4 * PPTP control connection between PAC-PNS pair
6 * $Id: pptpctrl.c,v 1.20 2006/12/08 00:01:40 quozl Exp $
14 #define _GNU_SOURCE 1 /* kill() prototype, broken arpa/inet.h */
17 #include "our_syslog.h"
29 #include <sys/types.h>
31 #include <sys/socket.h>
32 #include <netinet/in.h>
33 #include <arpa/inet.h>
52 #include "ctrlpacket.h"
54 // placing net/if.h here fixes build on Solaris
57 static char *ppp_binary
= PPP_BINARY
;
58 static int pptp_logwtmp
;
59 static int noipparam
; /* if true, don't send ipparam to ppp */
60 static char speed
[32];
61 static char pppdxfig
[256];
62 static pid_t pppfork
; /* so we can kill it after disconnect */
65 * Global to handle dying
67 * I'd be nice if someone could figure out a way to do it
68 * without the global, but i don't think you can.. -tmk
70 #define clientSocket 0 /* in case it changes back to a variable */
71 static u_int32_t call_id_pair
; /* call id (to terminate call) */
73 /* Needed by this and ctrlpacket.c */
74 int pptpctrl_debug
= 0; /* specifies if debugging is on or off */
75 uint16_t unique_call_id
= 0xFFFF; /* Start value for our call IDs on this TCP link */
77 int gargc
; /* Command line argument count */
78 char **gargv
; /* Command line argument vector */
80 /* Local function prototypes */
81 static void bail(int sigraised
);
82 static void pptp_handle_ctrl_connection(char **pppaddrs
, struct in_addr
*inetaddrs
);
84 static int startCall(char **pppaddrs
, struct in_addr
*inetaddrs
);
85 static void launch_pppd(char **pppaddrs
, struct in_addr
*inetaddrs
);
87 /* Oh the horror.. lets hope this covers all the ones we have to handle */
88 #if defined(O_NONBLOCK) && !defined(__sun__) && !defined(__sun)
89 #define OUR_NB_MODE O_NONBLOCK
91 #define OUR_NB_MODE O_NDELAY
94 /* read a command line argument, a flag alone */
95 #define GETARG_INT(X) \
98 /* read a command line argument, a string alone */
99 #define GETARG_STRING(X) \
100 X = strdup(argv[arg++])
102 /* read a command line argument, a presence flag followed by string */
103 #define GETARG_VALUE(X) \
104 if(atoi(argv[arg++]) != 0) \
105 strlcpy(X, argv[arg++], sizeof(X)); \
109 int main(int argc
, char **argv
)
111 char pppLocal
[16]; /* local IP to pass to pppd */
112 char pppRemote
[16]; /* remote IP address to pass to pppd */
113 struct sockaddr_in addr
; /* client address */
117 struct in_addr inetaddrs
[2];
118 char *pppaddrs
[2] = { pppLocal
, pppRemote
};
123 /* fail if argument count invalid */
125 fprintf(stderr
, "pptpctrl: insufficient arguments, see man pptpctrl\n");
129 /* open a connection to the syslog daemon */
130 openlog("pptpd", LOG_PID
, PPTP_FACILITY
);
132 /* autoreap if supported */
133 signal(SIGCHLD
, SIG_IGN
);
135 /* note: update pptpctrl.8 if the argument list format is changed */
136 GETARG_INT(pptpctrl_debug
);
137 GETARG_INT(noipparam
);
138 GETARG_VALUE(pppdxfig
);
140 GETARG_VALUE(pppLocal
);
141 GETARG_VALUE(pppRemote
);
142 if (arg
< argc
) GETARG_INT(unique_call_id
);
143 if (arg
< argc
) GETARG_STRING(ppp_binary
);
144 if (arg
< argc
) GETARG_INT(pptp_logwtmp
);
146 if (pptpctrl_debug
) {
148 syslog(LOG_DEBUG
, "CTRL: local address = %s", pppLocal
);
150 syslog(LOG_DEBUG
, "CTRL: remote address = %s", pppRemote
);
152 syslog(LOG_DEBUG
, "CTRL: pppd speed = %s", speed
);
154 syslog(LOG_DEBUG
