BadVPN – Rev 1
?pathlinks?
include_guard "pppoe"
template pppoe {
alias("_arg0") dev;
alias("_arg1") username;
alias("_arg2") password;
alias("_arg3") pre_up_template;
# Choose which NCD interpreter will be used for the pppd event scripts.
var("/usr/local/badvpn/bin/badvpn-ncd") ncd_interpreter_path;
# Retry point here.
var("false") retrying;
backtrack_point() retry_point;
If (retrying) {
sleep("5000");
};
retrying->set("true");
# Create a temporary directory.
concat("/run/ncd-pppoe-", dev) run_dir;
run({"/bin/rm", "-rf", run_dir}, {});
run({"/bin/mkdir", run_dir}, {"/bin/rm", "-rf", run_dir});
# Build paths for pppd scripts and other files.
concat(run_dir, "/ncd-request.socket") socket_path;
concat(run_dir, "/pppoe.pid") pppoe_pid_path;
concat(run_dir, "/pap-secrets") pap_secrets_path;
concat(run_dir, "/chap-secrets") chap_secrets_path;
concat(run_dir, "/pppd2.tdb") pppdb_path;
concat(run_dir, "/resolv.conf") resolv_conf_path;
concat(run_dir, "/script-auth-up") path_auth_up;
concat(run_dir, "/script-auth-down") path_auth_down;
concat(run_dir, "/script-auth-fail") path_auth_fail;
concat(run_dir, "/script-ip-pre-up") path_ip_pre_up;
concat(run_dir, "/script-ip-up") path_ip_up;
concat(run_dir, "/script-ip-down") path_ip_down;
concat(run_dir, "/script-ipv6-up") path_ipv6_up;
concat(run_dir, "/script-ipv6-down") path_ipv6_down;
concat(run_dir, "/script-ipx-up") path_ipx_up;
concat(run_dir, "/script-ipx-down") path_ipx_down;
# Write secrets files.
call("pppoe__write_secrets", {pap_secrets_path, username, password});
call("pppoe__write_secrets", {chap_secrets_path, username, password});
# Write pppd scripts. These will contact us via the request socket.
call("pppoe__write_script", {"ip-pre-up", path_ip_pre_up});
call("pppoe__write_script", {"ip-up", path_ip_up});
call("pppoe__write_script", {"ip-down", path_ip_down});
# Build path arguments for pppd;
concat("pid-dir=", run_dir) arg_pid_dir;
concat("pap-secrets=", pap_secrets_path) arg_pap_secrets;
concat("chap-secrets=", chap_secrets_path) arg_chap_secrets;
concat("pppdb=", pppdb_path) arg_pppdb;
concat("resolv.conf=", resolv_conf_path) arg_resolv_conf;
concat("auth-up=", path_auth_up) arg_auth_up;
concat("auth-down=", path_auth_down) arg_auth_down;
concat("auth-fail=", path_auth_fail) arg_auth_fail;
concat("ip-pre-up=", path_ip_pre_up) arg_ip_pre_up;
concat("ip-up=", path_ip_up) arg_ip_up;
concat("ip-down=", path_ip_down) arg_ip_down;
concat("ipv6-up=", path_ipv6_up) arg_ipv6_up;
concat("ipv6-down=", path_ipv6_down) arg_ipv6_down;
concat("ipx-up=", path_ipx_up) arg_ipx_up;
concat("ipx-down=", path_ipx_down) arg_ipx_down;
# Create state variables and blockers. When the request server
# receives requests it will update those variables and blockers.
var("down") state;
var("") current_ifname;
var("") current_local_ip;
var("") current_remote_ip;
value({}) current_dns_servers;
blocker() ip_pre_up_blocker;
blocker() ip_pre_up_done_blocker;
blocker() ip_up_blocker;
# Start request server.
sys.request_server({"unix", socket_path}, "pppoe__request_handler", {});
# Start pppd.
sys.start_process({
"/usr/sbin/pppd", "nodetach", "plugin", "rp-pppoe.so", dev, "noipdefault", "hide-password",
"usepeerdns", "user", username,
"path", arg_pid_dir, "path", arg_pap_secrets, "path", arg_chap_secrets, "path", arg_pppdb,
"path", arg_resolv_conf,
"path", arg_auth_up, "path", arg_auth_down, "path", arg_auth_fail, "path", arg_ip_pre_up,
"path", arg_ip_up, "path", arg_ip_down, "path", arg_ipv6_up, "path", arg_ipv6_down,
"path", arg_ipx_up, "path", arg_ipx_down
}, "", ["deinit_kill_time":"2000"]) pppd;
# Start a process which will cause retrying when pppd dies.
spawn("pppoe__pppd_wait", {});
# Wait for ip-pre-up.
ip_pre_up_blocker->use();
# Grab the current state variables, so the user doesn't
# see any unexpected changes.
var(current_ifname) ifname;
var(current_local_ip) local_ip;
var(current_remote_ip) remote_ip;
var(current_dns_servers) dns_servers;
# Call pre-up callback template.
call_with_caller_target(pre_up_template, {ifname, local_ip, remote_ip, dns_servers}, "_caller");
# Allow pre-up script to terminate.
ip_pre_up_done_blocker->up();
# Wait for connection to go up.
ip_up_blocker->use();
