 |
|
|
continue; |
1975 |
|
|
if (strcmp(_this->iface[i].ipcpconf->name, |
1976 |
|
|
_this->pool[j].ipcp_name) == 0) { |
1977 |
|
|
/* found the ipcp that has the pool */ |
1978 |
|
|
_this->iface_pool[i] = &_this->pool[j]; |
1979 |
|
|
break; |
1980 |
|
|
} |
1981 |
|
|
} |
1982 |
|
|
} |
1983 |
|
|
} |
1984 |
|
|
|
1985 |
|
|
/*********************************************************************** |
1986 |
|
|
* Signal handlers |
1987 |
|
|
***********************************************************************/ |
1988 |
|
|
static void |
1989 |
|
|
npppd_on_sighup(int fd, short ev_type, void *ctx) |
1990 |
|
|
{ |
1991 |
|
|
npppd *_this; |
1992 |
|
|
|
1993 |
|
|
_this = ctx; |
1994 |
|
|
#ifndef NO_DELAYED_RELOAD |
1995 |
|
|
if (_this->delayed_reload > 0) |
1996 |
|
|
_this->reloading_count = _this->delayed_reload; |
1997 |
|
|
else |
1998 |
|
|
#endif |
1999 |
|
|
npppd_reload0(_this); |
2000 |
|
|
} |
2001 |
|
|
|
2002 |
|
|
static void |
2003 |
|
|
npppd_on_sigterm(int fd, short ev_type, void *ctx) |
2004 |
|
|
{ |
2005 |
|
|
npppd *_this; |
2006 |
|
|
|
2007 |
|
|
_this = ctx; |
2008 |
|
|
npppd_stop(_this); |
2009 |
|
|
} |
2010 |
|
|
|
2011 |
|
|
static void |
2012 |
|
|
npppd_on_sigint(int fd, short ev_type, void *ctx) |
2013 |
|
|
{ |
2014 |
|
|
npppd *_this; |
2015 |
|
|
|
2016 |
|
|
_this = ctx; |
2017 |
|
|
npppd_stop(_this); |
2018 |
|
|
} |
2019 |
|
|
|
2020 |
|
|
static void |
2021 |
|
|
npppd_on_sigchld(int fd, short ev_type, void *ctx) |
2022 |
|
|
{ |
2023 |
|
|
int status; |
2024 |
|
|
pid_t wpid; |
2025 |
|
|
npppd *_this; |
2026 |
|
|
|
2027 |
|
|
_this = ctx; |
2028 |
|
|
wpid = privsep_priv_pid(); |
2029 |
|
|
if (wait4(wpid, &status, WNOHANG, NULL) == wpid) { |
2030 |
|
|
if (WIFSIGNALED(status)) |
2031 |
|
|
log_printf(LOG_WARNING, |
2032 |
|
|
"privileged process exits abnormaly. signal=%d", |
2033 |
|
|
WTERMSIG(status)); |
2034 |
|
|
else |
2035 |
|
|
log_printf(LOG_WARNING, |
2036 |
|
|
"privileged process exits abnormaly. status=%d", |
2037 |
|
|
WEXITSTATUS(status)); |
2038 |
|
|
_this->stop_by_error = 1; |
2039 |
|
|
npppd_stop(_this); |
2040 |
|
|
} |
2041 |
|
|
} |
2042 |
|
|
/*********************************************************************** |
2043 |
|
|
* Miscellaneous functions |
2044 |
|
|
***********************************************************************/ |
2045 |
|
|
static uint32_t |
2046 |
|
|
str_hash(const void *ptr, int sz) |
2047 |
|
|
{ |
2048 |
|
|
uint32_t hash = 0; |
