123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551 |
- /*
- * pptpmanager.c
- *
- * Manages the PoPToP sessions.
- *
- * $Id: pptpmanager.c,v 1.15 2011/05/19 00:02:50 quozl Exp $
- */
- #ifdef HAVE_CONFIG_H
- #include "config.h"
- #endif
- #ifdef __linux__
- #define _GNU_SOURCE 1 /* broken arpa/inet.h */
- #endif
- #include "our_syslog.h"
- #include <errno.h>
- #include <netdb.h>
- #include <signal.h>
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <sys/un.h>
- #include <sys/wait.h>
- #include <unistd.h>
- #include <time.h>
- #include <sys/time.h>
- #include <fcntl.h>
- #ifdef VRF
- #include <vrf.h>
- #endif
- #if HAVE_LIBWRAP
- /* re-include, just in case HAVE_SYSLOG_H wasn't defined */
- #include <syslog.h>
- #include <tcpd.h>
- int allow_severity = LOG_WARNING;
- int deny_severity = LOG_WARNING;
- #endif
- #ifdef __UCLIBC__
- #define socklen_t int
- #endif
- #include "configfile.h"
- #include "defaults.h"
- #include "pptpctrl.h"
- #include "pptpdefs.h"
- #include "pptpmanager.h"
- #include "compat.h"
- /* command line arg variables */
- extern char *ppp_binary;
- extern char *pppdoptstr;
- extern char *speedstr;
- extern char *bindaddr;
- extern int pptp_debug;
- extern int pptp_noipparam;
- extern int pptp_logwtmp;
- extern int pptp_delegate;
- /* option for timeout on starting ctrl connection */
- extern int pptp_stimeout;
- extern int pptp_connections;
- /* local function prototypes */
- static void connectCall(int clientSocket, int clientNumber);
- static int createHostSocket(int *hostSocket);
- /* this end's call identifier */
- uint16_t unique_call_id = 0;
- /* slots - begin */
- /* data about connection slots */
- struct slot {
- pid_t pid;
- char *local;
- char *remote;
- } *slots;
- /* number of connection slots allocated */
- int slot_count;
- static void slot_iterate(struct slot *slots, int count, void (*callback) (struct slot *slot))
- {
- int i;
- for(i=0; i<count; i++)
- (*callback)(&slots[i]);
- }
- static void slot_slot_init(struct slot *slot)
- {
- slot->pid = 0;
- slot->local = NULL;
- slot->remote = NULL;
- }
- void slot_init(int count)
- {
- slot_count = count;
- slots = (struct slot *) calloc(slot_count, sizeof(struct slot));
- slot_iterate(slots, slot_count, slot_slot_init);
- }
- static void slot_slot_free(struct slot *slot)
- {
- slot->pid = 0;
- if (slot->local) free(slot->local);
- slot->local = NULL;
- if (slot->remote) free(slot->remote);
- slot->remote = NULL;
- }
- void slot_free()
- {
- slot_iterate(slots, slot_count, slot_slot_free);
- free(slots);
- slots = NULL;
- slot_count = 0;
- }
- void slot_set_local(int i, char *ip)
- {
- struct slot *slot = &slots[i];
- if (slot->local) free(slot->local);
- slot->local = strdup(ip);
- }
- void slot_set_remote(int i, char *ip)
- {
- struct slot *slot = &slots[i];
- if (slot->remote) free(slot->remote);
- slot->remote = strdup(ip);
- }
- void slot_set_pid(int i, pid_t pid)
- {
- struct slot *slot = &slots[i];
- slot->pid = pid;
- }
- int slot_find_by_pid(pid_t pid)
- {
- int i;
- for(i=0; i<slot_count; i++) {
- struct slot *slot = &slots[i];
- if (slot->pid == pid) return i;
- }
- return -1;
- }
- int slot_find_empty()
- {
- return slot_find_by_pid(0);
- }
- char *slot_get_local(int i)
- {
- struct slot *slot = &slots[i];
- return slot->local;
- }
- char *slot_get_remote(int i)
- {
- struct slot *slot = &slots[i];
- return slot->remote;
- }
- /* slots - end */
