pptpmanager.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549
  1. /*
  2. * pptpmanager.c
  3. *
  4. * Manages the PoPToP sessions.
  5. */
  6. #ifdef HAVE_CONFIG_H
  7. #include "config.h"
  8. #endif
  9. #ifdef __linux__
  10. #define _GNU_SOURCE 1 /* broken arpa/inet.h */
  11. #endif
  12. #include "our_syslog.h"
  13. #include <errno.h>
  14. #include <netdb.h>
  15. #include <signal.h>
  16. #include <stdio.h>
  17. #include <string.h>
  18. #include <stdlib.h>
  19. #include <sys/types.h>
  20. #include <sys/socket.h>
  21. #include <netinet/in.h>
  22. #include <arpa/inet.h>
  23. #include <sys/un.h>
  24. #include <sys/wait.h>
  25. #include <unistd.h>
  26. #include <time.h>
  27. #include <sys/time.h>
  28. #include <fcntl.h>
  29. #ifdef VRF
  30. #include <vrf.h>
  31. #endif
  32. #if HAVE_LIBWRAP
  33. /* re-include, just in case HAVE_SYSLOG_H wasn't defined */
  34. #include <syslog.h>
  35. #include <tcpd.h>
  36. int allow_severity = LOG_WARNING;
  37. int deny_severity = LOG_WARNING;
  38. #endif
  39. #ifdef __UCLIBC__
  40. #define socklen_t int
  41. #endif
  42. #include "configfile.h"
  43. #include "defaults.h"
  44. #include "pptpctrl.h"
  45. #include "pptpdefs.h"
  46. #include "pptpmanager.h"
  47. #include "compat.h"
  48. /* command line arg variables */
  49. extern char *ppp_binary;
  50. extern char *pppdoptstr;
  51. extern char *speedstr;
  52. extern char *bindaddr;
  53. extern int pptp_debug;
  54. extern int pptp_noipparam;
  55. extern int pptp_logwtmp;
  56. extern int pptp_delegate;
  57. /* option for timeout on starting ctrl connection */
  58. extern int pptp_stimeout;
  59. extern int pptp_connections;
  60. /* local function prototypes */
  61. static void connectCall(int clientSocket, int clientNumber);
  62. static int createHostSocket(int *hostSocket);
  63. /* this end's call identifier */
  64. uint16_t unique_call_id = 0;
  65. /* slots - begin */
  66. /* data about connection slots */
  67. struct slot {
  68. pid_t pid;
  69. char *local;
  70. char *remote;
  71. } *slots;
  72. /* number of connection slots allocated */
  73. int slot_count;
  74. static void slot_iterate(struct slot *slots, int count, void (*callback) (struct slot *slot))
  75. {
  76. int i;
  77. for(i=0; i<count; i++)
  78. (*callback)(&slots[i]);
  79. }
  80. static void slot_slot_init(struct slot *slot)
  81. {
  82. slot->pid = 0;
  83. slot->local = NULL;
  84. slot->remote = NULL;
  85. }
  86. void slot_init(int count)
  87. {
  88. slot_count = count;
  89. slots = (struct slot *) calloc(slot_count, sizeof(struct slot));
  90. slot_iterate(slots, slot_count, slot_slot_init);
  91. }
  92. static void slot_slot_free(struct slot *slot)
  93. {
  94. slot->pid = 0;
  95. if (slot->local) free(slot->local);
  96. slot->local = NULL;
  97. if (slot->remote) free(slot->remote);
  98. slot->remote = NULL;
  99. }
  100. void slot_free()
  101. {
  102. slot_iterate(slots, slot_count, slot_slot_free);
  103. free(slots);
  104. slots = NULL;
  105. slot_count = 0;
  106. }
  107. void slot_set_local(int i, char *ip)
  108. {
  109. struct slot *slot = &slots[i];
  110. if (slot->local) free(slot->local);
