00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066
00067 #include "lwip/opt.h"
00068
00069 #if PPP_SUPPORT
00070
00071 #include "ppp_impl.h"
00072 #include "pppdebug.h"
00073
00074 #include "fsm.h"
00075 #include "lcp.h"
00076 #include "pap.h"
00077 #include "chap.h"
00078 #include "auth.h"
00079 #include "ipcp.h"
00080
00081 #if CBCP_SUPPORT
00082 #include "cbcp.h"
00083 #endif
00084
00085 #include "lwip/inet.h"
00086
00087 #include <string.h>
00088
00089 #if 0
00090
00091 #define NONWILD_SERVER 1
00092 #define NONWILD_CLIENT 2
00093
00094 #define ISWILD(word) (word[0] == '*' && word[1] == 0)
00095 #endif
00096
00097 #if PAP_SUPPORT || CHAP_SUPPORT
00098
00099 static char peer_authname[MAXNAMELEN];
00100 #endif
00101
00102
00103 static int auth_pending[NUM_PPP];
00104
00105
00106 static int logged_in;
00107
00108
00109 static int did_authup;
00110
00111
00112 static struct wordlist *addresses[NUM_PPP];
00113
00114 #if 0
00115
00116
00117 static struct wordlist *noauth_addrs;
00118
00119
00120 static struct wordlist *extra_options;
00121 #endif
00122
00123
00124 static int num_np_open;
00125
00126
00127 static int num_np_up;
00128
00129 #if PAP_SUPPORT || CHAP_SUPPORT
00130
00131 static int passwd_from_file;
00132 #endif
00133
00134 #if 0
00135
00136 static bool default_auth;
00137
00138
00139 int (*idle_time_hook) __P((struct ppp_idle *)) = NULL;
00140
00141
00142 int (*pap_check_hook) __P((void)) = NULL;
00143
00144
00145 int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp,
00146 struct wordlist **paddrs,
00147 struct wordlist **popts)) = NULL;
00148
00149
00150 void (*pap_logout_hook) __P((void)) = NULL;
00151
00152
00153 int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL;
00154
00155
00156
00157
00158
00159 enum script_state {
00160 s_down,
00161 s_up
00162 };
00163
00164 static enum script_state auth_state = s_down;
00165 static enum script_state auth_script_state = s_down;
00166 static pid_t auth_script_pid = 0;
00167
00168
00169
00170
00171
00172 bool uselogin = 0;
00173 bool cryptpap = 0;
00174 bool refuse_pap = 0;
00175 bool refuse_chap = 0;
00176 bool usehostname = 0;
00177 bool auth_required = 0;
00178 bool allow_any_ip = 0;
00179 bool explicit_remote = 0;
00180 char remote_name[MAXNAMELEN];
00181
00182 #endif
00183
00184
00185 #define PAP_WITHPEER 1
00186 #define PAP_PEER 2
00187 #define CHAP_WITHPEER 4
00188 #define CHAP_PEER 8
00189
00190
00191
00192 struct wordlist {
00193 struct wordlist *next;
00194 char word[1];
00195 };
00196
00197
00198 extern char *crypt (const char *, const char *);
00199
00200
00201
00202 static void network_phase (int);
00203 static void check_idle (void *);
00204 static void connect_time_expired (void *);
00205 #if 0
00206 static int plogin (char *, char *, char **, int *);
00207 #endif
00208 static void plogout (void);
00209 static int null_login (int);
00210 static int get_pap_passwd (int, char *, char *);
00211 static int have_pap_secret (void);
00212 static int have_chap_secret (char *, char *, u32_t);
00213 static int ip_addr_check (u32_t, struct wordlist *);
00214
00215 #if 0
00216 static int scan_authfile (FILE *, char *, char *, char *,
00217 struct wordlist **, struct wordlist **,
00218 char *);
00219 static void free_wordlist (struct wordlist *);
00220 static void auth_script (char *);
