/*
* Called when interface comes up
*/
int
ippreup_main(int argc, char **argv)
{
char *wan_ifname = safe_getenv("IFNAME");
char *wan_linkname = safe_getenv("LINKNAME");
char tmp[100], prefix[] = "wanXXXXXXXXXX_";
int unit;
_dprintf("%s():: %s\n", __FUNCTION__, argv[0]);
/* Get unit from LINKNAME: ppp[UNIT] */
if ((unit = ppp_linkunit(wan_linkname)) < 0)
return 0;
_dprintf("%s: unit=%d ifname=%s\n", __FUNCTION__, unit, wan_ifname);
snprintf(prefix, sizeof(prefix), "wan%d_", unit);
/* Set wanX_pppoe_ifname to real interface name */
nvram_set(strcat_r(prefix, "pppoe_ifname", tmp), wan_ifname);
/* Start triggering demand connection */
if (nvram_get_int(strcat_r(prefix, "pppoe_demand", tmp)))
nvram_set_int(strcat_r(prefix, "pppoe_demand", tmp), 2);
_dprintf("%s:: done\n", __FUNCTION__);
return 0;
}
/*
* Called when link goes down
*/
int
ipdown_main(int argc, char **argv)
{
char *wan_ifname = safe_getenv("IFNAME");
char *wan_linkname = safe_getenv("LINKNAME");
char tmp[100], prefix[] = "wanXXXXXXXXXX_";
int unit;
_dprintf("%s():: %s\n", __FUNCTION__, argv[0]);
/* Get unit from LINKNAME: ppp[UNIT] */
if ((unit = ppp_linkunit(wan_linkname)) < 0)
return 0;
_dprintf("%s: unit=%d ifname=%s\n", __FUNCTION__, unit, wan_ifname);
snprintf(prefix, sizeof(prefix), "wan%d_", unit);
#ifdef RTCONFIG_IPV6
wait_ppp_count = -2;
#endif
wan_down(wan_ifname);
// override wan_state to get real reason
update_wan_state(prefix, WAN_STATE_STOPPED, pppstatus());
unlink(strcat_r("/tmp/ppp/link.", wan_ifname, tmp));
preset_wan_routes(wan_ifname);
_dprintf("%s:: done\n", __FUNCTION__);
return 0;
}
/*
* Called when link closing with auth fail
*/
int
authfail_main(int argc, char **argv)
{
char *wan_ifname = safe_getenv("IFNAME");
char *wan_linkname = safe_getenv("LINKNAME");
char tmp[100], prefix[] = "wanXXXXXXXXXX_";
int unit;
_dprintf("%s():: %s\n", __FUNCTION__, argv[0]);
/* Get unit from LINKNAME: ppp[UNIT] */
if ((unit = ppp_linkunit(wan_linkname)) < 0)
return 0;
_dprintf("%s: unit=%d ifname=%s\n", __FUNCTION__, unit, wan_ifname);
snprintf(prefix, sizeof(prefix), "wan%d_", unit);
/* Stop triggering demand connection */
if (nvram_get_int(strcat_r(prefix, "pppoe_demand", tmp)))
nvram_set_int(strcat_r(prefix, "pppoe_demand", tmp), 1);
// override wan_state
update_wan_state(prefix, WAN_STATE_STOPPED, WAN_STOPPED_REASON_PPP_AUTH_FAIL);
_dprintf("%s:: done\n", __FUNCTION__);
return 0;
}
static void
on_server_client_disconnect(int is_tun)
{
FILE *fp1, *fp2;
char ifname[16], addr_l[64], addr_r[64], peer_name[64];
char *clients_l1 = VPN_SERVER_LEASE_FILE;
char *clients_l2 = "/tmp/.vpns.leases";
char *common_name = safe_getenv("common_name");
char *peer_addr_r = safe_getenv("trusted_ip");
char *peer_addr_l = safe_getenv("ifconfig_pool_remote_ip");
uint64_t llsent = strtoll(safe_getenv("bytes_sent"), NULL, 10);
