ppp: auth: answer "Success" to retrasmitted messages if auth layer is already started

accel-pppd/auth/auth_chap_md5.c

@@ -37,41 +37,36 @@ static int conf_interval = 0;
 static int conf_max_failure = 3;
 static int conf_any_login = 0;
 
-struct chap_hdr_t
-{
+struct chap_hdr_t {
 	uint16_t proto;
 	uint8_t code;
 	uint8_t id;
 	uint16_t len;
 } __attribute__((packed));
 
-struct chap_challenge_t
-{
+struct chap_challenge_t {
 	struct chap_hdr_t hdr;
 	uint8_t val_size;
 	uint8_t val[VALUE_SIZE];
 	char name[0];
 } __attribute__((packed));
 
-struct chap_failure_t
-{
+struct chap_failure_t {
 	struct chap_hdr_t hdr;
 	char message[sizeof(MSG_FAILURE)];
 } __attribute__((packed));
 
-struct chap_success_t
-{
+struct chap_success_t {
 	struct chap_hdr_t hdr;
 	char message[sizeof(MSG_SUCCESS)];
 } __attribute__((packed));
 
 
-struct chap_auth_data_t
-{
+struct chap_auth_data_t {
 	struct auth_data_t auth;
 	struct ppp_handler_t h;
 	struct ppp_t *ppp;
-	int id;
+	uint8_t id;
 	uint8_t val[VALUE_SIZE];
 	struct triton_timer_t timeout;
 	struct triton_timer_t interval;
@@ -131,6 +126,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth)
 	d->timeout.period = conf_timeout * 1000;
 	d->interval.expire = chap_restart_timer;
 	d->interval.period = conf_interval * 1000;
+	d->id = 1;
 
 	ppp_register_chan_handler(ppp, &d->h);
 
@@ -208,12 +204,12 @@ static void chap_send_failure(struct chap_auth_data_t *ad)
 	ppp_chan_send(ad->ppp, &msg, ntohs(msg.hdr.len) + 2);
 }
 
-static void chap_send_success(struct chap_auth_data_t *ad)
+static void chap_send_success(struct chap_auth_data_t *ad, int id)
 {
 	struct chap_success_t msg =	{
 		.hdr.proto = htons(PPP_CHAP),
 		.hdr.code = CHAP_SUCCESS,
-		.hdr.id = ad->id,
+		.hdr.id = id,
 		.hdr.len = htons(sizeof(msg)-1-2),
 		.message = MSG_SUCCESS,
 	};
@@ -229,7 +225,7 @@ static void chap_send_challenge(struct chap_auth_data_t *ad, int new)
 	struct chap_challenge_t msg =	{
 		.hdr.proto = htons(PPP_CHAP),
 		.hdr.code = CHAP_CHALLENGE,
-		.hdr.id = ++ad->id,
+		.hdr.id = ad->id,
 		.hdr.len = htons(sizeof(msg) - 2),
 		.val_size = VALUE_SIZE,
 	};
@@ -271,6 +267,11 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
 		log_ppp_info2("\"]\n");
 	}
 	
+	if (ad->started && msg->hdr.id == ad->id - 1) {
+		chap_send_success(ad, msg->hdr.id);
+		return;
+	}
+
 	if (msg->hdr.id != ad->id) {
 		if (conf_ppp_verbose)
 			log_ppp_warn("chap-md5: id mismatch\n");
@@ -296,8 +297,9 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
 			_free(name);
 			return;
 		}
-		chap_send_success(ad);
+		chap_send_success(ad, ad->id);
 		ad->started = 1;
+		ad->id++;
 		return;
 	}
 
@@ -337,13 +339,15 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
 					ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0);
 					_free(name);
 				} else {
-					chap_send_success(ad);
+					chap_send_success(ad, ad->id);
 					ad->started = 1;
 					if (conf_interval)
 						triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0);
 				}
 			} else
 				_free(name);
+			
+			ad->id++;
 		}
 		_free(passwd);
 	} else if (r == PWDB_DENIED) {
@@ -360,15 +364,17 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
 				ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0);
 				_free(name);
 			} else {
-				chap_send_success(ad);
+				chap_send_success(ad, ad->id);
 				ad->started = 1;
 				if (conf_interval)
 					triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0);
 			}
 		} else {
-			chap_send_success(ad);
+			chap_send_success(ad, ad->id);
 			_free(name);
 		}
+
+		ad->id++;
 	}
 }
 

accel-pppd/auth/auth_mschap_v1.c

@@ -37,26 +37,22 @@ static int conf_max_failure = 3;
 static int conf_any_login = 0;
 static char *conf_msg_failure = "E=691 R=0";
 static char *conf_msg_success = "Authentication succeeded";
-;
 
