Fix LAC functionnality
[l2tpns.git] / l2tplac.c
1 /*
2 * Add functionality "LAC" to l2tpns.
3 * Used to forward a ppp session to another "LNS".
4 */
5 #include <errno.h>
6 #include <string.h>
7
8 #include "md5.h"
9 #include "l2tpns.h"
10 #include "util.h"
11
12 #include "l2tplac.h"
13
14 /* sequence diagram: Client <--> LAC <--> LNS1 <--> LNS2
15 *
16 * LCP Negotiation
17 * Client <-------------------> LAC
18 * Challenge (CHAP/PAP)
19 * Client <-------------------> LAC
20 * SCCRQ
21 * LAC --------------------> LNS1 (Tunnel Open)
22 * SCCRP
23 * LAC <-------------------- LNS1 (Tunnel Open)
24 * SCCCN
25 * LAC --------------------> LNS1 (Tunnel Open)
26 * ZLB
27 * LAC <-------------------- LNS1 (Tunnel Open)
28 * ICRQ
29 * LAC --------------------> LNS1 (Session Open)
30 * ICRP
31 * LAC <-------------------- LNS1 (Session Open)
32 * ICCN
33 * LAC --------------------> LNS1 (Session Open)
34 * ZLB
35 * LAC <-------------------- LNS1 (Session Open)
36 * LCP Negotiation
37 * Client <---------------------------------------------> LNS1
38 * Challenge (CHAP/PAP)
39 * Client <---------------------------------------------> LNS1
40 * SCCRQ
41 * LNS1 --------------------> LNS2 (Tunnel Open)
42 * SCCRP
43 * LNS1 <-------------------- LNS2 (Tunnel Open)
44 * SCCCN
45 * LNS1 --------------------> LNS2 (Tunnel Open)
46 * ZLB
47 * LNS1 <-------------------- LNS2 (Tunnel Open)
48 * ICRQ
49 * LNS1 --------------------> LNS2 (Session Open)
50 * ICRP
51 * LNS1 <-------------------- LNS2 (Session Open)
52 * ICCN
53 * LNS1 --------------------> LNS2 (Session Open)
54 * ZLB
55 * LNS1 <-------------------- LNS2 (Session Open)
56 * LCP Negotiation
57 * Client <------------------------------------------------------------------------> LNS2
58 * PAP/CHAP Authentification
59 * Client <------------------------------------------------------------------------> LNS2
60 * DATA (ppp)
61 * Client <------------------------------------------------------------------------> LNS2
62 * */
63
64 typedef struct
65 {
66 uint32_t tunnel_type;
67 uint32_t tunnel_medium_type;
68 in_addr_t tunnel_server_endpoint; /* IP remote LNS */
69 char tunnel_password[64]; /* l2tpsecret remote LNS */
70 char tunnel_assignment_id[256];
71 } tunnelrlnst;
72
73 // Max Radius Tunnels by remote LNS
74 #define MAXTAGTUNNEL 0x20
75 static tunnelrlnst ptunnelrlns[MAXTAGTUNNEL];
76
77 /*
78 * Possible configrlns states
79 * CONFRLNSFREE -> CONFRLNSSET -> CONFRLNSFREE
80 */
81 enum
82 {
83 CONFRLNSFREE = 0, // Not in use
84 CONFRLNSSET, // Config Set
85 CONFRLNSSETBYRADIUS // Config Set
86 };
87
88 // struct remote lns
89 typedef struct
90 {
91 int state; // conf state (tunnelstate enum)
92 in_addr_t ip; // Ip for far end
93 uint16_t port; // port for far end
94 hasht auth; // request authenticator
95 char strmaskuser[MAXUSER];
96 char l2tp_secret[64]; // L2TP shared secret
97 char tunnel_assignment_id[256];
98 }
99 configrlns;
100
101 configrlns *pconfigrlns = NULL;
102
103 // Init data structures
104 void lac_initremotelnsdata()
105 {
106 confrlnsidt i;
107
108 if ( !(pconfigrlns = shared_malloc(sizeof(pconfigrlns[0]) * MAXRLNSTUNNEL)) )
109 {
110 LOG(0, 0, 0, "Error doing malloc for tunnels lac: %s\n", strerror(errno));
111 exit(1);
112 }
113
114 memset(pconfigrlns, 0, sizeof(pconfigrlns[0]) * MAXRLNSTUNNEL);
115
116 // Mark all the conf as free.