uint64_t llrecv = strtoll(safe_getenv("bytes_received"), NULL, 10);
logmessage(SERVER_LOG_NAME, "peer %s (%s) disconnected, sent: %llu KB, received: %llu KB",
peer_addr_r, common_name, llsent / 1024, llrecv / 1024);
fp1 = fopen(clients_l1, "r");
fp2 = fopen(clients_l2, "w");
if (fp1) {
while(fscanf(fp1, "%s %s %s %[^\n]\n", ifname, addr_l, addr_r, peer_name) == 4) {
if (strcmp(peer_addr_r, addr_r) != 0 || strcmp(peer_addr_l, addr_l) != 0) {
if (fp2)
fprintf(fp2, "%s %s %s %s\n", ifname, addr_l, addr_r, peer_name);
}
}
fclose(fp1);
}
if (fp2) {
fclose(fp2);
rename(clients_l2, clients_l1);
unlink(clients_l2);
}
}
static void
on_server_client_connect(int is_tun)
{
FILE *fp;
char *common_name = safe_getenv("common_name");
char *peer_addr_r = safe_getenv("trusted_ip");
char *peer_addr_l = safe_getenv("ifconfig_pool_remote_ip");
char *dev_ifname = safe_getenv("dev");
const char *script_name = VPN_SERVER_UPDOWN_SCRIPT;
#if defined (USE_IPV6)
if (!is_valid_ipv4(peer_addr_r))
peer_addr_r = safe_getenv("trusted_ip6");
#endif
if (strlen(dev_ifname) == 0)
dev_ifname = (is_tun) ? IFNAME_SERVER_TUN : IFNAME_SERVER_TAP;
logmessage(SERVER_LOG_NAME, "peer %s (%s) connected - local IP: %s",
peer_addr_r, common_name, peer_addr_l);
fp = fopen(VPN_SERVER_LEASE_FILE, "a+");
if (fp) {
fprintf(fp, "%s %s %s %s\n", "-", peer_addr_l, peer_addr_r, common_name);
fclose(fp);
}
if (check_if_file_exist(script_name))
doSystem("%s %s %s %s %s %s", script_name, "up", dev_ifname, peer_addr_l, peer_addr_r, common_name);
}
static int bound_tv(void)
{
static char *ifname;
ifname = safe_getenv("interface");
static char *ip;
ip = safe_getenv("ip");
static char *net;
net = safe_getenv("subnet");
static char *cidr;
cidr = safe_getenv("cidrroute");
if (ip && net && ifname) {
static char bcast[32];
strcpy(bcast, ip);
get_broadcast(bcast, net);
nvram_set("tvnicaddr", ip);
eval("ifconfig", ifname, ip, "netmask", net, "broadcast", bcast,
"multicast");
}
if (cidr && ifname) {
char *callbuffer = malloc(strlen(cidr) + 128);
sprintf(callbuffer,
"export cidrroute=\"%s\";export interface=\"%s\";/etc/cidrroute.sh",
cidr, ifname);
system(callbuffer);
free(callbuffer);
}
return 0;
}
int ip6up_main(int argc, char **argv)
{
char *wan_ifname = safe_getenv("IFNAME");
char *llremote = safe_getenv("LLREMOTE");
if (!wan_ifname || strlen(wan_ifname) <= 0)
return 0;
nvram_set("ipv6_ll_remote", llremote);
switch (get_ipv6_service()) {
case IPV6_NATIVE:
case IPV6_NATIVE_DHCP:
wait_ppp_count = 10;
while ((!is_intf_up(wan_ifname) || !getifaddr(wan_ifname, AF_INET6, 0))
&& (wait_ppp_count-- > 0))
sleep(1);
break;
default:
wait_ppp_count = 0;
break;
}
if (wait_ppp_count != -2)
{
wan6_up(wan_ifname);
start_firewall(0, 0);
}
return 0;
}
static int get_peer_verify_level(const struct tls_info *info)
{
int peer_verify_level=SSL_VERIFY_PEER;