00221 static void auth_script_done (void *);
00222 static void set_allowed_addrs (int unit, struct wordlist *addrs);
00223 static int some_ip_ok (struct wordlist *);
00224 static int setupapfile (char **);
00225 static int privgroup (char **);
00226 static int set_noauth_addr (char **);
00227 static void check_access (FILE *, char *);
00228 #endif
00229
00230 #if 0
00231
00232
00233
00234 option_t auth_options[] = {
00235 { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap,
00236 "Require PAP authentication from peer", 1, &auth_required },
00237 { "+pap", o_bool, &lcp_wantoptions[0].neg_upap,
00238 "Require PAP authentication from peer", 1, &auth_required },
00239 { "refuse-pap", o_bool, &refuse_pap,
00240 "Don't agree to auth to peer with PAP", 1 },
00241 { "-pap", o_bool, &refuse_pap,
00242 "Don't allow PAP authentication with peer", 1 },
00243 { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
00244 "Require CHAP authentication from peer", 1, &auth_required },
00245 { "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
00246 "Require CHAP authentication from peer", 1, &auth_required },
00247 { "refuse-chap", o_bool, &refuse_chap,
00248 "Don't agree to auth to peer with CHAP", 1 },
00249 { "-chap", o_bool, &refuse_chap,
00250 "Don't allow CHAP authentication with peer", 1 },
00251 { "name", o_string, our_name,
00252 "Set local name for authentication",
00253 OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN },
00254 { "user", o_string, user,
00255 "Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN },
00256 { "usehostname", o_bool, &usehostname,
00257 "Must use hostname for authentication", 1 },
00258 { "remotename", o_string, remote_name,
00259 "Set remote name for authentication", OPT_STATIC,
00260 &explicit_remote, MAXNAMELEN },
00261 { "auth", o_bool, &auth_required,
00262 "Require authentication from peer", 1 },
00263 { "noauth", o_bool, &auth_required,
00264 "Don't require peer to authenticate", OPT_PRIV, &allow_any_ip },
00265 { "login", o_bool, &uselogin,
00266 "Use system password database for PAP", 1 },
00267 { "papcrypt", o_bool, &cryptpap,
00268 "PAP passwords are encrypted", 1 },
00269 { "+ua", o_special, (void *)setupapfile,
00270 "Get PAP user and password from file" },
00271 { "password", o_string, passwd,
00272 "Password for authenticating us to the peer", OPT_STATIC,
00273 NULL, MAXSECRETLEN },
00274 { "privgroup", o_special, (void *)privgroup,
00275 "Allow group members to use privileged options", OPT_PRIV },
00276 { "allow-ip", o_special, (void *)set_noauth_addr,
00277 "Set IP address(es) which can be used without authentication",
00278 OPT_PRIV },
00279 { NULL }
00280 };
00281 #endif
00282 #if 0
00283
00284
00285
00286 static int
00287 setupapfile(char **argv)
00288 {
00289 FILE * ufile;
00290 int l;
00291
00292 lcp_allowoptions[0].neg_upap = 1;
00293
00294
00295 seteuid(getuid());
00296 ufile = fopen(*argv, "r");
00297 seteuid(0);
00298 if (ufile == NULL) {
00299 option_error("unable to open user login data file %s", *argv);
00300 return 0;
00301 }
00302 check_access(ufile, *argv);
00303
00304
00305 if (fgets(user, MAXNAMELEN - 1, ufile) == NULL
00306 || fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){
00307 option_error("unable to read user login data file %s", *argv);
00308 return 0;
00309 }
00310 fclose(ufile);
00311