2049 |
|
|
int i, len; |
2050 |
|
|
const char *str; |
2051 |
|
|
|
2052 |
|
|
str = ptr; |
2053 |
|
|
len = strlen(str); |
2054 |
|
|
for (i = 0; i < len; i++) |
2055 |
|
|
hash = hash*0x1F + str[i]; |
2056 |
|
|
hash = (hash << 16) ^ (hash & 0xffff); |
2057 |
|
|
|
2058 |
|
|
return hash % sz; |
2059 |
|
|
} |
2060 |
|
|
|
2061 |
|
|
/** |
2062 |
|
|
* Select a authentication realm that is for given {@link ::npppd_ppp PPP}. |
2063 |
|
|
* Return 0 on success. |
2064 |
|
|
*/ |
2065 |
|
|
int |
2066 |
|
|
npppd_ppp_bind_realm(npppd *_this, npppd_ppp *ppp, const char *username, int |
2067 |
|
|
eap_required) |
2068 |
|
|
{ |
2069 |
|
|
struct confbind *bind; |
2070 |
|
|
npppd_auth_base *realm = NULL, *realm0 = NULL, *realm1 = NULL; |
2071 |
|
|
char buf1[MAX_USERNAME_LENGTH]; |
2072 |
|
|
int lsuffix, lusername, lmax; |
2073 |
|
|
|
2074 |
|
|
NPPPD_ASSERT(_this != NULL); |
2075 |
|
|
NPPPD_ASSERT(ppp != NULL); |
2076 |
|
|
NPPPD_ASSERT(username != NULL); |
2077 |
|
|
|
2078 |
|
|
/* |
2079 |
|
|
* If the PPP suffix is the longest, and the length of the suffix is |
2080 |
|
|
* same, select the first one. |
2081 |
|
|
*/ |
2082 |
|
|
lusername = strlen(username); |
2083 |
|
|
lmax = -1; |
2084 |
|
|
realm = NULL; |
2085 |
|
|
|
2086 |
|
|
TAILQ_FOREACH(bind, &_this->conf.confbinds, entry) { |
2087 |
|
|
if (strcmp(bind->tunnconf->name, ppp->phy_label) != 0) |
2088 |
|
|
continue; |
2089 |
|
|
|
2090 |
|
|
realm0 = NULL; |
2091 |
|
|
slist_itr_first(&_this->realms); |
2092 |
|
|
while (slist_itr_has_next(&_this->realms)) { |
2093 |
|
|
realm1 = slist_itr_next(&_this->realms); |
2094 |
|
|
if (!npppd_auth_is_usable(realm1)) |
2095 |
|
|
continue; |
2096 |
|
|
if (eap_required && !npppd_auth_is_eap_capable(realm1)) |
2097 |
|
|
continue; |
2098 |
|
|
if (strcmp(npppd_auth_get_name(realm1), |
2099 |
|
|
bind->authconf->name) == 0) { |
2100 |
|
|
realm0 = realm1; |
2101 |
|
|
break; |
2102 |
|
|
} |
2103 |
|
|
} |
2104 |
|
|
if (realm0 == NULL) |
2105 |
|
|
continue; |
2106 |
|
|
|
2107 |
|
|
lsuffix = strlen(npppd_auth_get_suffix(realm0)); |
2108 |
|
|
if (lsuffix > lmax && |
2109 |
|
|
(lsuffix == 0 || |
2110 |
|
|
(lsuffix < lusername && strcmp(username + lusername |
2111 |
|
|
- lsuffix, npppd_auth_get_suffix(realm0)) |
2112 |
|
|
== 0))) { |
2113 |
|
|
lmax = lsuffix; |
2114 |
|
|
realm = realm0; |
2115 |
|
|
} |
2116 |
|
|
} |
2117 |
|
|
|
2118 |
|
|
if (realm == NULL) { |
2119 |
|
|
log_printf(LOG_INFO, "user='%s' could not bind any realms", |