117 for (i = 1; i < MAXRLNSTUNNEL; i++)
118 pconfigrlns[i].state = CONFRLNSFREE; // mark it as not filled in.
119
120 config->highest_rlnsid = 0;
121
122 lac_reset_rad_tag_tunnel_ctxt();
123 }
124
125 // Reset Radius TAG tunnel context
126 void lac_reset_rad_tag_tunnel_ctxt()
127 {
128 memset(ptunnelrlns, 0, sizeof(ptunnelrlns[0]) * MAXTAGTUNNEL);
129 }
130
131 // Add tunnel_type radius TAG tunnel to context
132 void lac_set_rad_tag_tunnel_type(uint8_t tag, uint32_t tunnel_type)
133 {
134 if (tag < MAXTAGTUNNEL)
135 ptunnelrlns[tag].tunnel_type = tunnel_type;
136 }
137
138 // Add tunnel_medium_type Radius TAG tunnel to context
139 void lac_set_rad_tag_tunnel_medium_type(uint8_t tag, uint32_t tunnel_medium_type)
140 {
141 if (tag < MAXTAGTUNNEL)
142 ptunnelrlns[tag].tunnel_medium_type = tunnel_medium_type;
143 }
144
145 // Add tunnel_server_endpoint Radius TAG tunnel to context
146 void lac_set_rad_tag_tunnel_serv_endpt(uint8_t tag, char *tunnel_server_endpoint)
147 {
148 if (tag < MAXTAGTUNNEL)
149 {
150 ptunnelrlns[tag].tunnel_server_endpoint = ntohl(inet_addr(tunnel_server_endpoint));
151 }
152 }
153
154 // Add tunnel_password Radius TAG tunnel to context
155 void lac_set_rad_tag_tunnel_password(uint8_t tag, char *tunnel_password)
156 {
157 if ((tag < MAXTAGTUNNEL) && (strlen(tunnel_password) < 64))
158 {
159 strcpy(ptunnelrlns[tag].tunnel_password, tunnel_password);
160 }
161 }
162
163 // Add tunnel_assignment_id Radius TAG tunnel to context
164 void lac_set_rad_tag_tunnel_assignment_id(uint8_t tag, char *tunnel_assignment_id)
165 {
166 if ((tag < MAXTAGTUNNEL) && (strlen(tunnel_assignment_id) < 256))
167 {
168 strcpy(ptunnelrlns[tag].tunnel_assignment_id, tunnel_assignment_id);
169 }
170 }
171
172 // Select a tunnel_assignment_id
173 int lac_rad_select_assignment_id(sessionidt s, char *assignment_id)
174 {
175 int idtag;
176 int nbtagfound = 0;
177 int bufidtag[MAXTAGTUNNEL];
178
179 for (idtag = 0; idtag < MAXTAGTUNNEL; ++idtag)
180 {
181 if (ptunnelrlns[idtag].tunnel_type == 0)
182 continue;
183 else if (ptunnelrlns[idtag].tunnel_type != 3) // 3 == L2TP tunnel type
184 LOG(1, s, session[s].tunnel, "Error, Only L2TP tunnel type supported\n");
185 else if (ptunnelrlns[idtag].tunnel_medium_type != 1)
186 LOG(1, s, session[s].tunnel, "Error, Only IP tunnel medium type supported\n");
187 else if (ptunnelrlns[idtag].tunnel_server_endpoint == 0)
188 LOG(1, s, session[s].tunnel, "Error, Bad IP tunnel server endpoint \n");
189 else if (strlen(ptunnelrlns[idtag].tunnel_assignment_id) > 0)
190 {
191 bufidtag[nbtagfound] = idtag;
192 nbtagfound++;
193 }
194 }
195
196 if (nbtagfound > 0)
197 {
198 // random between 0 and nbtagfound-1
199 idtag = (rand() % nbtagfound);
200
201 if (idtag >= nbtagfound)
202 idtag = 0; //Sanity checks.