00312
00313 l = strlen(user);
00314 if (l > 0 && user[l-1] == '\n')
00315 user[l-1] = 0;
00316 l = strlen(passwd);
00317 if (l > 0 && passwd[l-1] == '\n')
00318 passwd[l-1] = 0;
00319
00320 return (1);
00321 }
00322 #endif
00323
00324 #if 0
00325
00326
00327
00328 static int
00329 privgroup(char **argv)
00330 {
00331 struct group *g;
00332 int i;
00333
00334 g = getgrnam(*argv);
00335 if (g == 0) {
00336 option_error("group %s is unknown", *argv);
00337 return 0;
00338 }
00339 for (i = 0; i < ngroups; ++i) {
00340 if (groups[i] == g->gr_gid) {
00341 privileged = 1;
00342 break;
00343 }
00344 }
00345 return 1;
00346 }
00347 #endif
00348
00349 #if 0
00350
00351
00352
00353
00354 static int
00355 set_noauth_addr(char **argv)
00356 {
00357 char *addr = *argv;
00358 int l = strlen(addr);
00359 struct wordlist *wp;
00360
00361 wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l + 1);
00362 if (wp == NULL)
00363 novm("allow-ip argument");
00364 wp->word = (char *) (wp + 1);
00365 wp->next = noauth_addrs;
00366 BCOPY(addr, wp->word, l);
00367 noauth_addrs = wp;
00368 return 1;
00369 }
00370 #endif
00371
00372
00373
00374
00375
00376 void
00377 link_required(int unit)
00378 {
00379 LWIP_UNUSED_ARG(unit);
00380
00381 AUTHDEBUG(LOG_INFO, ("link_required: %d\n", unit));
00382 }
00383
00384
00385
00386
00387
00388 void
00389 link_terminated(int unit)
00390 {
00391 AUTHDEBUG(LOG_INFO, ("link_terminated: %d\n", unit));
00392 if (lcp_phase[unit] == PHASE_DEAD) {
00393 return;
00394 }
00395 if (logged_in) {
00396 plogout();
00397 }
00398 lcp_phase[unit] = PHASE_DEAD;
00399 AUTHDEBUG(LOG_NOTICE, ("Connection terminated.\n"));
00400 pppLinkTerminated(unit);
00401 }
00402
00403
00404
00405
00406 void
00407 link_down(int unit)
00408 {
00409 int i;
00410 struct protent *protp;
00411
00412 AUTHDEBUG(LOG_INFO, ("link_down: %d\n", unit));
00413
00414 if (did_authup) {
00415
00416 did_authup = 0;
00417 }
00418 for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
00419 if (!protp->enabled_flag) {
00420 continue;
00421 }
00422 if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) {
00423 (*protp->lowerdown)(unit);
00424 }
00425 if (protp->protocol < 0xC000 && protp->close != NULL) {
00426 (*protp->close)(unit, "LCP down");
00427 }
00428 }
00429 num_np_open = 0;
00430 num_np_up = 0;
00431
00432 if (lcp_phase[unit] != PHASE_DEAD) {
00433 lcp_phase[unit] = PHASE_TERMINATE;
00434 }
00435 pppLinkDown(unit);
00436 }
00437
00438
00439
00440
00441
00442 void
00443 link_established(int unit)
00444 {
00445 int auth;
00446 int i;
00447 struct protent *protp;
00448 lcp_options *wo = &lcp_wantoptions[unit];
00449 lcp_options *go = &lcp_gotoptions[unit];
00450 #if PAP_SUPPORT || CHAP_SUPPORT
00451 lcp_options *ho = &lcp_hisoptions[unit];
00452 #endif
00453
00454 AUTHDEBUG(LOG_INFO, ("link_established: unit %d; Lowering up all protocols...\n", unit));
00455
00456
00457
00458 for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
00459 if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL) {
00460 (*protp->lowerup)(unit);
00461 }
00462 }
00463 if (ppp_settings.auth_required && !(go->neg_chap || go->neg_upap)) {
00464
00465
00466
00467
00468
00469 if (!wo->neg_upap || !null_login(unit)) {
00470 AUTHDEBUG(LOG_WARNING, ("peer refused to authenticate\n"));
00471 lcp_close(unit, "peer refused to authenticate");