2120 |
|
|
username); |
2121 |
|
|
return 1; |
2122 |
|
|
} |
2123 |
|
|
NPPPD_DBG((LOG_DEBUG, "bind realm %s", npppd_auth_get_name(realm))); |
2124 |
|
|
|
2125 |
|
|
if (npppd_auth_get_type(realm) == NPPPD_AUTH_TYPE_LOCAL) |
2126 |
|
|
/* hook the auto reload */ |
2127 |
|
|
npppd_auth_get_user_password(realm, |
2128 |
|
|
npppd_auth_username_for_auth(realm1, username, buf1), NULL, |
2129 |
|
|
NULL); |
2130 |
|
|
ppp->realm = realm; |
2131 |
|
|
|
2132 |
|
|
return 0; |
2133 |
|
|
} |
2134 |
|
|
|
2135 |
|
|
/** Is assigned realm a LOCAL authentication? */ |
2136 |
|
|
int |
2137 |
|
|
npppd_ppp_is_realm_local(npppd *_this, npppd_ppp *ppp) |
2138 |
|
|
{ |
2139 |
|
|
NPPPD_ASSERT(_this != NULL); |
2140 |
|
|
NPPPD_ASSERT(ppp != NULL); |
2141 |
|
|
|
2142 |
|
|
if (ppp->realm == NULL) |
2143 |
|
|
return 0; |
2144 |
|
|
|
2145 |
|
|
return (npppd_auth_get_type(ppp->realm) == NPPPD_AUTH_TYPE_LOCAL) |
2146 |
|
|
? 1 : 0; |
2147 |
|
|
} |
2148 |
|
|
|
2149 |
|
|
/** Is assigned realm a RADIUS authentication? */ |
2150 |
|
|
int |
2151 |
|
|
npppd_ppp_is_realm_radius(npppd *_this, npppd_ppp *ppp) |
2152 |
|
|
{ |
2153 |
|
|
NPPPD_ASSERT(_this != NULL); |
2154 |
|
|
NPPPD_ASSERT(ppp != NULL); |
2155 |
|
|
|
2156 |
|
|
if (ppp->realm == NULL) |
2157 |
|
|
return 0; |
2158 |
|
|
|
2159 |
|
|
return (npppd_auth_get_type(ppp->realm) == NPPPD_AUTH_TYPE_RADIUS) |
2160 |
|
|
? 1 : 0; |
2161 |
|
|
} |
2162 |
|
|
|
2163 |
|
|
/** Is assigned realm usable? */ |
2164 |
|
|
int |
2165 |
|
|
npppd_ppp_is_realm_ready(npppd *_this, npppd_ppp *ppp) |
2166 |
|
|
{ |
2167 |
|
|
if (ppp->realm == NULL) |
2168 |
|
|
return 0; |
2169 |
|
|
|
2170 |
|
|
return npppd_auth_is_ready(ppp->realm); |
2171 |
|
|
} |
2172 |
|
|
|
2173 |
|
|
/** Return the name of assigned realm */ |
2174 |
|
|
const char * |
2175 |
|
|
npppd_ppp_get_realm_name(npppd *_this, npppd_ppp *ppp) |
2176 |
|
|
{ |
2177 |
|
|
if (ppp->realm == NULL) |
2178 |
|
|
return "(none)"; |
2179 |
|
|
return npppd_auth_get_name(ppp->realm); |
2180 |
|
|
} |
2181 |
|
|
|
2182 |
|
|
/** Return the interface name that bound given {@link ::npppd_ppp PPP} */ |
2183 |
|
|
const char * |
2184 |
|
|
npppd_ppp_get_iface_name(npppd *_this, npppd_ppp *ppp) |
2185 |
|
|
{ |
2186 |
|
|
if (ppp == NULL || ppp->ifidx < 0) |
2187 |
|
|
return "(not binding)"; |
2188 |
|
|
return ppp_iface(ppp)->ifname; |
2189 |
|
|
} |
2190 |
|
|
|
2191 |
|
|
/** Is the interface usable? */ |
2192 |
|
|
int |
2193 |