- static void sigchld_responder(int sig)
- {
- int child, status;
- while ((child = waitpid(-1, &status, WNOHANG)) > 0) {
- if (pptp_delegate) {
- if (pptp_debug) syslog(LOG_DEBUG, "MGR: Reaped child %d", child);
- } else {
- int i;
- i = slot_find_by_pid(child);
- if (i != -1) {
- slot_set_pid(i, 0);
- if (pptp_debug) syslog(LOG_DEBUG, "MGR: Reaped child %d", child);
- } else {
- syslog(LOG_INFO, "MGR: Reaped unknown child %d", child);
- }
- }
- }
- }
- int pptp_manager(int argc, char **argv)
- {
- int firstOpen = -1;
- int ctrl_pid;
- socklen_t addrsize;
- int hostSocket;
- fd_set connSet;
- int rc, sig_fd;
- rc = sigpipe_create();
- if (rc < 0) {
- syslog(LOG_ERR, "MGR: unable to setup sigchld pipe!");
- syslog_perror("sigpipe_create");
- exit(-1);
- }
-
- sigpipe_assign(SIGCHLD);
- sigpipe_assign(SIGTERM);
- sig_fd = sigpipe_fd();
- /* openlog() not required, done in pptpd.c */
- syslog(LOG_INFO, "MGR: Manager process started");
- if (!pptp_delegate) {
- syslog(LOG_INFO, "MGR: Maximum of %d connections available",
- pptp_connections);
- }
- /* Connect the host socket and activate it for listening */
- if (createHostSocket(&hostSocket) < 0) {
- syslog(LOG_ERR, "MGR: Couldn't create host socket");
- syslog_perror("createHostSocket");
- exit(-1);
- }
- while (1) {
- int max_fd;
- FD_ZERO(&connSet);
- if (pptp_delegate) {
- FD_SET(hostSocket, &connSet);
- } else {
- firstOpen = slot_find_empty();
- if (firstOpen == -1) {
- syslog(LOG_ERR, "MGR: No free connection slots or IPs - no more clients can connect!");
- } else {
- FD_SET(hostSocket, &connSet);
- }
- }
- max_fd = hostSocket;
- FD_SET(sig_fd, &connSet);
- if (max_fd < sig_fd) max_fd = sig_fd;
- while (1) {
- if (select(max_fd + 1, &connSet, NULL, NULL, NULL) != -1) break;
- if (errno == EINTR) continue;
- syslog(LOG_ERR, "MGR: Error with manager select()!");
- syslog_perror("select");
- exit(-1);
- }
- if (FD_ISSET(sig_fd, &connSet)) { /* SIGCHLD */
- int signum = sigpipe_read();
- if (signum == SIGCHLD)
- sigchld_responder(signum);
- else if (signum == SIGTERM)
- return signum;
- }
- if (FD_ISSET(hostSocket, &connSet)) { /* A call came! */
- int clientSocket;
- struct sockaddr_in client_addr;
- /* Accept call and launch PPTPCTRL */
- addrsize = sizeof(client_addr);
- clientSocket = accept(hostSocket, (struct sockaddr *) &client_addr, &addrsize);
- #if HAVE_LIBWRAP
- if (clientSocket != -1) {
- struct request_info r;
- request_init(&r, RQ_DAEMON, "pptpd", RQ_FILE, clientSocket, NULL);
- fromhost(&r);
- if (!hosts_access(&r)) {
- /* send a permission denied message? this is a tcp wrapper
- * type deny so probably best to just drop it immediately like
- * this, as tcp wrappers usually do.
- */
- close(clientSocket);
- /* this would never be file descriptor 0, so use it as a error
- * value
- */
- clientSocket = 0;
- }
- }
- #endif
- if (clientSocket == -1) {
- /* accept failed, but life goes on... */
- syslog(LOG_ERR, "MGR: accept() failed");
- syslog_perror("accept");
- } else if (clientSocket != 0) {
- fd_set rfds;
- struct timeval tv;
- struct pptp_header ph;
- /* TODO: this select below prevents
- other connections from being
- processed during the wait for the
- first data packet from the
- client. */
- /*
- * DOS protection: get a peek at the first packet
- * and do some checks on it before we continue.
- * A 10 second timeout on the first packet seems reasonable
- * to me, if anything looks sus, throw it away.