00472 return;
00473 }
00474 }
00475
00476 lcp_phase[unit] = PHASE_AUTHENTICATE;
00477 auth = 0;
00478 #if CHAP_SUPPORT
00479 if (go->neg_chap) {
00480 ChapAuthPeer(unit, ppp_settings.our_name, go->chap_mdtype);
00481 auth |= CHAP_PEER;
00482 }
00483 #endif
00484 #if PAP_SUPPORT && CHAP_SUPPORT
00485 else
00486 #endif
00487 #if PAP_SUPPORT
00488 if (go->neg_upap) {
00489 upap_authpeer(unit);
00490 auth |= PAP_PEER;
00491 }
00492 #endif
00493 #if CHAP_SUPPORT
00494 if (ho->neg_chap) {
00495 ChapAuthWithPeer(unit, ppp_settings.user, ho->chap_mdtype);
00496 auth |= CHAP_WITHPEER;
00497 }
00498 #endif
00499 #if PAP_SUPPORT && CHAP_SUPPORT
00500 else
00501 #endif
00502 #if PAP_SUPPORT
00503 if (ho->neg_upap) {
00504 if (ppp_settings.passwd[0] == 0) {
00505 passwd_from_file = 1;
00506 if (!get_pap_passwd(unit, ppp_settings.user, ppp_settings.passwd)) {
00507 AUTHDEBUG(LOG_ERR, ("No secret found for PAP login\n"));
00508 }
00509 }
00510 upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd);
00511 auth |= PAP_WITHPEER;
00512 }
00513 #endif
00514 auth_pending[unit] = auth;
00515
00516 if (!auth) {
00517 network_phase(unit);
00518 }
00519 }
00520
00521
00522
00523
00524 static void
00525 network_phase(int unit)
00526 {
00527 int i;
00528 struct protent *protp;
00529 lcp_options *go = &lcp_gotoptions[unit];
00530
00531
00532
00533
00534 if ((go->neg_chap || go->neg_upap) && !did_authup) {
00535
00536 did_authup = 1;
00537 }
00538
00539 #if CBCP_SUPPORT
00540
00541
00542
00543 if (go->neg_cbcp) {
00544 lcp_phase[unit] = PHASE_CALLBACK;
00545 (*cbcp_protent.open)(unit);
00546 return;
00547 }
00548 #endif
00549
00550 lcp_phase[unit] = PHASE_NETWORK;
00551 for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
00552 if (protp->protocol < 0xC000 && protp->enabled_flag && protp->open != NULL) {
00553 (*protp->open)(unit);
00554 if (protp->protocol != PPP_CCP) {
00555 ++num_np_open;
00556 }
00557 }
00558 }
00559
00560 if (num_np_open == 0) {
00561
00562 lcp_close(0, "No network protocols running");
00563 }
00564 }
00565
00566
00567
00568
00569
00570 void
00571 auth_peer_fail(int unit, u16_t protocol)
00572 {
00573 LWIP_UNUSED_ARG(protocol);
00574
00575 AUTHDEBUG(LOG_INFO, ("auth_peer_fail: %d proto=%X\n", unit, protocol));
00576
00577
00578
00579 lcp_close(unit, "Authentication failed");
00580 }
00581
00582
00583 #if PAP_SUPPORT || CHAP_SUPPORT
00584
00585
00586
00587 void
00588 auth_peer_success(int unit, u16_t protocol, char *name, int namelen)
00589 {
00590 int pbit;
00591
00592 AUTHDEBUG(LOG_INFO, ("auth_peer_success: %d proto=%X\n", unit, protocol));
00593 switch (protocol) {
00594 case PPP_CHAP:
00595 pbit = CHAP_PEER;
00596 break;
00597 case PPP_PAP:
00598 pbit = PAP_PEER;
00599 break;
00600 default:
00601 AUTHDEBUG(LOG_WARNING, ("auth_peer_success: unknown protocol %x\n", protocol));
00602 return;
00603 }
00604
00605
00606
00607
00608 if (namelen > (int)sizeof(peer_authname) - 1) {
00609 namelen = sizeof(peer_authname) - 1;
00610 }
00611 BCOPY(name, peer_authname, namelen);
00612 peer_authname[namelen] = 0;
00613
00614
00615
00616
00617
00618 if ((auth_pending[unit] &= ~pbit) == 0) {
00619 network_phase(unit);
00620 }
00621 }
00622
00623
00624
00625
00626 void
00627 auth_withpeer_fail(int unit, u16_t protocol)
00628 {
00629 int errCode = PPPERR_AUTHFAIL;
00630