  111. slot->local = strdup(ip);
  112. }
  113. void slot_set_remote(int i, char *ip)
  114. {
  115. struct slot *slot = &slots[i];
  116. if (slot->remote) free(slot->remote);
  117. slot->remote = strdup(ip);
  118. }
  119. void slot_set_pid(int i, pid_t pid)
  120. {
  121. struct slot *slot = &slots[i];
  122. slot->pid = pid;
  123. }
  124. int slot_find_by_pid(pid_t pid)
  125. {
  126. int i;
  127. for(i=0; i<slot_count; i++) {
  128. struct slot *slot = &slots[i];
  129. if (slot->pid == pid) return i;
  130. }
  131. return -1;
  132. }
  133. int slot_find_empty()
  134. {
  135. return slot_find_by_pid(0);
  136. }
  137. char *slot_get_local(int i)
  138. {
  139. struct slot *slot = &slots[i];
  140. return slot->local;
  141. }
  142. char *slot_get_remote(int i)
  143. {
  144. struct slot *slot = &slots[i];
  145. return slot->remote;
  146. }
  147. /* slots - end */
  148. static void sigchld_responder(int sig)
  149. {
  150. int child, status;
  151. while ((child = waitpid(-1, &status, WNOHANG)) > 0) {
  152. if (pptp_delegate) {
  153. if (pptp_debug) syslog(LOG_DEBUG, "MGR: Reaped child %d", child);
  154. } else {
  155. int i;
  156. i = slot_find_by_pid(child);
  157. if (i != -1) {
  158. slot_set_pid(i, 0);
  159. if (pptp_debug) syslog(LOG_DEBUG, "MGR: Reaped child %d", child);
  160. } else {
  161. syslog(LOG_INFO, "MGR: Reaped unknown child %d", child);
  162. }
  163. }
  164. }
  165. }
  166. int pptp_manager(int argc, char **argv)
  167. {
  168. int firstOpen = -1;
  169. int ctrl_pid;
  170. socklen_t addrsize;
  171. int hostSocket;
  172. fd_set connSet;
  173. int rc, sig_fd;
  174. rc = sigpipe_create();
  175. if (rc < 0) {
  176. syslog(LOG_ERR, "MGR: unable to setup sigchld pipe!");
  177. syslog_perror("sigpipe_create");
  178. exit(-1);
  179. }
  180. sigpipe_assign(SIGCHLD);
  181. sigpipe_assign(SIGTERM);
  182. sig_fd = sigpipe_fd();
  183. /* openlog() not required, done in pptpd.c */
  184. syslog(LOG_INFO, "MGR: Manager process started");
  185. if (!pptp_delegate) {
  186. syslog(LOG_INFO, "MGR: Maximum of %d connections available",
  187. pptp_connections);
  188. }
  189. /* Connect the host socket and activate it for listening */
  190. if (createHostSocket(&hostSocket) < 0) {
  191. syslog(LOG_ERR, "MGR: Couldn't create host socket");
  192. syslog_perror("createHostSocket");
  193. exit(-1);
  194. }
  195. while (1) {
  196. int max_fd;
  197. FD_ZERO(&connSet);
  198. if (pptp_delegate) {
  199. FD_SET(hostSocket, &connSet);
  200. } else {
  201. firstOpen = slot_find_empty();
  202. if (firstOpen == -1) {
  203. syslog(LOG_ERR, "MGR: No free connection slots or IPs - no more clients can connect!");
  204. } else {
  205. FD_SET(hostSocket, &connSet);
  206. }
  207. }
  208. max_fd = hostSocket;
  209. FD_SET(sig_fd, &connSet);
  210. if (max_fd < sig_fd) max_fd = sig_fd;
  211. while (1) {
  212. if (select(max_fd + 1, &connSet, NULL, NULL, NULL) != -1) break;
  213. if (errno == EINTR) continue;
  214. syslog(LOG_ERR, "MGR: Error with manager select()!");
  215. syslog_perror("select");
  216. exit(-1);
  217. }
  218. if (FD_ISSET(sig_fd, &connSet)) { /* SIGCHLD */
  219. int signum = sigpipe_read();