- */
- FD_ZERO(&rfds);
- FD_SET(clientSocket, &rfds);
- tv.tv_sec = pptp_stimeout;
- tv.tv_usec = 0;
- if (select(clientSocket + 1, &rfds, NULL, NULL, &tv) <= 0) {
- syslog(LOG_ERR, "MGR: dropped slow initial connection");
- close(clientSocket);
- continue;
- }
- if (recv(clientSocket, &ph, sizeof(ph), MSG_PEEK) !=
- sizeof(ph)) {
- syslog(LOG_ERR, "MGR: dropped small initial connection");
- close(clientSocket);
- continue;
- }
- ph.length = ntohs(ph.length);
- ph.pptp_type = ntohs(ph.pptp_type);
- ph.magic = ntohl(ph.magic);
- ph.ctrl_type = ntohs(ph.ctrl_type);
- if (ph.length <= 0 || ph.length > PPTP_MAX_CTRL_PCKT_SIZE) {
- syslog(LOG_WARNING, "MGR: initial packet length %d outside "
- "(0 - %d)", ph.length, PPTP_MAX_CTRL_PCKT_SIZE);
- goto dos_exit;
- }
- if (ph.magic != PPTP_MAGIC_COOKIE) {
- syslog(LOG_WARNING, "MGR: initial packet bad magic");
- goto dos_exit;
- }
- if (ph.pptp_type != PPTP_CTRL_MESSAGE) {
- syslog(LOG_WARNING, "MGR: initial packet has bad type");
- goto dos_exit;
- }
- if (ph.ctrl_type != START_CTRL_CONN_RQST) {
- syslog(LOG_WARNING, "MGR: initial packet has bad ctrl type "
- "0x%x", ph.ctrl_type);
- dos_exit:
- close(clientSocket);
- continue;
- }
- #ifndef HAVE_FORK
- switch (ctrl_pid = vfork()) {
- #else
- switch (ctrl_pid = fork()) {
- #endif
- case -1: /* error */
- syslog(LOG_ERR, "MGR: fork() failed launching " PPTP_CTRL_BIN);
- close(clientSocket);
- break;
- case 0: /* child */
- close(hostSocket);
- if (pptp_debug)
- syslog(LOG_DEBUG, "MGR: Launching " PPTP_CTRL_BIN " to handle client");
- connectCall(clientSocket, !pptp_delegate ? firstOpen : 0);
- _exit(1);
- /* NORETURN */
- default: /* parent */
- close(clientSocket);
- unique_call_id += MAX_CALLS_PER_TCP_LINK;
- if (!pptp_delegate)
- slot_set_pid(firstOpen, ctrl_pid);
- break;
- }
- }
- } /* FD_ISSET(hostSocket, &connSet) */
- } /* while (1) */
- } /* pptp_manager() */
- /*
- * Author: Kevin Thayer
- *
- * This creates a socket to listen on, sets the max # of pending connections and
- * various other options.
- *
- * Returns the fd of the host socket.
- *
- * The function return values are:
- * 0 for sucessful
- * -1 for bad socket creation
- * -2 for bad socket options
- * -3 for bad bind
- * -4 for bad listen
- */
- static int createHostSocket(int *hostSocket)
- {
- int opt = 1;
- struct sockaddr_in address;
- #ifdef HAVE_GETSERVBYNAME
- struct servent *serv;
- #endif
- /* create the master socket and check it worked */
- if ((*hostSocket = vrf_socket(vrf, AF_INET, SOCK_STREAM, 0)) == 0)
- return -1;
- /* set master socket to allow daemon to be restarted with connections active */
- if (setsockopt(*hostSocket, SOL_SOCKET, SO_REUSEADDR,
- (char *) &opt, sizeof(opt)) < 0)
- return -2;
- /* set up socket */
- memset(&address, 0, sizeof(address));
- address.sin_family = AF_INET;
- if(bindaddr)
- address.sin_addr.s_addr = inet_addr(bindaddr);
- else
- address.sin_addr.s_addr = INADDR_ANY;
- #ifdef HAVE_GETSERVBYNAME
- if ((serv = getservbyname("pptp", "tcp")) != NULL) {
- address.sin_port = serv->s_port;
- } else
- #endif
- address.sin_port = htons(PPTP_PORT);
- /* bind the socket to the pptp port */
- if (bind(*hostSocket, (struct sockaddr *) &address, sizeof(address)) < 0)
- return -3;
- /* minimal backlog to avoid DoS */
- if (listen(*hostSocket, 3) < 0)
- return -4;
- return 0;
- }
- /*
- * Author: Kevin Thayer
- *
- * this routine sets up the arguments for the call handler and calls it.