, "CTRL: pppd options file = %s", pppdxfig
);
157 addrlen
= sizeof(addr
);
158 if (getsockname(clientSocket
, (struct sockaddr
*) &addr
, &addrlen
) != 0) {
159 syslog(LOG_ERR
, "CTRL: getsockname() failed");
160 syslog_perror("getsockname");
162 bail(0); /* NORETURN */
164 inetaddrs
[0] = addr
.sin_addr
;
166 addrlen
= sizeof(addr
);
167 if (getpeername(clientSocket
, (struct sockaddr
*) &addr
, &addrlen
) != 0) {
168 syslog(LOG_ERR
, "CTRL: getpeername() failed");
169 syslog_perror("getpeername");
171 bail(0); /* NORETURN */
173 inetaddrs
[1] = addr
.sin_addr
;
175 /* Set non-blocking */
176 if ((flags
= fcntl(clientSocket
, F_GETFL
, arg
/* ignored */)) == -1 ||
177 fcntl(clientSocket
, F_SETFL
, flags
|OUR_NB_MODE
) == -1) {
178 syslog(LOG_ERR
, "CTRL: Failed to set client socket non-blocking");
179 syslog_perror("fcntl");
181 bail(0); /* NORETURN */
185 /* Fiddle with argv */
186 my_setproctitle(gargc
, gargv
, "pptpd [%s]%20c",
187 inet_ntoa(addr
.sin_addr
), ' ');
189 /* be ready for a grisly death */
191 sigpipe_assign(SIGTERM
);
192 NOTE_VALUE(PAC
, call_id_pair
, htons(-1));
193 NOTE_VALUE(PNS
, call_id_pair
, htons(-1));
195 syslog(LOG_INFO
, "CTRL: Client %s control connection started", inet_ntoa(addr
.sin_addr
));
196 pptp_handle_ctrl_connection(pppaddrs
, inetaddrs
);
197 syslog(LOG_DEBUG
, "CTRL: Reaping child PPP[%i]", pppfork
);
199 waitpid(pppfork
, NULL
, 0);
200 syslog(LOG_INFO
, "CTRL: Client %s control connection finished", inet_ntoa(addr
.sin_addr
));
202 bail(0); /* NORETURN */
203 return 1; /* make gcc happy */
208 * Local functions only below
212 * pptp_handle_ctrl_connection
214 * 1. read a packet (should be start_ctrl_conn_rqst)
215 * 2. reply to packet (send a start_ctrl_conn_rply)
216 * 3. proceed with GRE and CTRL connections
218 * args: pppaddrs - ppp local and remote addresses (strings)
219 * inetaddrs - local and client socket address
220 * retn: 0 success, -1 failure
222 static void pptp_handle_ctrl_connection(char **pppaddrs
, struct in_addr
*inetaddrs
)
225 /* For echo requests used to check link is alive */
226 int echo_wait
= FALSE
; /* Waiting for echo? */
227 u_int32_t echo_count
= 0; /* Sequence # of echo */
228 time_t echo_time
= 0; /* Time last echo req sent */
229 struct timeval idleTime
; /* How long to select() */
231 /* General local variables */
232 ssize_t rply_size
; /* Reply packet size */
233 fd_set fds
; /* For select() */
234 int maxfd
= clientSocket
; /* For select() */
235 int send_packet
; /* Send a packet this time? */
236 #if BSDUSER_PPP || SLIRP
237 /* not needed by stuff which uses socketpair() in startCall() */
240 int init
= 0; /* Has pppd initialized the pty? */
242 int pty_fd
= -1; /* File descriptor of pty */
243 int gre_fd
= -1; /* Network file descriptor */
244 int sig_fd
= sigpipe_fd(); /* Signal pipe descriptor */
246 unsigned char packet
[PPTP_MAX_CTRL_PCKT_SIZE
];
247 unsigned char rply_packet
[PPTP_MAX_CTRL_PCKT_SIZE
];
252 FD_SET(sig_fd
, &fds
);
253 FD_SET(clientSocket
, &fds
);
255 FD_SET(pty_fd
, &fds
);
256 if (gre_fd
!= -1 && init
)
257 FD_SET(gre_fd
, &fds
);
260 if (encaps_gre(-1, NULL
, 0) || decaps_hdlc(-1, NULL
, 0)) {
262 idleTime
.tv_usec
= 50000; /* don't ack immediately */
264 idleTime
.tv_sec
= IDLE_WAIT
;
265 idleTime
.tv_usec
= 0;
268 /* default: do nothing */
