Forked from the DieterGraef Library
Fork of F7_Ethernet by
lwip/netif/ppp/auth.c@0:d26c1b55cfca, 2016-06-19 (annotated)
- Committer:
- DieterGraef
- Date:
- Sun Jun 19 16:23:40 2016 +0000
- Revision:
- 0:d26c1b55cfca
Ethernet Library for Nucleo stm32f746ZG and Disco stm32f746NG works under arm and gcc environment
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
DieterGraef | 0:d26c1b55cfca | 1 | /***************************************************************************** |
DieterGraef | 0:d26c1b55cfca | 2 | * auth.c - Network Authentication and Phase Control program file. |
DieterGraef | 0:d26c1b55cfca | 3 | * |
DieterGraef | 0:d26c1b55cfca | 4 | * Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc. |
DieterGraef | 0:d26c1b55cfca | 5 | * Copyright (c) 1997 by Global Election Systems Inc. All rights reserved. |
DieterGraef | 0:d26c1b55cfca | 6 | * |
DieterGraef | 0:d26c1b55cfca | 7 | * The authors hereby grant permission to use, copy, modify, distribute, |
DieterGraef | 0:d26c1b55cfca | 8 | * and license this software and its documentation for any purpose, provided |
DieterGraef | 0:d26c1b55cfca | 9 | * that existing copyright notices are retained in all copies and that this |
DieterGraef | 0:d26c1b55cfca | 10 | * notice and the following disclaimer are included verbatim in any |
DieterGraef | 0:d26c1b55cfca | 11 | * distributions. No written agreement, license, or royalty fee is required |
DieterGraef | 0:d26c1b55cfca | 12 | * for any of the authorized uses. |
DieterGraef | 0:d26c1b55cfca | 13 | * |
DieterGraef | 0:d26c1b55cfca | 14 | * THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR |
DieterGraef | 0:d26c1b55cfca | 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
DieterGraef | 0:d26c1b55cfca | 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
DieterGraef | 0:d26c1b55cfca | 17 | * IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
DieterGraef | 0:d26c1b55cfca | 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
DieterGraef | 0:d26c1b55cfca | 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
DieterGraef | 0:d26c1b55cfca | 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
DieterGraef | 0:d26c1b55cfca | 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
DieterGraef | 0:d26c1b55cfca | 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
DieterGraef | 0:d26c1b55cfca | 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
DieterGraef | 0:d26c1b55cfca | 24 | * |
DieterGraef | 0:d26c1b55cfca | 25 | ****************************************************************************** |
DieterGraef | 0:d26c1b55cfca | 26 | * REVISION HISTORY |
DieterGraef | 0:d26c1b55cfca | 27 | * |
DieterGraef | 0:d26c1b55cfca | 28 | * 03-01-01 Marc Boucher <marc@mbsi.ca> |
DieterGraef | 0:d26c1b55cfca | 29 | * Ported to lwIP. |
DieterGraef | 0:d26c1b55cfca | 30 | * 97-12-08 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc. |
DieterGraef | 0:d26c1b55cfca | 31 | * Ported from public pppd code. |
DieterGraef | 0:d26c1b55cfca | 32 | *****************************************************************************/ |
DieterGraef | 0:d26c1b55cfca | 33 | /* |
DieterGraef | 0:d26c1b55cfca | 34 | * auth.c - PPP authentication and phase control. |
DieterGraef | 0:d26c1b55cfca | 35 | * |
DieterGraef | 0:d26c1b55cfca | 36 | * Copyright (c) 1993 The Australian National University. |
DieterGraef | 0:d26c1b55cfca | 37 | * All rights reserved. |
DieterGraef | 0:d26c1b55cfca | 38 | * |
DieterGraef | 0:d26c1b55cfca | 39 | * Redistribution and use in source and binary forms are permitted |
DieterGraef | 0:d26c1b55cfca | 40 | * provided that the above copyright notice and this paragraph are |
DieterGraef | 0:d26c1b55cfca | 41 | * duplicated in all such forms and that any documentation, |
DieterGraef | 0:d26c1b55cfca | 42 | * advertising materials, and other materials related to such |
DieterGraef | 0:d26c1b55cfca | 43 | * distribution and use acknowledge that the software was developed |
DieterGraef | 0:d26c1b55cfca | 44 | * by the Australian National University. The name of the University |
DieterGraef | 0:d26c1b55cfca | 45 | * may not be used to endorse or promote products derived from this |
DieterGraef | 0:d26c1b55cfca | 46 | * software without specific prior written permission. |
DieterGraef | 0:d26c1b55cfca | 47 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