- */
- static void connectCall(int clientSocket, int clientNumber)
- {
- #define NUM2ARRAY(array, num) snprintf(array, sizeof(array), "%d", num)
-
- char *ctrl_argv[16]; /* arguments for launching 'pptpctrl' binary */
- int pptpctrl_argc = 0; /* count the number of arguments sent to pptpctrl */
- /* lame strings to hold passed args. */
- char ctrl_debug[2];
- char ctrl_noipparam[2];
- char pppdoptfile_argv[2];
- char speedgiven_argv[2];
- extern char **environ;
- char callid_argv[16];
- /*
- * Launch the CTRL manager binary; we send it some information such as
- * speed and option file on the command line.
- */
- ctrl_argv[pptpctrl_argc++] = PPTP_CTRL_BIN " ";
- /* Pass socket as stdin */
- if (clientSocket != 0) {
- dup2(clientSocket, 0);
- close(clientSocket);
- }
- /* get argv set up */
- NUM2ARRAY(ctrl_debug, pptp_debug ? 1 : 0);
- ctrl_debug[1] = '\0';
- ctrl_argv[pptpctrl_argc++] = ctrl_debug;
- NUM2ARRAY(ctrl_noipparam, pptp_noipparam ? 1 : 0);
- ctrl_noipparam[1] = '\0';
- ctrl_argv[pptpctrl_argc++] = ctrl_noipparam;
- #ifdef VRF
- ctrl_argv[pptpctrl_argc++] = vrf ? vrf : "";
- #endif
- /* optionfile = TRUE or FALSE; so the CTRL manager knows whether to load a non-standard options file */
- NUM2ARRAY(pppdoptfile_argv, pppdoptstr ? 1 : 0);
- pppdoptfile_argv[1] = '\0';
- ctrl_argv[pptpctrl_argc++] = pppdoptfile_argv;
- if (pppdoptstr) {
- /* send the option filename so the CTRL manager can launch pppd with this alternate file */
- ctrl_argv[pptpctrl_argc++] = pppdoptstr;
- }
- /* tell the ctrl manager whether we were given a speed */
- NUM2ARRAY(speedgiven_argv, speedstr ? 1 : 0);
- speedgiven_argv[1] = '\0';
- ctrl_argv[pptpctrl_argc++] = speedgiven_argv;
- if (speedstr) {
- /* send the CTRL manager the speed of the connection so it can fire pppd at that speed */
- ctrl_argv[pptpctrl_argc++] = speedstr;
- }
- if (pptp_delegate) {
- /* no local or remote address to specify */
- ctrl_argv[pptpctrl_argc++] = "0";
- ctrl_argv[pptpctrl_argc++] = "0";
- } else {
- /* specify local & remote addresses for this call */
- ctrl_argv[pptpctrl_argc++] = "1";
- ctrl_argv[pptpctrl_argc++] = slot_get_local(clientNumber);
- ctrl_argv[pptpctrl_argc++] = "1";
- ctrl_argv[pptpctrl_argc++] = slot_get_remote(clientNumber);
- }
- /* our call id to be included in GRE packets the client
- * will send to us */
- NUM2ARRAY(callid_argv, unique_call_id);
- ctrl_argv[pptpctrl_argc++] = callid_argv;
- /* pass path to ppp binary */
- ctrl_argv[pptpctrl_argc++] = ppp_binary;
- /* pass logwtmp flag */
- ctrl_argv[pptpctrl_argc++] = pptp_logwtmp ? "1" : "0";
- /* note: update pptpctrl.8 if the argument list format is changed */
- /* terminate argv array with a NULL */
- ctrl_argv[pptpctrl_argc] = NULL;
- pptpctrl_argc++;
- /* ok, args are setup: invoke the call handler */
- execve(PPTP_CTRL_BIN, ctrl_argv, environ);
- syslog(LOG_ERR, "MGR: Failed to exec " PPTP_CTRL_BIN "!");
- _exit(1);
- }
|