-struct chap_hdr_t
-{
+struct chap_hdr_t {
 	uint16_t proto;
 	uint8_t code;
 	uint8_t id;
 	uint16_t len;
 } __attribute__((packed));
 
-struct chap_challenge_t
-{
+struct chap_challenge_t {
 	struct chap_hdr_t hdr;
 	uint8_t val_size;
 	uint8_t val[VALUE_SIZE];
 	char name[0];
 } __attribute__((packed));
 
-struct chap_response_t
-{
+struct chap_response_t {
 	struct chap_hdr_t hdr;
 	uint8_t val_size;
 	uint8_t lm_hash[24];
@@ -65,12 +61,11 @@ struct chap_response_t
 	char name[0];
 } __attribute__((packed));
 
-struct chap_auth_data_t
-{
+struct chap_auth_data_t {
 	struct auth_data_t auth;
 	struct ppp_handler_t h;
 	struct ppp_t *ppp;
-	int id;
+	uint8_t id;
 	uint8_t val[VALUE_SIZE];
 	struct triton_timer_t timeout;
 	struct triton_timer_t interval;
@@ -132,6 +127,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth)
 	d->timeout.period = conf_timeout * 1000;
 	d->interval.expire = chap_restart_timer;
 	d->interval.period = conf_interval * 1000;
+	d->id = 1;
 
 	ppp_register_chan_handler(ppp, &d->h);
 
@@ -210,12 +206,12 @@ static void chap_send_failure(struct chap_auth_data_t *ad, char *mschap_error)
 	_free(hdr);
 }
 
-static void chap_send_success(struct chap_auth_data_t *ad)
+static void chap_send_success(struct chap_auth_data_t *ad, int id)
 {
 	struct chap_hdr_t *hdr = _malloc(sizeof(*hdr) + strlen(conf_msg_success) + 1);
 	hdr->proto = htons(PPP_CHAP);
 	hdr->code = CHAP_SUCCESS;
-	hdr->id = ad->id;
+	hdr->id = id;
 	hdr->len = htons(HDR_LEN + strlen(conf_msg_success));
 	strcpy((char *)(hdr + 1), conf_msg_success);
 	
@@ -232,7 +228,7 @@ static void chap_send_challenge(struct chap_auth_data_t *ad, int new)
 	struct chap_challenge_t msg = {
 		.hdr.proto = htons(PPP_CHAP),
 		.hdr.code = CHAP_CHALLENGE,
-		.hdr.id = ++ad->id,
+		.hdr.id = ad->id,
 		.hdr.len = htons(sizeof(msg) - 2),
 		.val_size = VALUE_SIZE,
 	};
@@ -274,6 +270,11 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
 		log_ppp_info2("\"]\n");
 	}
 
+	if (ad->started && msg->hdr.id == ad->id - 1) {
+		chap_send_success(ad, msg->hdr.id);
+		return;
+	}
+
 	if (msg->hdr.id != ad->id) {
 		if (conf_ppp_verbose)
 			log_ppp_warn("mschap-v1: id mismatch\n");
@@ -306,8 +307,9 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
 			_free(name);
 			return;
 		}
-		chap_send_success(ad);
+		chap_send_success(ad, ad->id);
 		ad->started = 1;
+		ad->id++;
 		return;
 	}
 
@@ -332,15 +334,17 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
 				ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0);
 				_free(name);
 			} else {
-				chap_send_success(ad);
+				chap_send_success(ad, ad->id);
 				ad->started = 1;
 				if (conf_interval)
 					triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0);
 			}
 		} else {
-			chap_send_success(ad);
+			chap_send_success(ad, ad->id);
 			_free(name);
 		}
+
+		ad->id++;
 	}
 }
 

accel-pppd/auth/auth_mschap_v2.c

@@ -38,24 +38,21 @@ static char *conf_msg_failure = "E=691 R=0 V=3";
 static char *conf_msg_failure2 = "Authentication failure";
 static char *conf_msg_success = "Authentication succeeded";
 
-struct chap_hdr_t
-{
+struct chap_hdr_t {
 	uint16_t proto;
 	uint8_t code;
 	uint8_t id;
 	uint16_t len;
 } __attribute__((packed));
 