|
|
npppd_ppp_iface_is_ready(npppd *_this, npppd_ppp *ppp) |
2194 |
|
|
{ |
2195 |
|
|
return (npppd_iface_ip_is_ready(ppp_iface(ppp)) && |
2196 |
|
|
ppp_ipcp(ppp) != NULL)? 1 : 0; |
2197 |
|
|
} |
2198 |
|
|
|
2199 |
|
|
/** Select a suitable interface for {@link :npppd_ppp PPP} and bind them */ |
2200 |
|
|
int |
2201 |
|
|
npppd_ppp_bind_iface(npppd *_this, npppd_ppp *ppp) |
2202 |
|
|
{ |
2203 |
|
|
int i, ifidx; |
2204 |
|
|
struct confbind *bind; |
2205 |
|
|
struct ipcpstat *ipcpstat; |
2206 |
|
|
|
2207 |
|
|
NPPPD_ASSERT(_this != NULL); |
2208 |
|
|
NPPPD_ASSERT(ppp != NULL); |
2209 |
|
|
|
2210 |
|
|
if (ppp->ifidx >= 0) |
2211 |
|
|
return 0; |
2212 |
|
|
|
2213 |
|
|
TAILQ_FOREACH(bind, &_this->conf.confbinds, entry) { |
2214 |
|
|
if (strcmp(bind->tunnconf->name, ppp->phy_label) != 0) |
2215 |
|
|
continue; |
2216 |
|
|
if (ppp->realm == NULL) { |
2217 |
|
|
if (bind->authconf == NULL) |
2218 |
|
|
break; |
2219 |
|
|
} else if (strcmp(bind->authconf->name, |
2220 |
|
|
npppd_auth_get_name(ppp->realm)) == 0) |
2221 |
|
|
break; |
2222 |
|
|
} |
2223 |
|
|
if (bind == NULL) |
2224 |
|
|
return 1; |
2225 |
|
|
|
2226 |
|
|
/* Search a interface */ |
2227 |
|
|
ifidx = -1; |
2228 |
|
|
for (i = 0; i < countof(_this->iface); i++) { |
2229 |
|
|
if (_this->iface[i].initialized == 0) |
2230 |
|
|
continue; |
2231 |
|
|
if (strcmp(_this->iface[i].ifname, bind->iface->name) == 0) |
2232 |
|
|
ifidx = i; |
2233 |
|
|
} |
2234 |
|
|
if (ifidx < 0) |
2235 |
|
|
return 1; |
2236 |
|
|
|
2237 |
|
|
ppp->ifidx = ifidx; |
2238 |
|
|
NPPPD_ASSERT(ppp_ipcp(ppp) != NULL); |
2239 |
|
|
ipcpstat = npppd_get_ipcp_stat(&_this->ipcpstats, ppp_ipcp(ppp)->name); |
2240 |
|
|
if (ipcpstat == NULL) { |
2241 |
|
|
ppp_log(ppp, LOG_WARNING, "Unknown IPCP %s", |
2242 |
|
|
ppp_ipcp(ppp)->name); |
2243 |
|
|
ppp->ifidx = -1; /* unbind inteface */ |
2244 |
|
|
return 1; |
2245 |
|
|
} |
2246 |
|
|
if (ppp_ipcp(ppp)->max_session > 0 && |
2247 |
|
|
ipcpstat->nsession >= ppp_ipcp(ppp)->max_session) { |
2248 |
|
|
ppp_log(ppp, LOG_WARNING, |
2249 |
|
|
"Number of sessions per IPCP reaches out of the limit=%d", |
2250 |
|
|
ppp_ipcp(ppp)->max_session); |
2251 |
|
|
ppp->ifidx = -1; /* unbind inteface */ |
2252 |
|
|
return 1; |
2253 |
|
|
} |
2254 |
|
|
|
2255 |
|
|
if (_this->conf.max_session > 0 && |
2256 |
|
|
_this->nsession >= _this->conf.max_session) { |
2257 |
|
|
ppp_log(ppp, LOG_WARNING, |
2258 |
|
|
"Number of sessions reaches out of the limit=%d", |