203
204 strcpy(assignment_id, ptunnelrlns[bufidtag[idtag]].tunnel_assignment_id);
205 return 1;
206 }
207
208 // Error no tunnel_assignment_id found
209 return 0;
210 }
211
212 // Save the 'radius tag tunnels' context on global configuration
213 void lac_save_rad_tag_tunnels(sessionidt s)
214 {
215 confrlnsidt idrlns;
216 int idtag;
217
218 for (idtag = 0; idtag < MAXTAGTUNNEL; ++idtag)
219 {
220 if (ptunnelrlns[idtag].tunnel_type == 0)
221 continue;
222 else if (ptunnelrlns[idtag].tunnel_type != 3) // 3 == L2TP tunnel type
223 LOG(1, s, session[s].tunnel, "Error, Only L2TP tunnel type supported\n");
224 else if (ptunnelrlns[idtag].tunnel_medium_type != 1)
225 LOG(1, s, session[s].tunnel, "Error, Only IP tunnel medium type supported\n");
226 else if (ptunnelrlns[idtag].tunnel_server_endpoint == 0)
227 LOG(1, s, session[s].tunnel, "Error, Bad IP tunnel server endpoint \n");
228 else if (strlen(ptunnelrlns[idtag].tunnel_assignment_id) <= 0)
229 LOG(1, s, session[s].tunnel, "Error, No tunnel_assignment_id \n");
230 else
231 {
232 for (idrlns = 1; idrlns < MAXRLNSTUNNEL; ++idrlns)
233 {
234 if (pconfigrlns[idrlns].state == CONFRLNSFREE)
235 {
236 pconfigrlns[idrlns].ip = ptunnelrlns[idtag].tunnel_server_endpoint;
237 pconfigrlns[idrlns].port = L2TPPORT; //Default L2TP poart
238 strcpy(pconfigrlns[idrlns].l2tp_secret, ptunnelrlns[idtag].tunnel_password);
239 strcpy(pconfigrlns[idrlns].tunnel_assignment_id, ptunnelrlns[idtag].tunnel_assignment_id);
240
241 config->highest_rlnsid = idrlns;
242
243 pconfigrlns[idrlns].state = CONFRLNSSETBYRADIUS;
244
245 break;
246 }
247 else if (pconfigrlns[idrlns].state == CONFRLNSSETBYRADIUS)
248 {
249 if ( (pconfigrlns[idrlns].ip == ptunnelrlns[idtag].tunnel_server_endpoint) &&
250 (strcmp(pconfigrlns[idrlns].tunnel_assignment_id, ptunnelrlns[idtag].tunnel_assignment_id) == 0) )
251 {
252 // l2tp_secret may be changed
253 strcpy(pconfigrlns[idrlns].l2tp_secret, ptunnelrlns[idtag].tunnel_password);
254 pconfigrlns[idrlns].port = L2TPPORT; //Default L2TP poart
255
256 if (config->highest_rlnsid < idrlns) config->highest_rlnsid = idrlns;
257
258 break;
259 }
260 }
261 }
262
263 if (idrlns >= MAXRLNSTUNNEL)
264 {
265 LOG(0, s, session[s].tunnel, "No more Remote LNS Conf Free\n");
266 return;
267 }
268 }
269 }
270 }
271
272 // Create Remote LNS a Tunnel or Session
273 static int lac_create_tunnelsession(tunnelidt t, sessionidt s, confrlnsidt i_conf, char * puser)
274 {
275 if (t == 0)
276 {
277 if (main_quit == QUIT_SHUTDOWN) return 0;
278
279 // Start Open Tunnel
280 if (!(t = lac_new_tunnel()))
281 {
282 LOG(1, 0, 0, "No more tunnels\n");
283 STAT(tunnel_overflow);
284 return 0;
285 }
286 lac_tunnelclear(t);
287 tunnel[t].ip = pconfigrlns[i_conf].ip;
288 tunnel[t].port = pconfigrlns[i_conf].port;
289 tunnel[t].window = 4; // default window
290 tunnel[t].isremotelns = i_conf;
291 STAT(tunnel_created);
292
293 random_data(pconfigrlns[i_conf].auth, sizeof(pconfigrlns[i_conf].auth));
