[pptp-server] some useful pptp-1.1.2 patches
Frank Cusack
fcusack at fcusack.com
Mon Mar 25 08:34:27 CST 2002
I guess pptpd isn't maintained these days, so this seems as good a place
as any to send some patches. Hopefully they make it into the sources.
1: log tcp_wrappers denies. This should be considered security critical.
2: properly daemonize (close stdin/stdout/stderr). This is important!
3: don't log those silly GRE read/write problems when it's normal. I
can't believe all you folks can tolerate this! :-)
4: an init script for redhat.
If someone wants to host rpm's I can send them. I'm not able to send
rpm's around to everyone though, just apply the patches please.
Patch 3 isn't done very well, I just brute forced it. I would suggest
to the pptpd maintainer that you define error macros instead.
/fc
-------------- next part --------------
Common subdirectories: pptpd-1.1.2.orig/html and pptpd-1.1.2/html
diff -u pptpd-1.1.2.orig/pptpmanager.c pptpd-1.1.2/pptpmanager.c
--- pptpd-1.1.2.orig/pptpmanager.c Fri Dec 17 08:30:14 1999
+++ pptpd-1.1.2/pptpmanager.c Sun Mar 24 05:51:16 2002
@@ -178,29 +178,11 @@
addrsize = sizeof(client_addr);
clientSocket = accept(hostSocket, (struct sockaddr *) &client_addr, &addrsize);
-#if HAVE_LIBWRAP
- if (clientSocket != -1) {
- struct request_info r;
- request_init(&r, RQ_DAEMON, "pptpd", RQ_FILE, clientSocket, NULL);
- fromhost(&r);
- if (!hosts_access(&r)) {
- /* send a permission denied message? this is a tcp wrapper
- * type deny so probably best to just drop it immediately like
- * this, as tcp wrappers usually do.
- */
- close(clientSocket);
- /* this would never be file descriptor 0, so use it as a error
- * value
- */
- clientSocket = 0;
- }
- }
-#endif
if (clientSocket == -1) {
/* accept failed, but life goes on... */
syslog(LOG_ERR, "MGR: accept() failed");
perror("accept");
- } else if (clientSocket != 0) {
+ } else {
#ifndef HAVE_FORK
switch (ctrl_pid = vfork()) {
@@ -214,6 +196,24 @@
case 0: /* child */
close(hostSocket);
+#if HAVE_LIBWRAP
+ {
+ struct request_info r;
+ request_init(&r, RQ_DAEMON, "pptpd", RQ_FILE, clientSocket, NULL);
+ fromhost(&r);
+ if (!hosts_access(&r)) {
+ /* send a permission denied message? this is a tcp wrapper
+ * type deny so probably best to just drop it immediately like
+ * this, as tcp wrappers usually do.
+ */
+ close(clientSocket);
+ if (pptp_debug)
+ syslog(LOG_DEBUG, "MGR: connection refused by tcp_wrappers");
+ refuse(&r);
+ /* NOTREACHED */
+ }
+ }
+#endif
if (pptp_debug)
syslog(LOG_DEBUG, "MGR: Launching " PPTP_CTRL_BIN " to handle client");
#if !defined(PPPD_IP_ALLOC)
Common subdirectories: pptpd-1.1.2.orig/samples and pptpd-1.1.2/samples
-------------- next part --------------
Common subdirectories: pptpd-1.1.2.orig/html and pptpd-1.1.2/html
diff -u pptpd-1.1.2.orig/pptpd.c pptpd-1.1.2/pptpd.c
--- pptpd-1.1.2.orig/pptpd.c Fri Dec 17 10:57:30 1999
+++ pptpd-1.1.2/pptpd.c Sun Mar 24 06:02:38 2002
@@ -290,9 +290,7 @@
if (!foreground) {
#if HAVE_DAEMON
closelog();
- freopen("/dev/null", "r", stdin);
- /* set noclose, we want stdout/stderr still attached if we can */
- daemon(0, 1);
+ daemon(0, 0);
/* returns to child only */
/* pid will have changed */
openlog("pptpd", LOG_PID, LOG_PPTP);
@@ -339,10 +337,10 @@
char **new_argv;