271 switch (select(maxfd
+ 1, &fds
, NULL
, NULL
, &idleTime
)) {
272 case -1: /* Error with select() */
274 syslog(LOG_ERR
, "CTRL: Error with select(), quitting");
275 goto leave_clear_call
;
278 if (decaps_hdlc(-1, NULL
, 0)) {
279 if(decaps_hdlc(-1, encaps_gre
, gre_fd
))
280 syslog(LOG_ERR
, "CTRL: GRE re-xmit failed");
281 } else if (encaps_gre(-1, NULL
, 0))
282 /* Pending ack and nothing else to do */
283 encaps_gre(gre_fd
, NULL
, 0); /* send ack with no payload */
284 else if (echo_wait
!= TRUE
) {
285 /* Timeout. Start idle link detection. */
288 syslog(LOG_DEBUG
, "CTRL: Sending ECHO REQ id %d", echo_count
);
290 make_echo_req_packet(rply_packet
, &rply_size
, echo_count
);
300 /* check for pending SIGTERM delivery */
301 if (FD_ISSET(sig_fd
, &fds
)) {
302 if (sigpipe_read() == SIGTERM
)
306 /* detect startup of pppd */
308 if (!init
&& pty_fd
!= -1 && FD_ISSET(pty_fd
, &fds
))
312 /* handle actual packets */
314 /* send from pty off via GRE */
315 if (pty_fd
!= -1 && FD_ISSET(pty_fd
, &fds
) && decaps_hdlc(pty_fd
, encaps_gre
, gre_fd
) < 0) {
316 syslog(LOG_ERR
, "CTRL: PTY read or GRE write failed (pty,gre)=(%d,%d)", pty_fd
, gre_fd
);
319 /* send from GRE off to pty */
320 if (gre_fd
!= -1 && FD_ISSET(gre_fd
, &fds
) && decaps_gre(gre_fd
, encaps_hdlc
, pty_fd
) < 0) {
321 if (gre_fd
== 6 && pty_fd
== 5) {
322 syslog(LOG_ERR
, "CTRL: GRE-tunnel has collapsed (GRE read or PTY write failed (gre,pty)=(%d,%d))", gre_fd
, pty_fd
);
324 syslog(LOG_ERR
, "CTRL: GRE read or PTY write failed (gre,pty)=(%d,%d)", gre_fd
, pty_fd
);
328 /* handle control messages */
330 if (FD_ISSET(clientSocket
, &fds
)) {
332 switch (read_pptp_packet(clientSocket
, packet
, rply_packet
, &rply_size
)) {
334 syslog(LOG_ERR
, "CTRL: CTRL read failed");
335 goto leave_drop_call
;
341 case STOP_CTRL_CONN_RQST
:
343 syslog(LOG_DEBUG
, "CTRL: Received STOP CTRL CONN request (disconnecting)");
344 if (gre_fd
!= -1 || pty_fd
!= -1)
345 syslog(LOG_WARNING
, "CTRL: Request to close control connection when call is open, closing");
346 send_pptp_packet(clientSocket
, rply_packet
, rply_size
);
347 goto leave_drop_call
;
351 syslog(LOG_DEBUG
, "CTRL: Received CALL CLR request (closing call)");
352 if (gre_fd
== -1 || pty_fd
== -1)
353 syslog(LOG_WARNING
, "CTRL: Request to close call but call not open");
355 FD_CLR(gre_fd
, &fds
);
360 FD_CLR(pty_fd
, &fds
);
365 goto leave_drop_call
;
368 /* for killing off the link later (ugly) */
369 NOTE_VALUE(PAC
, call_id_pair
, ((struct pptp_out_call_rply
*) (rply_packet
))->call_id
);
370 NOTE_VALUE(PNS
, call_id_pair
, ((struct pptp_out_call_rply
*) (rply_packet
))->call_id_peer
);
371 if (gre_fd
!= -1 || pty_fd
!= -1) {
372 syslog(LOG_WARNING
, "CTRL: Request to open call when call is already open, closing");
374 FD_CLR(gre_fd
, &fds
);
379 FD_CLR(pty_fd
, &fds
);
384 /* change process title for accounting and status scripts */
385 my_setproctitle(gargc
, gargv
,
386 "pptpd [%s:%04X - %04X]",
387 inet_ntoa(inetaddrs
[1]),
388 ntohs(((struct pptp_out_call_rply
*) (rply_packet
))->call_id_peer
),
389 ntohs(((struct pptp_out_call_rply
*) (rply_packet
))->call_id
));
390 /* start the call, by launching pppd */
391 syslog(LOG_INFO
, "CTRL: Starting call (launching pppd, opening GRE)");
392 pty_fd
= startCall(pppaddrs
, inetaddrs
);