00631 LWIP_UNUSED_ARG(protocol);
00632
00633 AUTHDEBUG(LOG_INFO, ("auth_withpeer_fail: %d proto=%X\n", unit, protocol));
00634 if (passwd_from_file) {
00635 BZERO(ppp_settings.passwd, MAXSECRETLEN);
00636 }
00637
00638
00639
00640
00641
00642
00643 pppIOCtl(unit, PPPCTLS_ERRCODE, &errCode);
00644 lcp_close(unit, "Failed to authenticate ourselves to peer");
00645 }
00646
00647
00648
00649
00650 void
00651 auth_withpeer_success(int unit, u16_t protocol)
00652 {
00653 int pbit;
00654
00655 AUTHDEBUG(LOG_INFO, ("auth_withpeer_success: %d proto=%X\n", unit, protocol));
00656 switch (protocol) {
00657 case PPP_CHAP:
00658 pbit = CHAP_WITHPEER;
00659 break;
00660 case PPP_PAP:
00661 if (passwd_from_file) {
00662 BZERO(ppp_settings.passwd, MAXSECRETLEN);
00663 }
00664 pbit = PAP_WITHPEER;
00665 break;
00666 default:
00667 AUTHDEBUG(LOG_WARNING, ("auth_peer_success: unknown protocol %x\n", protocol));
00668 pbit = 0;
00669 }
00670
00671
00672
00673
00674
00675 if ((auth_pending[unit] &= ~pbit) == 0) {
00676 network_phase(unit);
00677 }
00678 }
00679 #endif
00680
00681
00682
00683
00684
00685 void
00686 np_up(int unit, u16_t proto)
00687 {
00688 LWIP_UNUSED_ARG(unit);
00689 LWIP_UNUSED_ARG(proto);
00690
00691 AUTHDEBUG(LOG_INFO, ("np_up: %d proto=%X\n", unit, proto));
00692 if (num_np_up == 0) {
00693 AUTHDEBUG(LOG_INFO, ("np_up: maxconnect=%d idle_time_limit=%d\n",ppp_settings.maxconnect,ppp_settings.idle_time_limit));
00694
00695
00696
00697 if (ppp_settings.idle_time_limit > 0) {
00698 TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit);
00699 }
00700
00701
00702
00703
00704
00705 if (ppp_settings.maxconnect > 0) {
00706 TIMEOUT(connect_time_expired, 0, ppp_settings.maxconnect);
00707 }
00708 }
00709 ++num_np_up;
00710 }
00711
00712
00713
00714
00715 void
00716 np_down(int unit, u16_t proto)
00717 {
00718 LWIP_UNUSED_ARG(unit);
00719 LWIP_UNUSED_ARG(proto);
00720
00721 AUTHDEBUG(LOG_INFO, ("np_down: %d proto=%X\n", unit, proto));
00722 if (--num_np_up == 0 && ppp_settings.idle_time_limit > 0) {
00723 UNTIMEOUT(check_idle, NULL);
00724 }
00725 }
00726
00727
00728
00729
00730 void
00731 np_finished(int unit, u16_t proto)
00732 {
00733 LWIP_UNUSED_ARG(unit);
00734 LWIP_UNUSED_ARG(proto);
00735
00736 AUTHDEBUG(LOG_INFO, ("np_finished: %d proto=%X\n", unit, proto));
00737 if (--num_np_open <= 0) {
00738
00739 lcp_close(0, "No network protocols running");
00740 }
00741 }
00742
00743
00744
00745
00746
00747 static void
00748 check_idle(void *arg)
00749 {
00750 struct ppp_idle idle;
00751 u_short itime;
00752
00753 LWIP_UNUSED_ARG(arg);
00754 if (!get_idle_time(0, &idle)) {
00755 return;
00756 }
00757 itime = LWIP_MIN(idle.xmit_idle, idle.recv_idle);
00758 if (itime >= ppp_settings.idle_time_limit) {
00759
00760 AUTHDEBUG(LOG_INFO, ("Terminating connection due to lack of activity.\n"));
00761 lcp_close(0, "Link inactive");
00762 } else {
00763 TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit - itime);
00764 }
00765 }
00766
00767
00768
00769
00770 static void
00771 connect_time_expired(void *arg)
00772 {
00773 LWIP_UNUSED_ARG(arg);
00774
00775 AUTHDEBUG(LOG_INFO, ("Connect time expired\n"));
00776 lcp_close(0, "Connect time expired");
00777 }
00778
00779 #if 0
00780
00781
00782
00783 void
00784 auth_check_options(void)
00785 {
00786 lcp_options *wo = &lcp_wantoptions[0];