/* SSL_VERIFY_NONE */
/* SSL_VERIFY_PEER */
/* SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT */
const char *s=safe_getenv(info, "TLS_VERIFYPEER");
if (info->peer_verify_domain)
return SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
switch (*s) {
case 'n':
case 'N': /* NONE */
peer_verify_level=SSL_VERIFY_NONE;
break;
case 'p':
case 'P': /* PEER */
peer_verify_level=SSL_VERIFY_PEER;
break;
case 'r':
case 'R': /* REQUIREPEER */
peer_verify_level=
SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
break;
}
return (peer_verify_level);
}
static void init_debug(void)
{
char *dstr, *fn, *tmp;
int fd, flags;
if (debug_mask & DEBUG_INIT)
return;
dstr = getenv("COMERR_DEBUG");
if (dstr) {
debug_mask = strtoul(dstr, &tmp, 0);
if (*tmp || errno)
debug_mask = 0;
}
debug_mask |= DEBUG_INIT;
if (debug_mask == DEBUG_INIT)
return;
fn = safe_getenv("COMERR_DEBUG_FILE");
if (fn)
debug_f = fopen(fn, "a");
if (!debug_f)
debug_f = fopen("/dev/tty", "a");
if (debug_f) {
fd = fileno(debug_f);
if (fd >= 0) {
flags = fcntl(fd, F_GETFD);
if (flags >= 0)
fcntl(fd, F_SETFD, flags | FD_CLOEXEC);
}
} else
debug_mask = DEBUG_INIT;
}
void mail_conf_suck(void)
{
char *config_dir;
char *path;
/*
* Permit references to unknown configuration variable names. We rely on
* a separate configuration checking tool to spot misspelled names and
* other kinds of trouble. Enter the configuration directory into the
* default dictionary.
*/
if (var_config_dir)
myfree(var_config_dir);
if ((config_dir = getenv(CONF_ENV_PATH)) == 0)
config_dir = DEF_CONFIG_DIR;
var_config_dir = mystrdup(config_dir);
set_mail_conf_str(VAR_CONFIG_DIR, var_config_dir);
/*
* If the configuration directory name comes from a different trust
* domain, require that it is listed in the default main.cf file.
*/
if (strcmp(var_config_dir, DEF_CONFIG_DIR) != 0 /* non-default */
&& safe_getenv(CONF_ENV_PATH) == 0 /* non-default */
&& geteuid() != 0) /* untrusted */
mail_conf_checkdir(var_config_dir);
path = concatenate(var_config_dir, "/", "main.cf", (char *) 0);
if (dict_load_file_xt(CONFIG_DICT, path) == 0)
msg_fatal("open %s: %m", path);
myfree(path);
}
static void
on_server_client_connect(int is_tun)
{
FILE *fp;
char *common_name = safe_getenv("common_name");
char *peer_addr_r = safe_getenv("trusted_ip");
char *peer_addr_l = safe_getenv("ifconfig_pool_remote_ip");
logmessage(SERVER_LOG_NAME, "peer %s (%s) connected - local IP: %s",
peer_addr_r, common_name, peer_addr_l);
fp = fopen(VPN_SERVER_LEASE_FILE, "a+");
if (fp) {
fprintf(fp, "%s %s %s %s\n", "-", peer_addr_l, peer_addr_r, common_name);
fclose(fp);
}
}
/*
* Search for @name kernel command parametr.
*
* Returns newly allocated string with parameter argument if the @name is
* specified as "name=" or returns pointer to @name or returns NULL if not
* found.