393 if (pty_fd
> maxfd
) maxfd
= pty_fd
;
394 if ((gre_fd
= pptp_gre_init(call_id_pair
, pty_fd
, inetaddrs
)) > maxfd
)
399 if (echo_wait
== TRUE
&& ((struct pptp_echo_rply
*) (packet
))->identifier
== echo_count
)
402 syslog(LOG_WARNING
, "CTRL: Unexpected ECHO REPLY packet");
414 case CALL_DISCONN_NTFY
:
415 case STOP_CTRL_CONN_RPLY
:
416 /* These don't generate replies. Also they come from things we don't send in this section. */
417 syslog(LOG_WARNING
, "CTRL: Got a reply to a packet we didn't send");
421 /* Otherwise, the already-formed reply will do fine, so send it */
425 /* send reply packet - this may block, but it should be very rare */
426 if (send_packet
== TRUE
&& send_pptp_packet(clientSocket
, rply_packet
, rply_size
) < 0) {
427 syslog(LOG_ERR
, "CTRL: Error sending GRE, aborting call");
428 goto leave_clear_call
;
431 /* waiting for echo reply and curtime - echo_time > max wait */
432 if (echo_wait
== TRUE
&& (time(NULL
) - echo_time
) > MAX_ECHO_WAIT
) {
433 syslog(LOG_INFO
, "CTRL: Session timed out, ending call");
434 goto leave_clear_call
;
439 NOTE_VALUE(PAC
, call_id_pair
, htons(-1));
440 NOTE_VALUE(PNS
, call_id_pair
, htons(-1));
443 /* leave clientSocket and call_id_pair alone for bail() */
458 * This is the custom exit() for this program.
460 * Updated to also be the default SIGTERM handler, and if
461 * the link is going down for unnatural reasons, we will close it
462 * right now, it's only been tested for win98, other tests would be nice
465 static void bail(int sigraised
)
468 syslog(LOG_INFO
, "CTRL: Exiting on signal %d", sigraised
);
470 /* send a disconnect to the other end */
471 /* ignore any errors */
472 if (GET_VALUE(PAC
, call_id_pair
) != htons(-1)) {
473 fd_set connSet
; /* fd_set for select() */
474 struct timeval tv
; /* time to wait for reply */
475 unsigned char packet
[PPTP_MAX_CTRL_PCKT_SIZE
];
476 unsigned char rply_packet
[PPTP_MAX_CTRL_PCKT_SIZE
];
477 ssize_t rply_size
; /* reply packet size */
482 syslog(LOG_DEBUG
, "CTRL: Exiting with active call");
484 make_call_admin_shutdown(rply_packet
, &rply_size
);
485 if(send_pptp_packet(clientSocket
, rply_packet
, rply_size
) < 0)
488 make_stop_ctrl_req(rply_packet
, &rply_size
);
489 if(send_pptp_packet(clientSocket
, rply_packet
, rply_size
) < 0)
493 FD_SET(clientSocket
, &connSet
);
494 tv
.tv_sec
= 5; /* wait 5 secs for a reply then quit */
497 /* Wait for STOP CTRL CONN RQST or RPLY */
498 while (select(clientSocket
+ 1, &connSet
, NULL
, NULL
, &tv
) == 1) {
499 switch((pkt
= read_pptp_packet(clientSocket
, packet
, rply_packet
, &rply_size
))) {
500 case STOP_CTRL_CONN_RQST
:
501 send_pptp_packet(clientSocket
, rply_packet
, rply_size
);
504 syslog(LOG_WARNING
, "CTRL: Got call clear request after call manually shutdown - buggy client");
506 case STOP_CTRL_CONN_RPLY
:
509 syslog(LOG_WARNING
, "CTRL: Retryable error in disconnect sequence");
513 syslog(LOG_WARNING
, "CTRL: Fatal error reading control message in disconnect sequence");
516 syslog(LOG_WARNING
, "CTRL: Unexpected control message %d in disconnect sequence", pkt
);
520 tv
.tv_sec
= 5; /* wait 5 secs for another reply then quit */
523 syslog(LOG_WARNING
, "CTRL: Too many retries (%d) - giving up", retry
);
533 syslog(LOG_DEBUG
, "CTRL: Exiting now");
539 * Launches PPPD for the call.