}
template pppoe__pppd_wait {
# Wait for pppd to die.
_caller.pppd->wait();
# Retry.
_caller.retry_point->go();
}
template pppoe__write_secrets {
alias("_arg0") file_path;
alias("_arg1") username;
alias("_arg2") password;
# Escape username and password.
regex_replace(username, {"\""}, {"\\\""}) username_esc;
regex_replace(password, {"\""}, {"\\\""}) password_esc;
# Write empty file and chmod it.
file_write(file_path, "");
run({"/bin/chmod", "600", file_path}, {});
# Build contents.
concat("\"", username_esc, "\" * \"", password_esc, "\"\n") contents;
# Write file.
file_write(file_path, contents);
}
template pppoe__write_script {
alias("_arg0") event;
alias("_arg1") script_path;
# This string is an NCD script which will be run by pppd.
# When run, it will contact us via the request server,
# and the requests will be processed in pppoe__request_handler.
var("#!<NCD_INTERPRETER_PATH>
process main {
# Hardcoded strings.
var(\"<EVENT>\") hardcoded_event;
var(\"<SOCKET>\") hardcoded_socket;
# Start timeout to kill us after some time if we don't manage
# to contact the server.
spawn(\"timeout_process\", {});
# Build event data map.
getargs() args;
value([\"EVENT\":hardcoded_event, \"ARGS\":args]) msg_map;
var({\"DEVICE\", \"IFNAME\", \"IPLOCAL\", \"IPREMOTE\", \"PEERNAME\", \"LOCALNAME\",
\"SPEED\", \"ORIG_UID\", \"PPPLOGNAME\", \"CONNECT_TIME\", \"BYTES_SENT\",
\"BYTES_RCVD\", \"LINKNAME\", \"DNS1\", \"DNS2\", \"WINS1\", \"WINS2\"}) var_names;
Foreach (var_names As var_name) {
getenv(var_name) env;
If (env.exists) {
msg_map->insert(var_name, env);
};
};
# Connect to socket.
sys.request_client({\"unix\", hardcoded_socket}) client;
# Send request.
client->request(msg_map, \"reply_handler\", \"finished_handler\", {});
}
template reply_handler {
print();
}
template finished_handler {
# Request was received by server, exit now.
exit(\"0\");
}
template timeout_process {
# Sleep some time.
sleep(\"5000\");
# Timed out, exit now.
exit(\"1\");
}
" ) script_contents_template;
# Replace some constants in the script with the right values.
regex_replace(script_contents_template,
{"<NCD_INTERPRETER_PATH>", "<EVENT>", "<SOCKET>"},
{_caller.ncd_interpreter_path, event, _caller.socket_path}
) script_contents;
# Write the script.
file_write(script_path, script_contents);
# Make it executable.
run({"/bin/chmod", "+x", script_path}, {});
}
template pppoe__request_handler {
alias("_caller") pppoe;
# Get event type from request.
value(_request.data) request;
request->get("EVENT") event;
# Match to known types.
val_equal(event, "ip-down") is_ip_down;
val_equal(event, "ip-pre-up") is_ip_pre_up;
val_equal(event, "ip-up") is_ip_up;
If (is_ip_down) {
# Set state.
pppoe.state->set("down");
# Set blockers down.
pppoe.ip_up_blocker->down();
pppoe.ip_pre_up_done_blocker->down();
pppoe.ip_pre_up_blocker->down();
}
Elif (is_ip_pre_up) {
# Expecting to be in "down" state here.
val_different(pppoe.state, "down") state_is_wrong;
If (state_is_wrong) {
pppoe.retry_point->go();
_request->finish();
};
# Get variables from request.
request->get("IFNAME") ifname;
request->get("IPLOCAL") local_ip;
request->get("IPREMOTE") remote_ip;
request->try_get("DNS1") dns1;
request->try_get("DNS2") dns2;
# Write variables.
pppoe.current_ifname->set(ifname);
pppoe.current_local_ip->set(local_ip);
pppoe.current_remote_ip->set(remote_ip);
pppoe.current_dns_servers->reset({});
If (dns1.exists) {
pppoe.current_dns_servers->insert(pppoe.current_dns_servers.length, dns1);
};
If (dns2.exists) {
pppoe.current_dns_servers->insert(pppoe.current_dns_servers.length, dns2);
};
# Set state.
pppoe.state->set("pre-up");
# Set ip-pre-up blocker up.
pppoe.ip_pre_up_blocker->up();
# Wait for pre-up to be finished. This causes the script contacting
# us to not return until then, and effectively delays pppd in setting
# the device up and calling the ip-up script.
pppoe.ip_pre_up_done_blocker->use();
}
Elif(is_ip_up) {
# Expecting to be in "pre-up" state here.
val_different(pppoe.state, "pre-up") state_is_wrong;
If (state_is_wrong) {
pppoe.retry_point->go();
_request->finish();
};
# Set state.
pppoe.state->set("up");
# Set ip-up blocker up.
pppoe.ip_up_blocker->up();
};
# Finish request.
_request->finish();
}
template pppoe__escapeshellarg {
alias("_arg0") input;
regex_replace(input, {"'"}, {"\\'"}) replaced;
concat("'", replaced, "'") result;
}