*
* For example cmdline: "aaa bbb=BBB ccc"
*
* @name is "aaa" --returns--> "aaa" (pointer to @name)
* @name is "bbb=" --returns--> "BBB" (allocated)
* @name is "foo" --returns--> NULL
*/
char *mnt_get_kernel_cmdline_option(const char *name)
{
FILE *f;
size_t len;
int val = 0;
char *p, *res = NULL;
char buf[BUFSIZ]; /* see kernel include/asm-generic/setup.h: COMMAND_LINE_SIZE */
const char *path = _PATH_PROC_CMDLINE;
assert(name);
assert(*name);
#ifdef TEST_PROGRAM
path = safe_getenv("LIBMOUNT_KERNEL_CMDLINE");
if (!path)
path = _PATH_PROC_CMDLINE;
#endif
f = fopen(path, "r");
if (!f)
return NULL;
p = fgets(buf, sizeof(buf), f);
fclose(f);
if (!p || !*p || *p == '\n')
return NULL;
len = strlen(buf);
*(buf + len - 1) = '\0'; /* remove last '\n' */
len = strlen(name);
if (len && *(name + len - 1) == '=')
val = 1;
while (p && *p) {
if (p != buf)
p++;
if (!(p = strstr(p, name)))
break; /* not found the option */
if (p != buf && !isblank(*(p - 1)))
continue; /* no space before the option */
if (!val && *(p + len) != '\0' && !isblank(*(p + len)))
continue; /* no space behind the option */
if (val) {
char *v = p + len;
while (*p && !isblank(*p)) /* jump to the end of the argument */
p++;
*p = '\0';
res = strdup(v);
break;
} else
res = (char *) name; /* option without '=' */
break;
}
return res;
}
static int
bound(void) // udhcpc bound here, also call wanup
{
char *wan_ifname = safe_getenv("interface");
char *value;
char tmp[100], prefix[] = "wanXXXXXXXXXX_";
int unit;
if ((unit = wan_ifunit(wan_ifname)) < 0)
strcpy(prefix, "wanx_");
else
snprintf(prefix, sizeof(prefix), "wan%d_", unit);
if ((value = getenv("ip")))
nvram_set(strcat_r(prefix, "ipaddr", tmp), trim_r(value));
if ((value = getenv("subnet")))
nvram_set(strcat_r(prefix, "netmask", tmp), trim_r(value));
if ((value = getenv("router")))
nvram_set(strcat_r(prefix, "gateway", tmp), trim_r(value));
if ((value = getenv("dns")))
nvram_set(strcat_r(prefix, "dns", tmp), trim_r(value));
if ((value = getenv("wins")))
nvram_set(strcat_r(prefix, "wins", tmp), trim_r(value));
nvram_set(strcat_r(prefix, "routes", tmp), getenv("routes"));
nvram_set(strcat_r(prefix, "msroutes", tmp), getenv("msroutes"));
#if 0
if ((value = getenv("hostname")))
sethostname(trim_r(value), strlen(value) + 1);
#endif
if ((value = getenv("domain")))
nvram_set(strcat_r(prefix, "domain", tmp), trim_r(value));
if ((value = getenv("lease"))) {
nvram_set(strcat_r(prefix, "lease", tmp), trim_r(value));
expires(wan_ifname, atoi(value));
}
ifconfig(wan_ifname, IFUP,
nvram_safe_get(strcat_r(prefix, "ipaddr", tmp)),
nvram_safe_get(strcat_r(prefix, "netmask", tmp)));
spinlock_lock(SPINLOCK_DHCPRenew);
nvram_set("dhcp_renew", "0"); // for detectWAN
spinlock_unlock(SPINLOCK_DHCPRenew);
wan_up(wan_ifname);
logmessage("dhcp client", "%s IP: %s from %s (prefix: %s)",
udhcpstate,
nvram_safe_get(strcat_r(prefix, "ipaddr", tmp)),
nvram_safe_get(strcat_r(prefix, "gateway", tmp)), prefix);
wanmessage("");
dprintf("done\n");
return 0;
}
int ip6down_main(int argc, char **argv)
{
char *wan_ifname = safe_getenv("IFNAME");
wait_ppp_count = -2;
wan6_down(wan_ifname);
return 0;
}
void set_config_dir(void)
{
char *config_dir;
if (var_config_dir)
myfree(var_config_dir);
var_config_dir = mystrdup((config_dir = safe_getenv(CONF_ENV_PATH)) != 0 ?