int pid;
syslog(LOG_INFO, "MGR: Option parse OK, re-execing as daemon");
- fprintf(stderr, "pptpd: option parse OK, re-execing as daemon\n");
- fflush(stderr);
if ((pid = vfork()) == 0) {
freopen("/dev/null", "r", stdin);
+ freopen("/dev/null", "w", stdout);
+ freopen("/dev/null", "w", stderr);
SETSIDPGRP();
chdir("/");
umask(0);
@@ -369,6 +367,8 @@
} else if (pid)
exit(0);
freopen("/dev/null", "r", stdin);
+ freopen("/dev/null", "w", stdout);
+ freopen("/dev/null", "w", stderr);
SETSIDPGRP();
chdir("/");
umask(0);
Only in pptpd-1.1.2.orig: pptpmanager.c.libwrap
Common subdirectories: pptpd-1.1.2.orig/samples and pptpd-1.1.2/samples
-------------- next part --------------
diff -ur pptpd-1.1.2.orig/pptpctrl.c pptpd-1.1.2/pptpctrl.c
--- pptpd-1.1.2.orig/pptpctrl.c Mon Oct 2 14:30:52 2000
+++ pptpd-1.1.2/pptpctrl.c Mon Mar 25 05:30:11 2002
@@ -300,17 +300,21 @@
/* send from pty off via GRE */
if (gre) {
- if (do_gre_to_pty (gre) < 0) {
- syslog(LOG_ERR,
- "CTRL: PTY read or GRE write failed (pty,gre)=(%d,%d)",
- gre->pty_fd, gre->gre_fd);
+ int r;
+
+ if ((r = do_gre_to_pty (gre)) < 0) {
+ if (r != -2)
+ syslog(LOG_ERR,
+ "CTRL: PTY read or GRE write failed (pty,gre)=(%d,%d)",
+ gre->pty_fd, gre->gre_fd);
break;
}
- if (do_pty_to_gre (gre) < 0) {
- syslog(LOG_ERR,
- "CTRL: GRE read or PTY write failed (gre,pty)=(%d,%d)",
- gre->gre_fd, gre->pty_fd);
+ if ((r = do_pty_to_gre (gre)) < 0) {
+ if (r != -2)
+ syslog(LOG_ERR,
+ "CTRL: GRE read or PTY write failed (gre,pty)=(%d,%d)",
+ gre->gre_fd, gre->pty_fd);
break;
}
}
diff -ur pptpd-1.1.2.orig/pptpgre.c pptpd-1.1.2/pptpgre.c
--- pptpd-1.1.2.orig/pptpgre.c Mon Oct 2 14:30:52 2000
+++ pptpd-1.1.2/pptpgre.c Mon Mar 25 05:34:00 2002
@@ -392,9 +392,12 @@
return 0;
}
- syslog (LOG_ERR,
- "Error writing GRE packet: %s", strerror (errno));
- return -1;
+ if (errno != EBADF) {
+ syslog (LOG_ERR, "Error writing GRE packet: %s", strerror (errno));
+ return -1;
+ } else
+ /* closed, normal */
+ return -2;
}
int
@@ -414,6 +417,9 @@
maybe_make_ack (gre);
switch (write_gre (gre)) {
+ case -2:
+ return -2;
+
case -1:
return -1;
@@ -458,8 +464,12 @@
return 0;
}
- syslog (LOG_ERR, "GRE: read error: %s", strerror (errno));
- return -1;
+ if (errno != EBADF) {
+ syslog (LOG_ERR, "GRE: read error: %s", strerror (errno));
+ return -1;
+ } else
+ /* closed, normal */
+ return -2;
}
else if (status == 0) {
@@ -806,6 +816,9 @@
read_packet = 0;
switch (read_gre (gre)) {
+ case -2:
+ return -2;
+
case -1:
return -1;
-------------- next part --------------
#!/bin/sh
#
# chkconfig: 345 88 10
# description: Start/Stop pptpd
#
# Source function library.
. /etc/rc.d/init.d/functions
PPTPD=/usr/sbin/pptpd
LOCKF=/var/lock/subsys/radiusd
CONFIG=/etc/pptpd.conf
[ -f $PPTPD ] || exit 0
[ -f $CONFIG ] || exit 0
RETVAL=0
case "$1" in
start)
echo -n "Starting pptpd: "
daemon $PPTPD
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $LOCKF
;;
stop)
echo -n "Stopping pptpd: "
killproc $PPTPD
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $LOCKF
;;
restart)
$0 stop
sleep 3
$0 start
RETVAL=$?
;;
condrestart)
if [ -f $LOCKF ]; then
$0 stop
sleep 3
$0 start
RETVAL=$?
fi
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart}"
exit 1
esac
exit $RETVAL
More information about the pptp-server
mailing list