X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/89fc6e54f0cc3655244a755b33563e9cd28612dc..e020fbba4d413aada69619e5048f0ae4132611b5:/l2tpns.c?ds=sidebyside

diff --git a/l2tpns.c b/l2tpns.c
index bd255a3..45ed04f 100644
--- a/l2tpns.c
+++ b/l2tpns.c
@@ -4,7 +4,7 @@
 // Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
 // vim: sw=8 ts=8
 
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.110 2005/06/14 03:36:23 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.113 2005/06/28 14:48:20 bodea Exp $";
 
 #include <arpa/inet.h>
 #include <assert.h>
@@ -60,6 +60,7 @@ int tunfd = -1;			// tun interface file handle. (network device)
 int udpfd = -1;			// UDP file handle
 int controlfd = -1;		// Control signal handle
 int clifd = -1;			// Socket listening for CLI connections.
+int daefd = -1;			// Socket listening for DAE connections.
 int snoopfd = -1;		// UDP file handle for sending out intercept data
 int *radfds = NULL;		// RADIUS requests file handles
 int ifrfd = -1;			// File descriptor for routing, etc
@@ -114,6 +115,7 @@ config_descriptt config_values[] = {
 	CONFIG("radius_interim", radius_interim, INT),
 	CONFIG("radius_secret", radiussecret, STRING),
 	CONFIG("radius_authtypes", radius_authtypes_s, STRING),
+	CONFIG("radius_dae_port", radius_dae_port, SHORT),
 	CONFIG("allow_duplicate_users", allow_duplicate_users, BOOL),
 	CONFIG("bind_address", bind_address, IPv4),
 	CONFIG("peer_address", peer_address, IPv4),
@@ -148,6 +150,7 @@ static char *plugin_functions[] = {
 	"plugin_kill_session",
 	"plugin_control",
 	"plugin_radius_response",
+	"plugin_radius_reset",
 	"plugin_become_master",
 	"plugin_new_session_master",
 };
@@ -163,7 +166,7 @@ sessiont *session = NULL;		// Array of session structures.
 sessionlocalt *sess_local = NULL;	// Array of local per-session counters.
 radiust *radius = NULL;			// Array of radius structures.
 ippoolt *ip_address_pool = NULL;	// Array of dynamic IP addresses.
-ip_filtert *ip_filters = NULL;	// Array of named filters.
+ip_filtert *ip_filters = NULL;		// Array of named filters.
 static controlt *controlfree = 0;
 struct Tstats *_statistics = NULL;
 #ifdef RINGBUFFER
@@ -578,7 +581,7 @@ static void inittun(void)
 	}
 }
 
-// set up UDP port
+// set up UDP ports
 static void initudp(void)
 {
 	int on = 1;
@@ -600,7 +603,6 @@ static void initudp(void)
 		LOG(0, 0, 0, "Error in UDP bind: %s\n", strerror(errno));
 		exit(1);
 	}
-	snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
 
 	// Control
 	memset(&addr, 0, sizeof(addr));
@@ -613,6 +615,21 @@ static void initudp(void)
 		LOG(0, 0, 0, "Error in control bind: %s\n", strerror(errno));
 		exit(1);
 	}
+
+	// Dynamic Authorization Extensions to RADIUS
+	memset(&addr, 0, sizeof(addr));
+	addr.sin_family = AF_INET;
+	addr.sin_port = htons(config->radius_dae_port);
+	daefd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+	setsockopt(daefd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
+	if (bind(daefd, (void *) &addr, sizeof(addr)) < 0)
+	{
+		LOG(0, 0, 0, "Error in DAE bind: %s\n", strerror(errno));
+		exit(1);
+	}
+
+	// Intercept
+	snoopfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
 }
 
 //
@@ -1415,7 +1432,7 @@ void throttle_session(sessionidt s, int rate_in, int rate_out)
 }
 
 // add/remove filters from session (-1 = no change)
-static void filter_session(sessionidt s, int filter_in, int filter_out)
+void filter_session(sessionidt s, int filter_in, int filter_out)
 {
 	if (!session[s].opened)
 		return; // No-one home.
@@ -2024,8 +2041,6 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
 						continue;
 					}
 