config_dir : DEF_CONFIG_DIR); /* XXX */
set_mail_conf_str(VAR_CONFIG_DIR, var_config_dir);
}
int
ipdown_vpns_main(int argc, char **argv)
{
FILE *fp1, *fp2;
int i_clients;
char ifname[16], addr_l[64], addr_r[64], name_p[64];
char *peer_name;
char *clients_l1 = VPN_SERVER_LEASE_FILE;
char *clients_l2 = "/tmp/.vpns.leases";
char *script_name = VPN_SERVER_UPDOWN_SCRIPT;
char *svcs[] = { "bcrelay", NULL };
if (argc < 7)
return -1;
peer_name = safe_getenv("PEERNAME");
logmessage(VPNS_LOG_NAME, "peer %s (%s) disconnected", argv[6], peer_name);
umask(0000);
vpns_firewall_permission(argv[1], 0);
vpns_route_to_remote_lan(peer_name, argv[1], NULL, 0);
i_clients = 0;
fp1 = fopen(clients_l1, "r");
fp2 = fopen(clients_l2, "w");
if (fp1) {
while(fscanf(fp1, "%15s %63s %63s %63[^\n]\n", ifname, addr_l, addr_r, name_p) == 4) {
if (strcmp(ifname, argv[1])) {
i_clients++;
if (fp2)
fprintf(fp2, "%s %s %s %s\n", ifname, addr_l, addr_r, name_p);
}
}
fclose(fp1);
}
if (fp2) {
fclose(fp2);
rename(clients_l2, clients_l1);
unlink(clients_l2);
}
if (check_if_file_exist(script_name))
doSystem("%s %s %s %s %s %s", script_name, "down", argv[1], argv[5], argv[6], peer_name);
if (i_clients == 0 && pids(svcs[0]))
kill_services(svcs, 3, 1);
return 0;
}
static void
call_client_script(const char *script_name, const char *arg)
{
int i;
const char *env;
if (!check_if_file_exist(script_name))
return;
for (i = 0; i < ARRAY_SIZE(env_ovpn); i++) {
env = env_ovpn[i];
if (strlen(safe_getenv(env)) < 1 && env_ovpn_alt[i])
env = env_ovpn_alt[i];
setenv(env_pppd[i], safe_getenv(env), 1);
}
doSystem("%s %s", script_name, arg);
for (i = 0; i < ARRAY_SIZE(env_ovpn); i++)
unsetenv(env_pppd[i]);
}
/*
* renew: This argument is used when a DHCP lease is renewed. All of
* the paramaters are set in enviromental variables. This argument is
* used when the interface is already configured, so the IP address,
* will not change, however, the other DHCP paramaters, such as the
* default gateway, subnet mask, and dns server may change.
*/
static int
renew(void)
{
char *wan_ifname = safe_getenv("interface");
char *value;
char tmp[100], prefix[] = "wanXXXXXXXXXX_";
int unit;
if ((unit = wan_ifunit(wan_ifname)) < 0)
strcpy(prefix, "wanx_");
else
snprintf(prefix, sizeof(prefix), "wan%d_", unit);
if (!(value = getenv("subnet")) || !nvram_match(strcat_r(prefix, "netmask", tmp), trim_r(value)))
return bound();
if (!(value = getenv("router")) || !nvram_match(strcat_r(prefix, "gateway", tmp), trim_r(value)))
return bound();
if ((value = getenv("dns")) && !nvram_match(strcat_r(prefix, "dns", tmp), trim_r(value))) {
nvram_set(strcat_r(prefix, "dns", tmp), trim_r(value));
#if 0
update_resolvconf();
#else
add_dns(wan_ifname);
#endif
}
if ((value = getenv("wins")))
nvram_set(strcat_r(prefix, "wins", tmp), trim_r(value));
#if 0
if ((value = getenv("hostname")))
sethostname(trim_r(value), strlen(value) + 1);
#endif
if ((value = getenv("domain")))
nvram_set(strcat_r(prefix, "domain", tmp), trim_r(value));
if ((value = getenv("lease"))) {
nvram_set(strcat_r(prefix, "lease", tmp), trim_r(value));
expires(wan_ifname, atoi(value));
}
logmessage("dhcp client", "%s IP: %s from %s (prefix: %s)",
udhcpstate,
nvram_safe_get(strcat_r(prefix, "ipaddr", tmp)),
nvram_safe_get(strcat_r(prefix, "gateway", tmp)), prefix);
if (unit == 0)
update_wan_status(1);
wanmessage("");
dprintf("done\n");
return 0;
}
/*
* Don't export this to libmount API -- utab is private library stuff.