294
295 LOG(2, 0, t, "Create New tunnel to REMOTE LNS %s for user %s\n", fmtaddr(htonl(tunnel[t].ip), 0), puser);
296 lac_send_SCCRQ(t, pconfigrlns[i_conf].auth, sizeof(pconfigrlns[i_conf].auth));
297 }
298 else if (tunnel[t].state == TUNNELOPEN)
299 {
300 if (main_quit != QUIT_SHUTDOWN)
301 {
302
303 /**********************/
304 /** Open New session **/
305 /**********************/
306 sessionidt new_sess = sessionfree;
307
308 sessionfree = session[new_sess].next;
309 memset(&session[new_sess], 0, sizeof(session[new_sess]));
310
311 if (new_sess > config->cluster_highest_sessionid)
312 config->cluster_highest_sessionid = new_sess;
313
314 session[new_sess].opened = time_now;
315 session[new_sess].tunnel = t;
316 session[new_sess].last_packet = session[s].last_data = time_now;
317
318 session[new_sess].ppp.phase = Establish;
319 session[new_sess].ppp.lcp = Starting;
320 session[s].ppp.phase = Establish;
321
322 LOG(2, 0, t, "Open New session to REMOTE LNS %s for user: %s\n", fmtaddr(htonl(tunnel[t].ip), 0), puser);
323 // Sent ICRQ Incoming-call-request
324 lac_send_ICRQ(t, new_sess);
325
326 // Set session to forward to another LNS
327 session[s].forwardtosession = new_sess;
328 session[new_sess].forwardtosession = s;
329 strncpy(session[s].user, puser, sizeof(session[s].user) - 1);
330 strncpy(session[new_sess].user, puser, sizeof(session[new_sess].user) - 1);
331
332 STAT(session_created);
333 }
334 else
335 {
336 lac_tunnelshutdown(t, "Shutting down", 6, 0, 0);
337 }
338 }
339 else
340 {
341 /** TODO **/
342 LOG(1, 0, t, "(REMOTE LNS) tunnel is not open\n");
343 }
344
345 return 1;
346 }
347 // Check if session must be forwarded to another LNS
348 // return 1 if the session must be forwarded (and Creating a tunnel/session has been started)
349 // else 0.
350 // Note: check from the configuration read on the startup-config (see setforward)
351 int lac_conf_forwardtoremotelns(sessionidt s, char * puser)
352 {
353 tunnelidt t, j;
354 confrlnsidt i;
355
356 for (i = 1; i <= config->highest_rlnsid ; ++i)
357 {
358 if ( (pconfigrlns[i].state == CONFRLNSSET) && (NULL != strstr(puser, pconfigrlns[i].strmaskuser)) )
359 {
360 t = 0;
361 for (j = 0; j <= config->cluster_highest_tunnelid ; ++j)
362 {
363 if ((tunnel[j].isremotelns) &&
364 (tunnel[j].ip == pconfigrlns[i].ip) &&
365 (tunnel[j].port == pconfigrlns[i].port) &&
366 (tunnel[j].state != TUNNELDIE))
367 {
368 t = j;
369 if (tunnel[t].isremotelns != i)
370 {
371 if ( (tunnel[t].state == TUNNELOPEN) || (tunnel[t].state == TUNNELOPENING) )
372 {
373 LOG(1, 0, t, "Tunnel Remote LNS ID inconsistency (IP RLNS:%s)\n",
374 fmtaddr(htonl(pconfigrlns[i].ip), 0));
375
376 tunnel[t].isremotelns = i;
377 }
378 else t = 0;
379 }
380 break;
381 }
382 }
383
384 return lac_create_tunnelsession(t, s, i, puser);
385 }
386 }
387
388 return 0;
389 }
390
391 // return 1 if the session must be forwarded (and Creating a tunnel/session has been started)
392 // else 0.