541 * args: pppaddrs - local/remote IPs or "" for either/both if none
542 * retn: pty file descriptor
545 static int startCall(char **pppaddrs
, struct in_addr
*inetaddrs
)
547 /* PTY/TTY pair for talking to PPPd */
549 /* register pids of children */
550 #if BSDUSER_PPP || SLIRP
555 #define AF_LOCAL AF_UNIX /* Old BSD */
557 #define AF_LOCAL AF_FILE /* POSIX */
561 /* userspace ppp doesn't need to waste a real pty/tty pair */
562 if (socketpair(AF_LOCAL
, SOCK_STREAM
, 0, sockfd
)) {
563 syslog(LOG_ERR
, "CTRL: socketpair() error");
564 syslog_perror("socketpair");
570 /* Finds an open pty/tty pair */
571 if (openpty(&pty_fd
, &tty_fd
, NULL
, NULL
, NULL
) != 0) {
572 syslog(LOG_ERR
, "CTRL: openpty() error");
573 syslog_perror("openpty");
578 /* Turn off echo in the slave - to prevent loopback.
579 pppd will do this, but might not do it before we
581 if (tcgetattr(tty_fd
, &tios
) < 0) {
582 syslog(LOG_ERR
, "CTRL: tcgetattr() error");
583 syslog_perror("tcgetattr");
586 tios
.c_lflag
&= ~(ECHO
| ECHONL
);
587 if (tcsetattr(tty_fd
, TCSAFLUSH
, &tios
) < 0) {
588 syslog(LOG_ERR
, "CTRL: tcsetattr() error");
589 syslog_perror("tcsetattr");
594 if (pptpctrl_debug
) {
595 syslog(LOG_DEBUG
, "CTRL: pty_fd = %d", pty_fd
);
596 syslog(LOG_DEBUG
, "CTRL: tty_fd = %d", tty_fd
);
598 /* Launch the PPPD */
600 switch(pppfork
=vfork()){
602 switch(pppfork
=fork()){
604 case -1: /* fork() error */
605 syslog(LOG_ERR
, "CTRL: Error forking to exec pppd");
609 if (dup2(tty_fd
, 0) == -1) {
610 syslog(LOG_ERR
, "CTRL: child tty_fd dup2 to stdin, %s",
614 if (dup2(tty_fd
, 1) == -1) {
615 syslog(LOG_ERR
, "CTRL: child tty_fd dup2 to stdout, %s",
620 /* This must never be used if !HAVE_SYSLOG since that logs to stderr.
621 * Trying just never using it to see if it causes anyone else problems.
622 * It may let people see the pppd errors, which would be good.
630 /* In case we move clientSocket back off stdin */
632 if (clientSocket
> 1)
634 #elif clientSocket > 1
637 launch_pppd(pppaddrs
, inetaddrs
);
638 syslog(LOG_ERR
, "CTRL: PPPD launch failed! (launch_pppd did not fork)");
649 * Launches the PPP daemon. The PPP daemon is responsible for assigning the
650 * PPTP client its IP address.. These values are assigned via the command
653 * Add return of connected ppp interface
655 * retn: 0 on success, -1 on failure.