*
* Returns: path to /run/mount/utab (or /dev/.mount/utab) or $LIBMOUNT_UTAB.
*/
const char *mnt_get_utab_path(void)
{
struct stat st;
const char *p = safe_getenv("LIBMOUNT_UTAB");
if (p)
return p;
if (stat(MNT_RUNTIME_TOPDIR, &st) == 0)
return MNT_PATH_UTAB;
return MNT_PATH_UTAB_OLD;
}
static const char *
DftEnv(const char *name, const char *dft)
{
const char *result;
#if OPT_EVAL && OPT_SHELL
name = safe_getenv(name);
result = isEmpty(name) ? dft : name;
#else
result = dft;
#endif
return result;
}
/*
* deconfig: This argument is used when udhcpc starts, and when a
* leases is lost. The script should put the interface in an up, but
* deconfigured state.
*/
static int
deconfig_lan(void)
{
char *lan_ifname = safe_getenv("interface");
ifconfig(lan_ifname, IFUP, "0.0.0.0", NULL);
expires_lan(lan_ifname, 0);
lan_down(lan_ifname);
dprintf("done\n");
return 0;
}
static void
on_client_ifup(void)
{
int i, i_dns = 0;
char buf[256];
char *script_name = VPN_CLIENT_UPDOWN_SCRIPT;
nvram_set_int_temp("vpnc_state_t", 1);
buf[0] = 0;
if (nvram_get_int("vpnc_pdns") > 0) {
int buf_len;
char *value;
char foption[32], fdns[128];
for (i = 0; i < 20 && i_dns < 3; i++) {
sprintf(foption, "foreign_option_%d", i);
value = getenv(foption);
if (value) {
fdns[0] = 0;
if (sscanf(value, "dhcp-option DNS %s", fdns) == 1) {
buf_len = strlen(buf);
snprintf(buf + buf_len, sizeof(buf) - buf_len, "%s%s", (buf_len) ? " " : "", fdns);
i_dns++;
if (i_dns == 1)
setenv("DNS1", fdns, 1);
else if (i_dns == 2)
setenv("DNS2", fdns, 1);
}
}
}
}
nvram_set_temp("vpnc_dns_t", buf);
if (strlen(buf) > 0)
update_resolvconf(0, 0);
if (check_if_file_exist(script_name)) {
for (i = 0; i < ARRAY_SIZE(env_ovpn); i++)
setenv(env_pppd[i], safe_getenv(env_ovpn[i]), 1);
doSystem("%s %s", script_name, "up");
for (i = 0; i < ARRAY_SIZE(env_ovpn); i++)
unsetenv(env_pppd[i]);
}
if (i_dns > 1)
unsetenv("DNS2");
if (i_dns > 0)
unsetenv("DNS1");
}
static int bound(char *ifname)
{
_dprintf("%s: begin\n", __FUNCTION__);
unlink(renewing);
env2nv("ip", "wan_ipaddr");
env2nv("subnet", "wan_netmask");
env2nv_gateway("wan_gateway");
env2nv("dns", "wan_get_dns");
env2nv("domain", "wan_get_domain");
env2nv("lease", "wan_lease");
expires(atoi(safe_getenv("lease")));
_dprintf("wan_ipaddr=%s\n", nvram_safe_get("wan_ipaddr"));
_dprintf("wan_netmask=%s\n", nvram_safe_get("wan_netmask"));
_dprintf("wan_gateway=%s\n", nvram_safe_get("wan_gateway"));
_dprintf("wan_get_domain=%s\n", nvram_safe_get("wan_get_domain"));
_dprintf("wan_get_dns=%s\n", nvram_safe_get("wan_get_dns"));
_dprintf("wan_lease=%s\n", nvram_safe_get("wan_lease"));
ifconfig(ifname, IFUP, nvram_safe_get("wan_ipaddr"), nvram_safe_get("wan_netmask"));
if (get_wan_proto() == WP_L2TP) {
int i = 0;
/* Delete all default routes */
while ((route_del(ifname, 0, NULL, NULL, NULL) == 0) || (i++ < 10));
/* Set default route to gateway if specified */