  220. if (signum == SIGCHLD)
  221. sigchld_responder(signum);
  222. else if (signum == SIGTERM)
  223. return signum;
  224. }
  225. if (FD_ISSET(hostSocket, &connSet)) { /* A call came! */
  226. int clientSocket;
  227. struct sockaddr_in client_addr;
  228. /* Accept call and launch PPTPCTRL */
  229. addrsize = sizeof(client_addr);
  230. clientSocket = accept(hostSocket, (struct sockaddr *) &client_addr, &addrsize);
  231. #if HAVE_LIBWRAP
  232. if (clientSocket != -1) {
  233. struct request_info r;
  234. request_init(&r, RQ_DAEMON, "pptpd", RQ_FILE, clientSocket, NULL);
  235. fromhost(&r);
  236. if (!hosts_access(&r)) {
  237. /* send a permission denied message? this is a tcp wrapper
  238. * type deny so probably best to just drop it immediately like
  239. * this, as tcp wrappers usually do.
  240. */
  241. close(clientSocket);
  242. /* this would never be file descriptor 0, so use it as a error
  243. * value
  244. */
  245. clientSocket = 0;
  246. }
  247. }
  248. #endif
  249. if (clientSocket == -1) {
  250. /* accept failed, but life goes on... */
  251. syslog(LOG_ERR, "MGR: accept() failed");
  252. syslog_perror("accept");
  253. } else if (clientSocket != 0) {
  254. fd_set rfds;
  255. struct timeval tv;
  256. struct pptp_header ph;
  257. /* TODO: this select below prevents
  258. other connections from being
  259. processed during the wait for the
  260. first data packet from the
  261. client. */
  262. /*
  263. * DOS protection: get a peek at the first packet
  264. * and do some checks on it before we continue.
  265. * A 10 second timeout on the first packet seems reasonable
  266. * to me, if anything looks sus, throw it away.
  267. */
  268. FD_ZERO(&rfds);
  269. FD_SET(clientSocket, &rfds);
  270. tv.tv_sec = pptp_stimeout;
  271. tv.tv_usec = 0;
  272. if (select(clientSocket + 1, &rfds, NULL, NULL, &tv) <= 0) {
  273. syslog(LOG_ERR, "MGR: dropped slow initial connection");
  274. close(clientSocket);
  275. continue;
  276. }
  277. if (recv(clientSocket, &ph, sizeof(ph), MSG_PEEK) !=
  278. sizeof(ph)) {
  279. syslog(LOG_ERR, "MGR: dropped small initial connection");
  280. close(clientSocket);
  281. continue;
  282. }
  283. ph.length = ntohs(ph.length);
  284. ph.pptp_type = ntohs(ph.pptp_type);
  285. ph.magic = ntohl(ph.magic);
  286. ph.ctrl_type = ntohs(ph.ctrl_type);
  287. if (ph.length <= 0 || ph.length > PPTP_MAX_CTRL_PCKT_SIZE) {
  288. syslog(LOG_WARNING, "MGR: initial packet length %d outside "
  289. "(0 - %d)", ph.length, PPTP_MAX_CTRL_PCKT_SIZE);
  290. goto dos_exit;
  291. }
  292. if (ph.magic != PPTP_MAGIC_COOKIE) {
  293. syslog(LOG_WARNING, "MGR: initial packet bad magic");
  294. goto dos_exit;
  295. }
  296. if (ph.pptp_type != PPTP_CTRL_MESSAGE) {
  297. syslog(LOG_WARNING, "MGR: initial packet has bad type");
  298. goto dos_exit;
  299. }
  300. if (ph.ctrl_type != START_CTRL_CONN_RQST) {
  301. syslog(LOG_WARNING, "MGR: initial packet has bad ctrl type "
  302. "0x%x", ph.ctrl_type);
  303. dos_exit:
  304. close(clientSocket);
  305. continue;
  306. }
  307. #ifndef HAVE_FORK
  308. switch (ctrl_pid = vfork()) {
  309. #else
  310. switch (ctrl_pid = fork()) {
  311. #endif