2259 |
|
|
_this->conf.max_session); |
2260 |
|
|
ppp->ifidx = -1; /* unbind inteface */ |
2261 |
|
|
return 1; |
2262 |
|
|
} |
2263 |
|
|
_this->nsession++; |
2264 |
|
|
|
2265 |
|
|
LIST_INSERT_HEAD(&ipcpstat->ppp, ppp, ipcpstat_entry); |
2266 |
|
|
ppp->ipcpstat = ipcpstat; |
2267 |
|
|
ipcpstat->nsession++; |
2268 |
|
|
|
2269 |
|
|
return 0; |
2270 |
|
|
} |
2271 |
|
|
|
2272 |
|
|
/** Unbind the interface from the {@link ::npppd_ppp PPP} */ |
2273 |
|
|
void |
2274 |
|
|
npppd_ppp_unbind_iface(npppd *_this, npppd_ppp *ppp) |
2275 |
|
|
{ |
2276 |
|
|
if (ppp->ifidx >= 0) { |
2277 |
|
|
_this->nsession--; |
2278 |
|
|
if (ppp->ipcpstat!= NULL) { |
2279 |
|
|
ppp->ipcpstat->nsession--; |
2280 |
|
|
LIST_REMOVE(ppp, ipcpstat_entry); |
2281 |
|
|
} |
2282 |
|
|
} |
2283 |
|
|
ppp->ifidx = -1; |
2284 |
|
|
} |
2285 |
|
|
|
2286 |
|
|
static int |
2287 |
|
|
npppd_rd_walktree_delete(struct radish_head *rh) |
2288 |
|
|
{ |
2289 |
|
|
void *dummy; |
2290 |
|
|
struct radish *rd; |
2291 |
|
|
slist list; |
2292 |
|
|
|
2293 |
|
|
slist_init(&list); |
2294 |
|
|
if (rd2slist(rh, &list) != 0) |
2295 |
|
|
return 1; |
2296 |
|
|
for (slist_itr_first(&list); slist_itr_has_next(&list);) { |
2297 |
|
|
rd = slist_itr_next(&list); |
2298 |
|
|
rd_delete(rd->rd_route, rd->rd_mask, rh, &dummy); |
2299 |
|
|
} |
2300 |
|
|
slist_fini(&list); |
2301 |
|
|
|
2302 |
|
|
free(rh); |
2303 |
|
|
|
2304 |
|
|
return 0; |
2305 |
|
|
} |
2306 |
|
|
|
2307 |
|
|
#ifdef USE_NPPPD_RADIUS |
2308 |
|
|
/** |
2309 |
|
|
* Return radius_req_setting for the given {@link ::npppd_ppp PPP}. |
2310 |
|
|
* @return return NULL if no usable RADIUS setting. |
2311 |
|
|
*/ |
2312 |
|
|
void * |
2313 |
|
|
npppd_get_radius_auth_setting(npppd *_this, npppd_ppp *ppp) |
2314 |
|
|
{ |
2315 |
|
|
NPPPD_ASSERT(_this != NULL); |
2316 |
|
|
NPPPD_ASSERT(ppp != NULL); |
2317 |
|
|
|
2318 |
|
|
if (ppp->realm == NULL) |
2319 |
|
|
return NULL; |
2320 |
|
|
if (!npppd_ppp_is_realm_radius(_this, ppp)) |
2321 |
|
|
return NULL; |
2322 |
|
|
|
2323 |
|
|
return npppd_auth_radius_get_radius_auth_setting(ppp->realm); |
2324 |
|
|
} |
2325 |
|
|
#endif |
2326 |
|
|
|
2327 |
|
|
/** Finalize authentication realm */ |
2328 |
|
|
static void |
2329 |
|
|
npppd_auth_finalizer_periodic(npppd *_this) |
2330 |
|
|
{ |
2331 |
|
|
int ndisposing = 0, refcnt; |
2332 |
|
|
slist users; |
2333 |
|
|
npppd_auth_base *auth_base; |
2334 |
|
|
npppd_ppp *ppp; |
2335 |
|
|
|
2336 |
|
|
/* |