393 // Note: Started from a radius response
394 int lac_rad_forwardtoremotelns(sessionidt s, char *assignment_id, char * puser)
395 {
396 tunnelidt t, j;
397 confrlnsidt i;
398
399 for (i = 1; i <= config->highest_rlnsid ; ++i)
400 {
401 if ((pconfigrlns[i].state == CONFRLNSSETBYRADIUS) &&
402 (strcmp(pconfigrlns[i].tunnel_assignment_id, assignment_id) == 0))
403 {
404 t = 0;
405 for (j = 1; j <= config->cluster_highest_tunnelid ; ++j)
406 {
407 if ((tunnel[j].isremotelns == i) &&
408 (tunnel[j].ip == pconfigrlns[i].ip) &&
409 (tunnel[j].port == pconfigrlns[i].port) &&
410 (tunnel[j].state != TUNNELDIE))
411 {
412 if ( (tunnel[j].state == TUNNELOPEN) ||
413 (tunnel[j].state == TUNNELOPENING) )
414 {
415 t = j;
416 LOG(3, 0, t, "Tunnel Remote LNS already open(ing) (RLNS IP:%s)\n", fmtaddr(htonl(pconfigrlns[i].ip), 0));
417 break;
418 }
419 }
420 }
421
422 return lac_create_tunnelsession(t, s, i, puser);
423 }
424 }
425
426 return 0;
427 }
428
429 // Calcul the remote LNS auth
430 void lac_calc_rlns_auth(tunnelidt t, uint8_t id, uint8_t *out)
431 {
432 MD5_CTX ctx;
433 confrlnsidt idrlns;
434
435 idrlns = tunnel[t].isremotelns;
436
437 MD5_Init(&ctx);
438 MD5_Update(&ctx, &id, 1);
439 MD5_Update(&ctx, pconfigrlns[idrlns].l2tp_secret, strlen(pconfigrlns[idrlns].l2tp_secret));
440 MD5_Update(&ctx, pconfigrlns[idrlns].auth, 16);
441 MD5_Final(out, &ctx);
442 }
443
444 // Forward session to LAC or Remote LNS
445 int lac_session_forward(uint8_t *buf, int len, sessionidt sess, uint16_t proto)
446 {
447 uint16_t t = 0, s = 0;
448 uint8_t *p = buf + 2; // First word L2TP options
449
450 s = session[sess].forwardtosession;
451 if (session[s].forwardtosession != sess)
452 {
453 LOG(0, sess, session[sess].tunnel, "Link Session (%u) broken\n", s);
454 return 0;
455 }
456
457 t = session[s].tunnel;
458 if (t >= MAXTUNNEL)
459 {
460 LOG(1, s, t, "Session with invalid tunnel ID\n");
461 return 0;
462 }
463
464 if ((!tunnel[t].isremotelns) && (!tunnel[session[sess].tunnel].isremotelns))
465 {
466 LOG(0, sess, session[sess].tunnel, "Link Tunnel Session (%u) broken\n", s);
467 return 0;
468 }
469
470 if (*buf & 0x40)
471 { // length
472 p += 2;
473 }
474
475 *(uint16_t *) p = htons(tunnel[t].far); // tunnel
476 p += 2;
477 *(uint16_t *) p = htons(session[s].far); // session
478 p += 2;
479
480 if (*buf & 0x08)
481 { // ns/nr
482 *(uint16_t *) p = htons(tunnel[t].ns); // sequence
483 p += 2;
484 *(uint16_t *) p = htons(tunnel[t].nr); // sequence
485 p += 2;
486 }
487
488 if ((proto == PPPIP) || (proto == PPPMP) ||(proto == PPPIPV6 && config->ipv6_prefix.s6_addr[0]))
489 {
490 session[sess].last_packet = session[sess].last_data = time_now;
491 // Update STAT IN
492 increment_counter(&session[sess].cin, &session[sess].cin_wrap, len);
493 session[sess].cin_delta += len;
494 session[sess].pin++;
495 sess_local[sess].cin += len;
496 sess_local[sess].pin++;
497
498 session[s].last_data = time_now;
499 // Update STAT OUT
500 increment_counter(&session[s].cout, &session[s].cout_wrap, len); // byte count
501 session[s].cout_delta += len;
502 session[s].pout++;
503 sess_local[s].cout += len;
504 sess_local[s].pout++;
505 }
506 else
507 session[sess].last_packet = time_now;
508
509 tunnelsend(buf, len, t); // send it...