00787 int can_auth;
00788 ipcp_options *ipwo = &ipcp_wantoptions[0];
00789 u32_t remote;
00790
00791
00792 if (ppp_settings.our_name[0] == 0 || ppp_settings.usehostname) {
00793 strcpy(ppp_settings.our_name, ppp_settings.hostname);
00794 }
00795
00796 if (ppp_settings.user[0] == 0) {
00797 strcpy(ppp_settings.user, ppp_settings.our_name);
00798 }
00799
00800
00801 if (ppp_settings.auth_required && !wo->neg_chap && !wo->neg_upap) {
00802 wo->neg_chap = 1;
00803 wo->neg_upap = 1;
00804 }
00805
00806
00807
00808
00809
00810 can_auth = wo->neg_upap && have_pap_secret();
00811 if (!can_auth && wo->neg_chap) {
00812 remote = ipwo->accept_remote? 0: ipwo->hisaddr;
00813 can_auth = have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote);
00814 }
00815
00816 if (ppp_settings.auth_required && !can_auth) {
00817 ppp_panic("No auth secret");
00818 }
00819 }
00820 #endif
00821
00822
00823
00824
00825
00826
00827 void
00828 auth_reset(int unit)
00829 {
00830 lcp_options *go = &lcp_gotoptions[unit];
00831 lcp_options *ao = &lcp_allowoptions[0];
00832 ipcp_options *ipwo = &ipcp_wantoptions[0];
00833 u32_t remote;
00834
00835 AUTHDEBUG(LOG_INFO, ("auth_reset: %d\n", unit));
00836 ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(unit, NULL, NULL));
00837 ao->neg_chap = !ppp_settings.refuse_chap && ppp_settings.passwd[0] != 0 ;
00838
00839 if (go->neg_upap && !have_pap_secret()) {
00840 go->neg_upap = 0;
00841 }
00842 if (go->neg_chap) {
00843 remote = ipwo->accept_remote? 0: ipwo->hisaddr;
00844 if (!have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote)) {
00845 go->neg_chap = 0;
00846 }
00847 }
00848 }
00849
00850 #if PAP_SUPPORT
00851
00852
00853
00854
00855
00856
00857
00858
00859
00860
00861 u_char
00862 check_passwd( int unit, char *auser, int userlen, char *apasswd, int passwdlen, char **msg, int *msglen)
00863 {
00864 #if 1
00865 LWIP_UNUSED_ARG(unit);
00866 LWIP_UNUSED_ARG(auser);
00867 LWIP_UNUSED_ARG(userlen);
00868 LWIP_UNUSED_ARG(apasswd);
00869 LWIP_UNUSED_ARG(passwdlen);
00870 LWIP_UNUSED_ARG(msglen);
00871 *msg = (char *) 0;
00872 return UPAP_AUTHACK;
00873 #else
00874 u_char ret = 0;
00875 struct wordlist *addrs = NULL;
00876 char passwd[256], user[256];
00877 char secret[MAXWORDLEN];
00878 static u_short attempts = 0;
00879
00880
00881
00882
00883 BCOPY(apasswd, passwd, passwdlen);
00884 passwd[passwdlen] = '\0';
00885 BCOPY(auser, user, userlen);
00886 user[userlen] = '\0';
00887 *msg = (char *) 0;
00888
00889
00890 ret = UPAP_AUTHACK;
00891
00892 if (ret == UPAP_AUTHNAK) {
00893 if (*msg == (char *) 0) {
00894 *msg = "Login incorrect";
00895 }
00896 *msglen = strlen(*msg);
00897
00898
00899
00900
00901
00902 if (attempts++ >= 10) {
00903 AUTHDEBUG(LOG_WARNING, ("%d LOGIN FAILURES BY %s\n", attempts, user));
00904
00905 }
00906 if (attempts > 3) {
00907
00908
00909
00910
00911 }
00912 if (addrs != NULL) {
00913 free_wordlist(addrs);
00914 }
00915 } else {
00916 attempts = 0;
00917 if (*msg == (char *) 0) {
00918 *msg = "Login ok";
00919 }
00920 *msglen = strlen(*msg);
00921 set_allowed_addrs(unit, addrs);
00922 }
00923
00924 BZERO(passwd, sizeof(passwd));
00925 BZERO(secret, sizeof(secret));
00926
00927 return ret;
00928 #endif
00929 }
00930 #endif
00931
00932 #if 0
00933
00934
00935
00936
00937 #ifdef USE_PAM
00938
00939
00940
00941 #endif
00942