route_add(ifname, 0, "0.0.0.0", nvram_safe_get("wan_gateway"), "0.0.0.0");
/* Backup the default gateway. It should be used if L2TP connection is broken */
nvram_set("wan_gateway_buf", nvram_get("wan_gateway"));
/* clear dns from the resolv.conf */
nvram_set("wan_get_dns","");
dns_to_resolv();
start_firewall();
start_l2tp();
}
else {
start_wan_done(ifname);
}
_dprintf("%s: end\n", __FUNCTION__);
return 0;
}
int
ipup_vpns_main(int argc, char **argv)
{
FILE *fp;
int i_cast, i_vuse;
char *peer_name;
char *script_name = VPN_SERVER_UPDOWN_SCRIPT;
if (argc < 7)
return -1;
peer_name = safe_getenv("PEERNAME");
logmessage(VPNS_LOG_NAME, "peer %s (%s) connected - ifname: %s, local IP: %s",
argv[6], peer_name, argv[1], argv[5]);
umask(0000);
/* add firewall permission for this client */
vpns_firewall_permission(argv[1], 1);
i_vuse = nvram_get_int("vpns_vuse");
if (i_vuse) {
/* disable multicast flag */
doSystem("ifconfig %s %s", argv[1], "-multicast");
}
/* add route to client's LAN */
vpns_route_to_remote_lan(peer_name, argv[1], NULL, 1);
fp = fopen(VPN_SERVER_LEASE_FILE, "a+");
if (fp) {
fprintf(fp, "%s %s %s %s\n", argv[1], argv[5], argv[6], peer_name);
fclose(fp);
}
if (i_vuse == 0 && !pids("bcrelay")) {
i_cast = nvram_get_int("vpns_cast");
if (i_cast == 1 || i_cast == 3)
eval("/usr/sbin/bcrelay", "-d", "-i", IFNAME_BR, "-o", "ppp[1-5][0-9]", "-n");
if (i_cast == 2 || i_cast == 3)
eval("/usr/sbin/bcrelay", "-d", "-i", "ppp[1-5][0-9]", "-o", IFNAME_BR, "-n");
}
if (check_if_file_exist(script_name))
doSystem("%s %s %s %s %s %s", script_name, "up", argv[1], argv[5], argv[6], peer_name);
return 0;
}
static const char *dict_env_lookup(DICT *dict, const char *name)
{
dict->error = 0;
/*
* Optionally fold the key.
*/
if (dict->flags & DICT_FLAG_FOLD_FIX) {
if (dict->fold_buf == 0)
dict->fold_buf = vstring_alloc(10);
vstring_strcpy(dict->fold_buf, name);
name = lowercase(vstring_str(dict->fold_buf));
}
return (safe_getenv(name));
}
static int ppp_prefix(char **wan_ifname, char *prefix)
{
char tmp[100];
int unit;
*wan_ifname = safe_getenv("IFNAME");
if ((unit = ppp_ifunit(*wan_ifname)) < 0)
return -1;
sprintf(prefix, "wan%d_", unit);
if (!nvram_get(strcat_r(prefix, "ifname", tmp)))
return -2;
return unit;
}
const char *fullname(void)
{
static VSTRING *result;
char *cp;
int ch;
uid_t uid;
struct passwd *pwd;
if (result == 0)
result = vstring_alloc(10);
/*
* Try the environment.
*/
if ((cp = safe_getenv("NAME")) != 0)
return (vstring_str(vstring_strcpy(result, cp)));
/*
* Try the password file database.
*/
uid = getuid();
if ((pwd = getpwuid(uid)) == 0)
return (0);
/*
* Replace all `&' characters by the login name of this user, first
* letter capitalized. Although the full name comes from the protected
* password file, the actual data is specified by the user so we should
* not trust its sanity.