510
511 return 1;
512 }
513
514 // Add new Remote LNS from CLI
515 // return:
516 // 0 = Error
517 // 1 = New Remote LNS conf ADD
518 // 2 = Remote LNS Conf Updated
519 int lac_addremotelns(char *mask, char *IP_RemoteLNS, char *Port_RemoteLNS, char *SecretRemoteLNS)
520 {
521 confrlnsidt idrlns;
522
523 for (idrlns = 1; idrlns < MAXRLNSTUNNEL; ++idrlns)
524 {
525 if (pconfigrlns[idrlns].state == CONFRLNSFREE)
526 {
527 snprintf((char *) pconfigrlns[idrlns].strmaskuser, sizeof(pconfigrlns[idrlns].strmaskuser), "%s", mask);
528 pconfigrlns[idrlns].ip = ntohl(inet_addr(IP_RemoteLNS));
529 pconfigrlns[idrlns].port = atoi(Port_RemoteLNS);
530 snprintf((char *) pconfigrlns[idrlns].l2tp_secret, sizeof(pconfigrlns[idrlns].l2tp_secret), "%s", SecretRemoteLNS);
531
532 config->highest_rlnsid = idrlns;
533
534 pconfigrlns[idrlns].state = CONFRLNSSET;
535
536 return 1;
537 }
538 else if ((pconfigrlns[idrlns].state == CONFRLNSSET) && (strcmp(pconfigrlns[idrlns].strmaskuser, mask) == 0))
539 {
540 if ( (pconfigrlns[idrlns].ip != ntohl(inet_addr(IP_RemoteLNS))) ||
541 (pconfigrlns[idrlns].port != atoi(Port_RemoteLNS)) ||
542 (strcmp(pconfigrlns[idrlns].l2tp_secret, SecretRemoteLNS) != 0) )
543 {
544 memset(&pconfigrlns[idrlns], 0, sizeof(pconfigrlns[idrlns]));
545 snprintf((char *) pconfigrlns[idrlns].strmaskuser, sizeof(pconfigrlns[idrlns].strmaskuser), "%s", mask);
546 pconfigrlns[idrlns].ip = ntohl(inet_addr(IP_RemoteLNS));
547 pconfigrlns[idrlns].port = atoi(Port_RemoteLNS);
548 snprintf((char *) pconfigrlns[idrlns].l2tp_secret, sizeof(pconfigrlns[idrlns].l2tp_secret), "%s", SecretRemoteLNS);
549
550 if (config->highest_rlnsid < idrlns) config->highest_rlnsid = idrlns;
551
552 pconfigrlns[idrlns].state = CONFRLNSSET;
553 // Conf Updated, the tunnel must be dropped
554 return 2;
555 }
556
557 return 1;
558 }
559 }
560
561 LOG(0, 0, 0, "No more Remote LNS Conf Free\n");
562
563 return 0;
564 }
565
566 // Cli Show remote LNS defined
567 int lac_cli_show_remotelns(confrlnsidt idrlns, char *strout)
568 {
569 if (idrlns > config->highest_rlnsid)
570 return 0;
571
572 if (idrlns == 0)
573 // Show Summary
574 sprintf(strout, "%15s %3s %-32s %-32s %11s %7s %10s",
575 "IP Remote LNS",
576 "TID",
577 "l2tp secret",
578 "assignment Id",
579 "File/Radius",
580 "State",
581 "Count Sess");
582 else
583 {
584 tunnelidt t, tfound = 0;
585 sessionidt s;
586 int countsess = 0;
587 char state[20];
588
589 strcpy(state, "Close");
590 for (t = 0; t <= config->cluster_highest_tunnelid ; ++t)
591 {
592 if ((tunnel[t].isremotelns == idrlns) &&
593 (tunnel[t].ip == pconfigrlns[idrlns].ip) &&
594 (tunnel[t].port == pconfigrlns[idrlns].port) &&
595 (tunnel[t].state != TUNNELDIE))
596 {
597 if (tunnel[t].state == TUNNELOPENING)
598 strcpy(state, "Opening");
599 else if (tunnel[t].state == TUNNELOPEN)
600 strcpy(state, "Open");
601
602 for (s = 1; s <= config->cluster_highest_sessionid ; ++s)
603 if (session[s].tunnel == t)
604 countsess++;
605 tfound = t;
606 break;
607 }
608 }
609
610 sprintf(strout, "%15s %3u %-32s %-32s %11s %7s %10u",
611 fmtaddr(htonl(pconfigrlns[idrlns].ip), 0),
612 tfound,
613 pconfigrlns[idrlns].l2tp_secret,
614 pconfigrlns[idrlns].tunnel_assignment_id,
615 (pconfigrlns[idrlns].state == CONFRLNSSET?"File":(pconfigrlns[idrlns].state == CONFRLNSSETBYRADIUS?"Radius":"Free")),
616 state,
617 countsess);
618 }
619
620 return 1;
621 }