658 static void launch_pppd(char **pppaddrs
, struct in_addr
*inetaddrs
)
664 pppd_argv
[an
++] = ppp_binary
;
666 if (pptpctrl_debug
) {
668 "CTRL (PPPD Launcher): program binary = %s",
674 /* The way that Brian Somers' user-land ppp works is to use the
675 * system name as a reference for most of the useful options. Hence
676 * most things can't be defined on the command line. On OpenBSD at
677 * least the file used for the systems is /etc/ppp/ppp.conf, where
678 * the pptp stanza should look something like:
684 set dns a.a.a.a b.b.b.b
685 set ndbs x.x.x.x y.y.y.y
689 * To be honest, at the time of writing, I haven't had the thing
690 * working enough to understand :) I will update this comment and
691 * make a sample config available when I get there.
694 /* options for BSDUSER_PPP
696 * ignores IP addresses, config file option, speed
697 * fix usage info in pptpd.c and configure script if this changes
699 * IP addresses can be specified in /etc/ppp/ppp.secret per user
701 pppd_argv
[an
++] = "-direct";
702 pppd_argv
[an
++] = "pptp"; /* XXX this is the system name */
703 /* should be dynamic - PMG */
709 * ignores IP addresses from config - SLIRP handles this
711 pppd_argv
[an
++] = "-P";
712 pppd_argv
[an
++] = "+chap";
713 pppd_argv
[an
++] = "-b";
715 /* If a speed has been specified, use it
716 * if not, use "smart" default (defaults.h)
719 pppd_argv
[an
++] = speed
;
721 pppd_argv
[an
++] = PPP_SPEED_DEFAULT
;
725 pppd_argv
[an
++] = "-f";
726 pppd_argv
[an
++] = pppdxfig
;
729 if (pptpctrl_debug
) {
730 syslog(LOG_DEBUG
, "CTRL (PPPD Launcher): Connection speed = %s", pppd_argv
[an
- 1]);
734 /* options for 'normal' pppd */
736 pppd_argv
[an
++] = "local";
738 /* If a pppd option file is specified, use it
739 * if not, pppd will default to /etc/ppp/options
742 pppd_argv
[an
++] = "file";
743 pppd_argv
[an
++] = pppdxfig
;
746 /* If a speed has been specified, use it
747 * if not, use "smart" default (defaults.h)
750 pppd_argv
[an
++] = speed
;
752 pppd_argv
[an
++] = PPP_SPEED_DEFAULT
;
755 if (pptpctrl_debug
) {
757 syslog(LOG_DEBUG
, "CTRL (PPPD Launcher): local address = %s", pppaddrs
[0]);
759 syslog(LOG_DEBUG
, "CTRL (PPPD Launcher): remote address = %s", pppaddrs
[1]);
762 if (*pppaddrs
[0] || *pppaddrs
[1]) {
763 char pppInterfaceIPs
[33];
764 sprintf(pppInterfaceIPs
, "%s:%s", pppaddrs
[0], pppaddrs
[1]);
765 pppd_argv
[an
++] = pppInterfaceIPs
;
770 pppd_argv
[an
++] = "ipparam";
771 pppd_argv
[an
++] = inet_ntoa(inetaddrs
[1]);
775 pppd_argv
[an
++] = "plugin";
776 pppd_argv
[an
++] = "/usr/lib/pptpd/pptpd-logwtmp.so";
777 pppd_argv
[an
++] = "pptpd-original-ip";
778 pppd_argv
[an
++] = inet_ntoa(inetaddrs
[1]);
781 /* argv arrays must always be NULL terminated */
782 pppd_argv
[an
++] = NULL
;
783 /* make sure SIGCHLD is unblocked, pppd does not expect it */
785 sigprocmask(SIG_UNBLOCK
, &sigs
, NULL
);
787 execvp(pppd_argv
[0], pppd_argv
);
788 /* execvp() failed */
790 "CTRL (PPPD Launcher): Failed to launch PPP daemon. %s",