  312. case -1: /* error */
  313. syslog(LOG_ERR, "MGR: fork() failed launching " PPTP_CTRL_BIN);
  314. close(clientSocket);
  315. break;
  316. case 0: /* child */
  317. close(hostSocket);
  318. if (pptp_debug)
  319. syslog(LOG_DEBUG, "MGR: Launching " PPTP_CTRL_BIN " to handle client");
  320. connectCall(clientSocket, !pptp_delegate ? firstOpen : 0);
  321. _exit(1);
  322. /* NORETURN */
  323. default: /* parent */
  324. close(clientSocket);
  325. unique_call_id += MAX_CALLS_PER_TCP_LINK;
  326. if (!pptp_delegate)
  327. slot_set_pid(firstOpen, ctrl_pid);
  328. break;
  329. }
  330. }
  331. } /* FD_ISSET(hostSocket, &connSet) */
  332. } /* while (1) */
  333. } /* pptp_manager() */
  334. /*
  335. * Author: Kevin Thayer
  336. *
  337. * This creates a socket to listen on, sets the max # of pending connections and
  338. * various other options.
  339. *
  340. * Returns the fd of the host socket.
  341. *
  342. * The function return values are:
  343. * 0 for sucessful
  344. * -1 for bad socket creation
  345. * -2 for bad socket options
  346. * -3 for bad bind
  347. * -4 for bad listen
  348. */
  349. static int createHostSocket(int *hostSocket)
  350. {
  351. int opt = 1;
  352. struct sockaddr_in address;
  353. #ifdef HAVE_GETSERVBYNAME
  354. struct servent *serv;
  355. #endif
  356. /* create the master socket and check it worked */
  357. if ((*hostSocket = vrf_socket(vrf, AF_INET, SOCK_STREAM, 0)) <= 0)
  358. return -1;
  359. /* set master socket to allow daemon to be restarted with connections active */
  360. if (setsockopt(*hostSocket, SOL_SOCKET, SO_REUSEADDR,
  361. (char *) &opt, sizeof(opt)) < 0)
  362. return -2;
  363. /* set up socket */
  364. memset(&address, 0, sizeof(address));
  365. address.sin_family = AF_INET;
  366. if(bindaddr)
  367. address.sin_addr.s_addr = inet_addr(bindaddr);
  368. else
  369. address.sin_addr.s_addr = INADDR_ANY;
  370. #ifdef HAVE_GETSERVBYNAME
  371. if ((serv = getservbyname("pptp", "tcp")) != NULL) {
  372. address.sin_port = serv->s_port;
  373. } else
  374. #endif
  375. address.sin_port = htons(PPTP_PORT);
  376. /* bind the socket to the pptp port */
  377. if (bind(*hostSocket, (struct sockaddr *) &address, sizeof(address)) < 0)
  378. return -3;
  379. /* minimal backlog to avoid DoS */
  380. if (listen(*hostSocket, 3) < 0)
  381. return -4;
  382. return 0;
  383. }
  384. /*
  385. * Author: Kevin Thayer
  386. *
  387. * this routine sets up the arguments for the call handler and calls it.
  388. */
  389. static void connectCall(int clientSocket, int clientNumber)
  390. {
  391. #define NUM2ARRAY(array, num) snprintf(array, sizeof(array), "%d", num)
  392. char *ctrl_argv[16]; /* arguments for launching 'pptpctrl' binary */
  393. int pptpctrl_argc = 0; /* count the number of arguments sent to pptpctrl */
  394. /* lame strings to hold passed args. */
  395. char ctrl_debug[2];
  396. char ctrl_noipparam[2];
  397. char pppdoptfile_argv[2];
  398. char speedgiven_argv[2];
  399. extern char **environ;
  400. char callid_argv[16];
  401. /*
  402. * Launch the CTRL manager binary; we send it some information such as
  403. * speed and option file on the command line.