*/
VSTRING_RESET(result);
for (cp = pwd->pw_gecos; (ch = *(unsigned char *) cp) != 0; cp++) {
if (ch == ',' || ch == ';' || ch == '%')
break;
if (ch == '&') {
if (pwd->pw_name[0]) {
VSTRING_ADDCH(result, TOUPPER(pwd->pw_name[0]));
vstring_strcat(result, pwd->pw_name + 1);
}
} else {
VSTRING_ADDCH(result, ch);
}
}
VSTRING_TERMINATE(result);
return (vstring_str(result));
}
static void
on_server_client_disconnect(int is_tun)
{
FILE *fp1, *fp2;
char ifname[16], addr_l[64], addr_r[64], peer_name[64];
char *clients_l1 = VPN_SERVER_LEASE_FILE;
char *clients_l2 = "/tmp/.vpns.leases";
char *common_name = safe_getenv("common_name");
char *peer_addr_r = safe_getenv("trusted_ip");
char *peer_addr_l = safe_getenv("ifconfig_pool_remote_ip");
char *dev_ifname = safe_getenv("dev");
const char *script_name = VPN_SERVER_UPDOWN_SCRIPT;
uint64_t llsent = strtoll(safe_getenv("bytes_sent"), NULL, 10);
uint64_t llrecv = strtoll(safe_getenv("bytes_received"), NULL, 10);
#if defined (USE_IPV6)
if (!is_valid_ipv4(peer_addr_r))
peer_addr_r = safe_getenv("trusted_ip6");
#endif
if (strlen(dev_ifname) == 0)
dev_ifname = (is_tun) ? IFNAME_SERVER_TUN : IFNAME_SERVER_TAP;
logmessage(SERVER_LOG_NAME, "peer %s (%s) disconnected, sent: %llu KB, received: %llu KB",
peer_addr_r, common_name, llsent / 1024, llrecv / 1024);
fp1 = fopen(clients_l1, "r");
fp2 = fopen(clients_l2, "w");
if (fp1) {
while(fscanf(fp1, "%15s %63s %63s %63[^\n]\n", ifname, addr_l, addr_r, peer_name) == 4) {
if (strcmp(peer_addr_r, addr_r) != 0 || strcmp(peer_addr_l, addr_l) != 0) {
if (fp2)
fprintf(fp2, "%s %s %s %s\n", ifname, addr_l, addr_r, peer_name);
}
}
fclose(fp1);
}
if (fp2) {
fclose(fp2);
rename(clients_l2, clients_l1);
unlink(clients_l2);
}
if (check_if_file_exist(script_name))
doSystem("%s %s %s %s %s %s", script_name, "down", dev_ifname, peer_addr_l, peer_addr_r, common_name);
}
/*
* Called when link comes up
*/
int
ipup_main(int argc, char **argv)
{
FILE *fp;
char *wan_ifname = safe_getenv("IFNAME");
char *value;
char buf[256];
int unit;
char tmp[100], prefix[] = "wanXXXXXXXXXX_";
dprintf("%s\n", argv[0]);
if ((unit = ppp_ifunit(wan_ifname)) < 0)
return -1;
snprintf(prefix, sizeof(prefix), "wan%d_", unit);
/* Touch connection file */
if (!(fp = fopen(strcat_r("/tmp/ppp/link.", wan_ifname, tmp), "a"))) {
perror(tmp);
return errno;
}
fclose(fp);
if ((value = getenv("IPLOCAL"))) {
ifconfig(wan_ifname, IFUP,
value, "255.255.255.255");
nvram_set(strcat_r(prefix, "ipaddr", tmp), value);
nvram_set(strcat_r(prefix, "netmask", tmp), "255.255.255.255");
}
if ((value = getenv("IPREMOTE")))
nvram_set(strcat_r(prefix, "gateway", tmp), value);
strcpy(buf, "");
if (getenv("DNS1"))
sprintf(buf, "%s", getenv("DNS1"));
if (getenv("DNS2"))
sprintf(buf + strlen(buf), "%s%s", strlen(buf) ? " " : "", getenv("DNS2"));
nvram_set(strcat_r(prefix, "dns", tmp), buf);
wan_up(wan_ifname);
dprintf("done\n");
return 0;
}
int
ovpn_client_script_main(int argc, char **argv)
{
char *script_type = safe_getenv("script_type");
umask(0000);
if (strcmp(script_type, "up") == 0)
{
on_client_ifup();
}
else if (strcmp(script_type, "down") == 0)
{
on_client_ifdown();
}
return 0;
}