2337 |
|
|
* For the realms with disposing flag, if the realm has assigned PPPs, |
2338 |
|
|
* disconnect them. If all PPPs are disconnected then free the realm. |
2339 |
|
|
*/ |
2340 |
|
|
NPPPD_DBG((DEBUG_LEVEL_2, "%s() called", __func__)); |
2341 |
|
|
slist_itr_first(&_this->realms); |
2342 |
|
|
while (slist_itr_has_next(&_this->realms)) { |
2343 |
|
|
auth_base = slist_itr_next(&_this->realms); |
2344 |
|
|
if (!npppd_auth_is_disposing(auth_base)) |
2345 |
|
|
continue; |
2346 |
|
|
refcnt = 0; |
2347 |
|
|
if (ndisposing++ == 0) { |
2348 |
|
|
slist_init(&users); |
2349 |
|
|
if (npppd_get_all_users(_this, &users) != 0) { |
2350 |
|
|
log_printf(LOG_WARNING, |
2351 |
|
|
"npppd_get_all_users() failed in %s(): %m", |
2352 |
|
|
__func__); |
2353 |
|
|
break; |
2354 |
|
|
} |
2355 |
|
|
} |
2356 |
|
|
slist_itr_first(&users); |
2357 |
|
|
while (slist_itr_has_next(&users)) { |
2358 |
|
|
ppp = slist_itr_next(&users); |
2359 |
|
|
if (ppp->realm == auth_base) { |
2360 |
|
|
refcnt++; |
2361 |
|
|
ppp_stop(ppp, NULL); |
2362 |
|
|
ppp_log(ppp, LOG_INFO, |
2363 |
|
|
"Stop request by npppd. Binding " |
2364 |
|
|
"authentication realm is disposing. " |
2365 |
|
|
"realm=%s", npppd_auth_get_name(auth_base)); |
2366 |
|
|
slist_itr_remove(&users); |
2367 |
|
|
} |
2368 |
|
|
} |
2369 |
|
|
if (refcnt == 0) { |
2370 |
|
|
npppd_auth_destroy(auth_base); |
2371 |
|
|
slist_itr_remove(&_this->realms); |
2372 |
|
|
} |
2373 |
|
|
} |
2374 |
|
|
if (ndisposing > 0) |
2375 |
|
|
slist_fini(&users); |
2376 |
|
|
} |
2377 |
|
|
|
2378 |
|
|
/** compare sockaddr_npppd. return 0 if matches */ |
2379 |
|
|
int |
2380 |
|
|
sockaddr_npppd_match(void *a0, void *b0) |
2381 |
|
|
{ |
2382 |
|
|
struct sockaddr_npppd *a, *b; |
2383 |
|
|
|
2384 |
|
|
a = a0; |
2385 |
|
|
b = b0; |
2386 |
|
|
|
2387 |
|
|
return (a->snp_addr.s_addr == b->snp_addr.s_addr)? 1 : 0; |
2388 |
|
|
} |
2389 |
|
|
|
2390 |
|
|
/** |
2391 |
|
|
* This function stores the username for authentication to the space specified |
2392 |
|
|
* by username_buffer and returns it. username_buffer must have space more |
2393 |
|
|
* than MAX_USERNAME_LENGTH. |
2394 |
|
|
*/ |
2395 |
|
|
const char * |
2396 |
|
|
npppd_ppp_get_username_for_auth(npppd *_this, npppd_ppp *ppp, |
2397 |
|
|
const char *username, char *username_buffer) |
2398 |
|
|
{ |
2399 |
|
|
NPPPD_ASSERT(_this != NULL); |
2400 |
|
|
NPPPD_ASSERT(ppp != NULL); |
2401 |
|
|
NPPPD_ASSERT(ppp->realm != NULL); |
2402 |
|
|
|