  404. */
  405. ctrl_argv[pptpctrl_argc++] = PPTP_CTRL_BIN " ";
  406. /* Pass socket as stdin */
  407. if (clientSocket != 0) {
  408. dup2(clientSocket, 0);
  409. close(clientSocket);
  410. }
  411. /* get argv set up */
  412. NUM2ARRAY(ctrl_debug, pptp_debug ? 1 : 0);
  413. ctrl_debug[1] = '\0';
  414. ctrl_argv[pptpctrl_argc++] = ctrl_debug;
  415. NUM2ARRAY(ctrl_noipparam, pptp_noipparam ? 1 : 0);
  416. ctrl_noipparam[1] = '\0';
  417. ctrl_argv[pptpctrl_argc++] = ctrl_noipparam;
  418. #ifdef VRF
  419. ctrl_argv[pptpctrl_argc++] = vrf ? vrf : "";
  420. #endif
  421. /* optionfile = TRUE or FALSE; so the CTRL manager knows whether to load a non-standard options file */
  422. NUM2ARRAY(pppdoptfile_argv, pppdoptstr ? 1 : 0);
  423. pppdoptfile_argv[1] = '\0';
  424. ctrl_argv[pptpctrl_argc++] = pppdoptfile_argv;
  425. if (pppdoptstr) {
  426. /* send the option filename so the CTRL manager can launch pppd with this alternate file */
  427. ctrl_argv[pptpctrl_argc++] = pppdoptstr;
  428. }
  429. /* tell the ctrl manager whether we were given a speed */
  430. NUM2ARRAY(speedgiven_argv, speedstr ? 1 : 0);
  431. speedgiven_argv[1] = '\0';
  432. ctrl_argv[pptpctrl_argc++] = speedgiven_argv;
  433. if (speedstr) {
  434. /* send the CTRL manager the speed of the connection so it can fire pppd at that speed */
  435. ctrl_argv[pptpctrl_argc++] = speedstr;
  436. }
  437. if (pptp_delegate) {
  438. /* no local or remote address to specify */
  439. ctrl_argv[pptpctrl_argc++] = "0";
  440. ctrl_argv[pptpctrl_argc++] = "0";
  441. } else {
  442. /* specify local & remote addresses for this call */
  443. ctrl_argv[pptpctrl_argc++] = "1";
  444. ctrl_argv[pptpctrl_argc++] = slot_get_local(clientNumber);
  445. ctrl_argv[pptpctrl_argc++] = "1";
  446. ctrl_argv[pptpctrl_argc++] = slot_get_remote(clientNumber);
  447. }
  448. /* our call id to be included in GRE packets the client
  449. * will send to us */
  450. NUM2ARRAY(callid_argv, unique_call_id);
  451. ctrl_argv[pptpctrl_argc++] = callid_argv;
  452. /* pass path to ppp binary */
  453. ctrl_argv[pptpctrl_argc++] = ppp_binary;
  454. /* pass logwtmp flag */
  455. ctrl_argv[pptpctrl_argc++] = pptp_logwtmp ? "1" : "0";
  456. /* note: update pptpctrl.8 if the argument list format is changed */
  457. /* terminate argv array with a NULL */
  458. ctrl_argv[pptpctrl_argc] = NULL;
  459. pptpctrl_argc++;
  460. /* ok, args are setup: invoke the call handler */
  461. execve(PPTP_CTRL_BIN, ctrl_argv, environ);
  462. syslog(LOG_ERR, "MGR: Failed to exec " PPTP_CTRL_BIN "!");
  463. _exit(1);
  464. }