-struct chap_challenge_t
-{
+struct chap_challenge_t {
 	struct chap_hdr_t hdr;
 	uint8_t val_size;
 	uint8_t val[VALUE_SIZE];
 	char name[0];
 } __attribute__((packed));
 
-struct chap_response_t
-{
+struct chap_response_t {
 	struct chap_hdr_t hdr;
 	uint8_t val_size;
 	uint8_t peer_challenge[16];
@@ -65,15 +62,15 @@ struct chap_response_t
 	char name[0];
 } __attribute__((packed));
 
-struct chap_auth_data_t
-{
+struct chap_auth_data_t {
 	struct auth_data_t auth;
 	struct ppp_handler_t h;
 	struct ppp_t *ppp;
-	int id;
+	uint8_t id;
 	uint8_t val[VALUE_SIZE];
 	struct triton_timer_t timeout;
 	struct triton_timer_t interval;
+	char authenticator[41];
 	int failure;
 	int started:1;
 };
@@ -133,6 +130,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth)
 	d->timeout.period = conf_timeout * 1000;
 	d->interval.expire = chap_restart_timer;
 	d->interval.period = conf_interval * 1000;
+	d->id = 1;
 
 	ppp_register_chan_handler(ppp, &d->h);
 
@@ -212,12 +210,12 @@ static void chap_send_failure(struct chap_auth_data_t *ad, char *mschap_error, c
 	_free(hdr);
 }
 
-static void chap_send_success(struct chap_auth_data_t *ad, struct chap_response_t *res_msg, const char *authenticator)
+static void chap_send_success(struct chap_auth_data_t *ad, int id, const char *authenticator)
 {
 	struct chap_hdr_t *hdr = _malloc(sizeof(*hdr) + strlen(conf_msg_success) + 1 +	45);
 	hdr->proto = htons(PPP_CHAP),
 	hdr->code = CHAP_SUCCESS,
-	hdr->id = ad->id,
+	hdr->id = id,
 	hdr->len = htons(HDR_LEN + strlen(conf_msg_success) + 45),
 
 	sprintf((char *)(hdr + 1), "S=%s M=%s", authenticator, conf_msg_success);
@@ -305,7 +303,7 @@ static void chap_send_challenge(struct chap_auth_data_t *ad, int new)
 	struct chap_challenge_t msg =	{
 		.hdr.proto = htons(PPP_CHAP),
 		.hdr.code = CHAP_CHALLENGE,
-		.hdr.id = ++ad->id,
+		.hdr.id = ad->id,
 		.hdr.len = htons(sizeof(msg) - 2),
 		.val_size = VALUE_SIZE,
 	};
@@ -351,6 +349,11 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
 		log_ppp_info2("\"]\n");
 	}
 
+	if (ad->started && msg->hdr.id == ad->id - 1) {
+		chap_send_success(ad, msg->hdr.id, ad->authenticator);
+		return;
+	}
+
 	if (msg->hdr.id != ad->id) {
 		if (conf_ppp_verbose)
 			log_ppp_warn("mschap-v2: id mismatch\n");
@@ -405,15 +408,19 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
 				ap_session_terminate(&ad->ppp->ses, TERM_AUTH_ERROR, 0);
 				_free(name);
 			} else {
-				chap_send_success(ad, msg, authenticator);
+				chap_send_success(ad, ad->id, authenticator);
 				ad->started = 1;
 				if (conf_interval)
 					triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->interval, 0);
 			}
 		} else {
-			chap_send_success(ad, msg, authenticator);
+			chap_send_success(ad, ad->id, authenticator);
 			_free(name);
 		}
+
+		memcpy(ad->authenticator, authenticator, 41);
+
+		ad->id++;
 	}
 }
 

accel-pppd/auth/auth_pap.c

@@ -183,6 +183,11 @@ static int pap_recv_req(struct pap_auth_data_t *p, struct pap_hdr_t *hdr)
 	if (conf_ppp_verbose)
 		log_ppp_info2("recv [PAP AuthReq id=%x]\n", hdr->id);
 	
+	if (p->started) {
+		pap_send_ack(p, hdr->id);
+		return 0;
+	}
+
 	peer_id_len = *(uint8_t*)ptr; ptr++;
 	if (peer_id_len > ntohs(hdr->len) - sizeof(*hdr) + 2 - 1) {
 		log_ppp_warn("PAP: short packet received\n");