00943 #endif
00944
00945
00946 #if 0
00947
00948
00949
00950
00951
00952
00953
00954
00955
00956 static int
00957 plogin(char *user, char *passwd, char **msg, int *msglen)
00958 {
00959
00960 LWIP_UNUSED_ARG(user);
00961 LWIP_UNUSED_ARG(passwd);
00962 LWIP_UNUSED_ARG(msg);
00963 LWIP_UNUSED_ARG(msglen);
00964
00965
00966
00967
00968
00969
00970
00971
00972
00973
00974
00975
00976
00977
00978
00979
00980
00981
00982
00983
00984
00985 return (UPAP_AUTHNAK);
00986 }
00987 #endif
00988
00989
00990
00991
00992
00993
00994 static void
00995 plogout(void)
00996 {
00997 logged_in = 0;
00998 }
00999
01000
01001
01002
01003
01004
01005 static int
01006 null_login(int unit)
01007 {
01008 LWIP_UNUSED_ARG(unit);
01009
01010 return 0;
01011 }
01012
01013
01014
01015
01016
01017
01018
01019 static int
01020 get_pap_passwd(int unit, char *user, char *passwd)
01021 {
01022 LWIP_UNUSED_ARG(unit);
01023
01024
01025
01026
01027
01028
01029
01030 if(user) {
01031 strcpy(user, "none");
01032 }
01033 if(passwd) {
01034 strcpy(passwd, "none");
01035 }
01036 return 1;
01037 }
01038
01039
01040
01041
01042
01043 static int
01044 have_pap_secret(void)
01045 {
01046
01047 return 0;
01048 }
01049
01050
01051
01052
01053
01054
01055
01056 static int
01057 have_chap_secret(char *client, char *server, u32_t remote)
01058 {
01059 LWIP_UNUSED_ARG(client);
01060 LWIP_UNUSED_ARG(server);
01061 LWIP_UNUSED_ARG(remote);
01062
01063
01064 return 0;
01065 }
01066 #if CHAP_SUPPORT
01067
01068
01069
01070
01071
01072
01073 int
01074 get_secret(int unit, char *client, char *server, char *secret, int *secret_len, int save_addrs)
01075 {
01076 #if 1
01077 int len;
01078 struct wordlist *addrs;
01079
01080 LWIP_UNUSED_ARG(unit);
01081 LWIP_UNUSED_ARG(server);
01082 LWIP_UNUSED_ARG(save_addrs);
01083
01084 addrs = NULL;
01085
01086 if(!client || !client[0] || strcmp(client, ppp_settings.user)) {
01087 return 0;
01088 }
01089
01090 len = (int)strlen(ppp_settings.passwd);
01091 if (len > MAXSECRETLEN) {
01092 AUTHDEBUG(LOG_ERR, ("Secret for %s on %s is too long\n", client, server));
01093 len = MAXSECRETLEN;
01094 }
01095
01096 BCOPY(ppp_settings.passwd, secret, len);
01097 *secret_len = len;
01098
01099 return 1;
01100 #else
01101 int ret = 0, len;
01102 struct wordlist *addrs;
01103 char secbuf[MAXWORDLEN];
01104
01105 addrs = NULL;
01106 secbuf[0] = 0;
01107
01108
01109 if (ret < 0) {
01110 return 0;
01111 }
01112
01113 if (save_addrs) {
01114 set_allowed_addrs(unit, addrs);
01115 }
01116
01117 len = strlen(secbuf);
01118 if (len > MAXSECRETLEN) {
01119 AUTHDEBUG(LOG_ERR, ("Secret for %s on %s is too long\n", client, server));
01120 len = MAXSECRETLEN;
01121 }
01122
01123 BCOPY(secbuf, secret, len);
01124 BZERO(secbuf, sizeof(secbuf));
01125 *secret_len = len;
01126
01127 return 1;
01128 #endif
01129 }
01130 #endif
01131
01132
01133 #if 0
01134
01135
01136
01137 static void
01138 set_allowed_addrs(int unit, struct wordlist *addrs)
01139 {
01140 if (addresses[unit] != NULL) {
01141 free_wordlist(addresses[unit]);
01142 }
01143 addresses[unit] = addrs;
01144
01145 #if 0
01146
01147
01148
01149
01150 if (addrs != NULL && addrs->next == NULL) {
01151 char *p = addrs->word;
01152 struct ipcp_options *wo = &ipcp_wantoptions[unit];
01153 u32_t a;
01154 struct hostent *hp;
01155