-					LOG(4, s, t, "Hidden AVP\n");
-
 					// Unhide the AVP
 					unhide_value(b, n, mtype, session[s].random_vector, session[s].random_vector_length);
 
@@ -2046,7 +2061,9 @@ void processudp(uint8_t * buf, int len, struct sockaddr_in *addr)
 					n = orig_len;
 				}
 
-				LOG(4, s, t, "   AVP %d (%s) len %d\n", mtype, avp_name(mtype), n);
+				LOG(4, s, t, "   AVP %d (%s) len %d%s%s\n", mtype, avp_name(mtype), n,
+					flags & 0x40 ? ", hidden" : "", flags & 0x80 ? ", mandatory" : "");
+
 				switch (mtype)
 				{
 				case 0:     // message type
@@ -2717,7 +2734,8 @@ static void regular_cleanups(double period)
 			continue;
 		}
 
-		if (session[s].ip && !(session[s].flags & SF_IPCP_ACKED))
+		if (session[s].ip && !(session[s].flags & SF_IPCP_ACKED)
+		    && !(sess_local[s].radius && radius[sess_local[s].radius].state == RADIUSIPCP))
 		{
 			// IPCP has not completed yet. Resend
 			LOG(3, s, session[s].tunnel, "No ACK for initial IPCP ConfigReq... resending\n");
@@ -2833,7 +2851,8 @@ static void regular_cleanups(double period)
 		    && !sess_local[s].radius // RADIUS already in progress
 		    && time_now - sess_local[s].last_interim >= config->radius_interim)
 		{
-			if (!(r = radiusnew(s)))
+		    	int rad = radiusnew(s);
+			if (!rad)
 			{
 				LOG(1, s, session[s].tunnel, "No free RADIUS sessions for Interim message\n");
 				STAT(radius_overflow);
@@ -2843,7 +2862,7 @@ static void regular_cleanups(double period)
 			LOG(3, s, session[s].tunnel, "Sending RADIUS Interim for %s (%u)\n",
 				session[s].user, session[s].unique_id);
 
-			radiussend(r, RADIUSINTERIM);
+			radiussend(rad, RADIUSINTERIM);
 			sess_local[s].last_interim = time_now;
 			s_actions++;
 		}
@@ -2957,8 +2976,8 @@ static int still_busy(void)
 # include "fake_epoll.h"
 #endif
 
-// the base set of fds polled: control, cli, udp, tun, cluster
-#define BASE_FDS	5
+// the base set of fds polled: cli, cluster, tun, udp, control, dae
+#define BASE_FDS	6
 
 // additional polled fds
 #ifdef BGP
@@ -2982,8 +3001,8 @@ static void mainloop(void)
 		exit(1);
 	}
 
-	LOG(4, 0, 0, "Beginning of main loop.  udpfd=%d, tunfd=%d, cluster_sockfd=%d, controlfd=%d\n",
-		udpfd, tunfd, cluster_sockfd, controlfd);
+	LOG(4, 0, 0, "Beginning of main loop.  clifd=%d, cluster_sockfd=%d, tunfd=%d, udpfd=%d, controlfd=%d, daefd=%d\n",
+		clifd, cluster_sockfd, tunfd, udpfd, controlfd, daefd);
 
 	/* setup our fds to poll for input */
 	{
@@ -2993,25 +3012,29 @@ static void mainloop(void)
 		e.events = EPOLLIN;
 		i = 0;
 
-		d[i].type = FD_TYPE_CONTROL;
-		e.data.ptr = &d[i++];
-		epoll_ctl(epollfd, EPOLL_CTL_ADD, controlfd, &e);
-
 		d[i].type = FD_TYPE_CLI;
 		e.data.ptr = &d[i++];
 		epoll_ctl(epollfd, EPOLL_CTL_ADD, clifd, &e);
 
-		d[i].type = FD_TYPE_UDP;
+		d[i].type = FD_TYPE_CLUSTER;
 		e.data.ptr = &d[i++];
-		epoll_ctl(epollfd, EPOLL_CTL_ADD, udpfd, &e);
+		epoll_ctl(epollfd, EPOLL_CTL_ADD, cluster_sockfd, &e);
 
 		d[i].type = FD_TYPE_TUN;
 		e.data.ptr = &d[i++];
 		epoll_ctl(epollfd, EPOLL_CTL_ADD, tunfd, &e);
 