2403 |
|
|
return npppd_auth_username_for_auth(ppp->realm, username, |
2404 |
|
|
username_buffer); |
2405 |
|
|
} |
2406 |
|
|
|
2407 |
|
|
const char * |
2408 |
|
|
npppd_tunnel_protocol_name(int tunn_protocol) |
2409 |
|
|
{ |
2410 |
|
|
switch (tunn_protocol) { |
2411 |
|
|
case NPPPD_TUNNEL_NONE: |
2412 |
|
|
return "None"; |
2413 |
|
|
case NPPPD_TUNNEL_L2TP: |
2414 |
|
|
return "L2TP"; |
2415 |
|
|
case NPPPD_TUNNEL_PPTP: |
2416 |
|
|
return "PPTP"; |
2417 |
|
|
case NPPPD_TUNNEL_PPPOE: |
2418 |
|
|
return "PPPoE"; |
2419 |
|
|
case NPPPD_TUNNEL_SSTP: |
2420 |
|
|
return "SSTP"; |
2421 |
|
|
} |
2422 |
|
|
|
2423 |
|
|
return "Error"; |
2424 |
|
|
} |
2425 |
|
|
|
2426 |
|
|
const char * |
2427 |
|
|
npppd_ppp_tunnel_protocol_name(npppd *_this, npppd_ppp *ppp) |
2428 |
|
|
{ |
2429 |
|
|
return npppd_tunnel_protocol_name(ppp->tunnel_type); |
2430 |
|
|
} |
2431 |
|
|
|
2432 |
|
|
struct tunnconf * |
2433 |
|
|
npppd_get_tunnconf(npppd *_this, const char *name) |
2434 |
|
|
{ |
2435 |
|
|
struct tunnconf *conf; |
2436 |
|
|
|
2437 |
|
|
TAILQ_FOREACH(conf, &_this->conf.tunnconfs, entry) { |
2438 |
|
|
if (strcmp(conf->name, name) == 0) |
2439 |
|
|
return conf; |
2440 |
|
|
} |
2441 |
|
|
|
2442 |
|
|
return NULL; |
2443 |
|
|
} |
2444 |
|
|
|
2445 |
|
|
void |
2446 |
|
|
npppd_on_ppp_start(npppd *_this, npppd_ppp *ppp) |
2447 |
|
|
{ |
2448 |
|
|
struct ctl_conn *c; |
2449 |
|
|
|
2450 |
|
|
TAILQ_FOREACH(c, &ctl_conns, entry) { |
2451 |
|
|
if (npppd_ctl_add_started_ppp_id(c->ctx, ppp->id) == 0) { |
2452 |
|
|
npppd_ctl_imsg_compose(c->ctx, &c->iev.ibuf); |
2453 |
|
|
imsg_event_add(&c->iev); |
2454 |
|
|
} |
2455 |
|
|
} |
2456 |
|
|
} |
2457 |
|
|
|
2458 |
|
|
void |
2459 |
|
|
npppd_on_ppp_stop(npppd *_this, npppd_ppp *ppp) |
2460 |
|
|
{ |
2461 |
|
|
struct ctl_conn *c; |
2462 |
|
|
|
2463 |
|
|
TAILQ_FOREACH(c, &ctl_conns, entry) { |
2464 |
|
|
if (npppd_ctl_add_stopped_ppp(c->ctx, ppp) == 0) { |
2465 |
|
|
npppd_ctl_imsg_compose(c->ctx, &c->iev.ibuf); |
2466 |
|
|
imsg_event_add(&c->iev); |
2467 |
|
|
} |
2468 |
|
|
} |
2469 |
|
|
} |
2470 |
|
|
|
2471 |
|
|
void |
2472 |
|
|
imsg_event_add(struct imsgev *iev) |
2473 |
|
|
{ |
2474 |
|
|
iev->events = EV_READ; |
2475 |
|
|
if (iev->ibuf.w.queued) |
2476 |
|
|
iev->events |= EV_WRITE; |
2477 |
|
|
|
2478 |
|
|
event_del(&iev->ev); |
2479 |
|
|
event_set(&iev->ev, iev->ibuf.fd, iev->events, iev->handler, iev->data); |
2480 |
|
|
event_add(&iev->ev, NULL); |
2481 |
|
|
} |