01156 if (wo->hisaddr == 0 && *p != '!' && *p != '-' && strchr(p, '/') == NULL) {
01157 hp = gethostbyname(p);
01158 if (hp != NULL && hp->h_addrtype == AF_INET) {
01159 a = *(u32_t *)hp->h_addr;
01160 } else {
01161 a = inet_addr(p);
01162 }
01163 if (a != (u32_t) -1) {
01164 wo->hisaddr = a;
01165 }
01166 }
01167 }
01168 #endif
01169 }
01170 #endif
01171
01172
01173
01174
01175
01176 int
01177 auth_ip_addr(int unit, u32_t addr)
01178 {
01179 return ip_addr_check(addr, addresses[unit]);
01180 }
01181
01182 static int
01183 ip_addr_check(u32_t addr, struct wordlist *addrs)
01184 {
01185
01186 if (bad_ip_adrs(addr)) {
01187 return 0;
01188 }
01189
01190 if (addrs == NULL) {
01191 return !ppp_settings.auth_required;
01192 }
01193
01194
01195 return 1;
01196 }
01197
01198
01199
01200
01201
01202
01203 int
01204 bad_ip_adrs(u32_t addr)
01205 {
01206 addr = ntohl(addr);
01207 return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
01208 || IN_MULTICAST(addr) || IN_BADCLASS(addr);
01209 }
01210
01211 #if 0
01212
01213
01214
01215
01216 static int
01217 some_ip_ok(struct wordlist *addrs)
01218 {
01219 for (; addrs != 0; addrs = addrs->next) {
01220 if (addrs->word[0] == '-')
01221 break;
01222 if (addrs->word[0] != '!')
01223 return 1;
01224 }
01225 return 0;
01226 }
01227
01228
01229
01230
01231 static void
01232 check_access(FILE *f, char *filename)
01233 {
01234 struct stat sbuf;
01235
01236 if (fstat(fileno(f), &sbuf) < 0) {
01237 warn("cannot stat secret file %s: %m", filename);
01238 } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
01239 warn("Warning - secret file %s has world and/or group access",
01240 filename);
01241 }
01242 }
01243
01244
01245
01246
01247
01248
01249
01250
01251
01252
01253
01254
01255
01256
01257 static int
01258 scan_authfile(FILE *f, char *client, char *server, char *secret, struct wordlist **addrs, struct wordlist **opts, char *filename)
01259 {
01260
01261 return 0;
01262 }
01263
01264
01265
01266 static void
01267 free_wordlist(struct wordlist *wp)
01268 {
01269 struct wordlist *next;
01270
01271 while (wp != NULL) {
01272 next = wp->next;
01273 free(wp);
01274 wp = next;
01275 }
01276 }
01277
01278
01279
01280
01281
01282 static void
01283 auth_script_done(void *arg)
01284 {
01285 auth_script_pid = 0;
01286 switch (auth_script_state) {
01287 case s_up:
01288 if (auth_state == s_down) {
01289 auth_script_state = s_down;
01290 auth_script(_PATH_AUTHDOWN);
01291 }
01292 break;
01293 case s_down:
01294 if (auth_state == s_up) {
01295 auth_script_state = s_up;
01296 auth_script(_PATH_AUTHUP);
01297 }
01298 break;
01299 }
01300 }
01301
01302
01303
01304
01305
01306 static void
01307 auth_script(char *script)
01308 {
01309 char strspeed[32];
01310 struct passwd *pw;
01311 char struid[32];
01312 char *user_name;
01313 char *argv[8];
01314
01315 if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL)
01316 user_name = pw->pw_name;
01317 else {
01318 slprintf(struid, sizeof(struid), "%d", getuid());
01319 user_name = struid;
01320 }
01321 slprintf(strspeed, sizeof(strspeed), "%d", baud_rate);
01322
01323 argv[0] = script;
01324 argv[1] = ifname;
01325 argv[2] = peer_authname;
01326 argv[3] = user_name;
01327 argv[4] = devnam;
01328 argv[5] = strspeed;
01329 argv[6] = NULL;
01330
01331 auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL);
01332 }
01333 #endif
01334 #endif