-		d[i].type = FD_TYPE_CLUSTER;
+		d[i].type = FD_TYPE_UDP;
 		e.data.ptr = &d[i++];
-		epoll_ctl(epollfd, EPOLL_CTL_ADD, cluster_sockfd, &e);
+		epoll_ctl(epollfd, EPOLL_CTL_ADD, udpfd, &e);
+
+		d[i].type = FD_TYPE_CONTROL;
+		e.data.ptr = &d[i++];
+		epoll_ctl(epollfd, EPOLL_CTL_ADD, controlfd, &e);
+
+		d[i].type = FD_TYPE_DAE;
+		e.data.ptr = &d[i++];
+		epoll_ctl(epollfd, EPOLL_CTL_ADD, daefd, &e);
 	}
 
 #ifdef BGP
@@ -3078,12 +3101,6 @@ static void mainloop(void)
 				struct event_data *d = events[i].data.ptr;
 				switch (d->type)
 				{
-				case FD_TYPE_CONTROL: // nsctl commands
-					alen = sizeof(addr);
-					processcontrol(buf, recvfrom(controlfd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr, alen);
-					n--;
-					break;
-
 				case FD_TYPE_CLI: // CLI connections
 				{
 					int cli;
@@ -3102,9 +3119,21 @@ static void mainloop(void)
 				}
 
 				// these are handled below, with multiple interleaved reads
-				case FD_TYPE_UDP:	udp_ready++; break;
-				case FD_TYPE_TUN:	tun_ready++; break;
 				case FD_TYPE_CLUSTER:	cluster_ready++; break;
+				case FD_TYPE_TUN:	tun_ready++; break;
+				case FD_TYPE_UDP:	udp_ready++; break;
+
+				case FD_TYPE_CONTROL: // nsctl commands
+					alen = sizeof(addr);
+					processcontrol(buf, recvfrom(controlfd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr, alen);
+					n--;
+					break;
+
+				case FD_TYPE_DAE: // DAE requests
+					alen = sizeof(addr);
+					processdae(buf, recvfrom(daefd, buf, sizeof(buf), MSG_WAITALL, (void *) &addr, &alen), &addr, alen);
+					n--;
+					break;
 
 				case FD_TYPE_RADIUS: // RADIUS response
 					s = recv(radfds[d->index], buf, sizeof(buf), 0);
@@ -4184,6 +4213,9 @@ static void update_config()
 			strcat(config->radius_authtypes_s, ", pap");
 	}
 
+	if (!config->radius_dae_port)
+		config->radius_dae_port = DAEPORT;
+
 	// re-initialise the random number source
 	initrandom(config->random_device);
 
@@ -5011,11 +5043,11 @@ static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vec
 	uint8_t digest[16];
 	uint8_t *last;
 	size_t d = 0;
+	uint16_t m = htons(type);
 
 	// Compute initial pad
 	MD5Init(&ctx);
-	MD5Update(&ctx, (uint8_t) (type >> 8) & 0xff, 1);
-	MD5Update(&ctx, (uint8_t)  type       & 0xff, 1);
+	MD5Update(&ctx, (unsigned char *) &m, 2);
 	MD5Update(&ctx, config->l2tpsecret, strlen(config->l2tpsecret));
 	MD5Update(&ctx, vector, vec_len);
 	MD5Final(digest, &ctx);
@@ -5042,6 +5074,31 @@ static void unhide_value(uint8_t *value, size_t len, uint16_t type, uint8_t *vec
 	}
 }
 
+int find_filter(char const *name, size_t len)
+{
+	int free = -1;
+	int i;
+
+	for (i = 0; i < MAXFILTER; i++)
+	{
+	    	if (!*ip_filters[i].name)
+		{
+			if (free < 0)
+				free = i;
+
+			continue;
+		}
+
+		if (strlen(ip_filters[i].name) != len)
+			continue;
+
+		if (!strncmp(ip_filters[i].name, name, len))
+			return i;
+	}
+			
+	return free;
+}
+
 static int ip_filter_port(ip_filter_portt *p, uint16_t port)
 {
 	switch (p->op)