DieterGraef | 0:d26c1b55cfca | 48 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
DieterGraef | 0:d26c1b55cfca | 49 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
DieterGraef | 0:d26c1b55cfca | 50 | * |
DieterGraef | 0:d26c1b55cfca | 51 | * Copyright (c) 1989 Carnegie Mellon University. |
DieterGraef | 0:d26c1b55cfca | 52 | * All rights reserved. |
DieterGraef | 0:d26c1b55cfca | 53 | * |
DieterGraef | 0:d26c1b55cfca | 54 | * Redistribution and use in source and binary forms are permitted |
DieterGraef | 0:d26c1b55cfca | 55 | * provided that the above copyright notice and this paragraph are |
DieterGraef | 0:d26c1b55cfca | 56 | * duplicated in all such forms and that any documentation, |
DieterGraef | 0:d26c1b55cfca | 57 | * advertising materials, and other materials related to such |
DieterGraef | 0:d26c1b55cfca | 58 | * distribution and use acknowledge that the software was developed |
DieterGraef | 0:d26c1b55cfca | 59 | * by Carnegie Mellon University. The name of the |
DieterGraef | 0:d26c1b55cfca | 60 | * University may not be used to endorse or promote products derived |
DieterGraef | 0:d26c1b55cfca | 61 | * from this software without specific prior written permission. |
DieterGraef | 0:d26c1b55cfca | 62 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
DieterGraef | 0:d26c1b55cfca | 63 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
DieterGraef | 0:d26c1b55cfca | 64 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
DieterGraef | 0:d26c1b55cfca | 65 | */ |
DieterGraef | 0:d26c1b55cfca | 66 | |
DieterGraef | 0:d26c1b55cfca | 67 | #include "lwip/opt.h" |
DieterGraef | 0:d26c1b55cfca | 68 | |
DieterGraef | 0:d26c1b55cfca | 69 | #if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */ |
DieterGraef | 0:d26c1b55cfca | 70 | |
DieterGraef | 0:d26c1b55cfca | 71 | #include "ppp_impl.h" |
DieterGraef | 0:d26c1b55cfca | 72 | #include "pppdebug.h" |
DieterGraef | 0:d26c1b55cfca | 73 | |
DieterGraef | 0:d26c1b55cfca | 74 | #include "fsm.h" |
DieterGraef | 0:d26c1b55cfca | 75 | #include "lcp.h" |
DieterGraef | 0:d26c1b55cfca | 76 | #include "pap.h" |
DieterGraef | 0:d26c1b55cfca | 77 | #include "chap.h" |
DieterGraef | 0:d26c1b55cfca | 78 | #include "auth.h" |
DieterGraef | 0:d26c1b55cfca | 79 | #include "ipcp.h" |
DieterGraef | 0:d26c1b55cfca | 80 | |
DieterGraef | 0:d26c1b55cfca | 81 | #if CBCP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 82 | #include "cbcp.h" |
DieterGraef | 0:d26c1b55cfca | 83 | #endif /* CBCP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 84 | |
DieterGraef | 0:d26c1b55cfca | 85 | #include "lwip/inet.h" |
DieterGraef | 0:d26c1b55cfca | 86 | |
DieterGraef | 0:d26c1b55cfca | 87 | #include <string.h> |
DieterGraef | 0:d26c1b55cfca | 88 | |
DieterGraef | 0:d26c1b55cfca | 89 | #if 0 /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 90 | /* Bits in scan_authfile return value */ |
DieterGraef | 0:d26c1b55cfca | 91 | #define NONWILD_SERVER 1 |
DieterGraef | 0:d26c1b55cfca | 92 | #define NONWILD_CLIENT 2 |
DieterGraef | 0:d26c1b55cfca | 93 | |
DieterGraef | 0:d26c1b55cfca | 94 | #define ISWILD(word) (word[0] == '*' && word[1] == 0) |
DieterGraef | 0:d26c1b55cfca | 95 | #endif /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 96 | |
DieterGraef | 0:d26c1b55cfca | 97 | #if PAP_SUPPORT || CHAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 98 | /* The name by which the peer authenticated itself to us. */ |
DieterGraef | 0:d26c1b55cfca | 99 | static char peer_authname[MAXNAMELEN]; |
DieterGraef | 0:d26c1b55cfca | 100 | #endif /* PAP_SUPPORT || CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 101 | |
DieterGraef | 0:d26c1b55cfca | 102 | /* Records which authentication operations haven't completed yet. */ |
DieterGraef | 0:d26c1b55cfca | 103 | static int auth_pending[NUM_PPP]; |
DieterGraef | 0:d26c1b55cfca | 104 | |
DieterGraef | 0:d26c1b55cfca | 105 | /* Set if we have successfully called plogin() */ |
DieterGraef | 0:d26c1b55cfca | 106 | static int logged_in; |
DieterGraef | 0:d26c1b55cfca | 107 | |
DieterGraef | 0:d26c1b55cfca | 108 | /* Set if we have run the /etc/ppp/auth-up script. */ |
DieterGraef | 0:d26c1b55cfca | 109 | static int did_authup; /* @todo, we don't need this in lwip*/ |
DieterGraef | 0:d26c1b55cfca | 110 | |
DieterGraef | 0:d26c1b55cfca | 111 | /* List of addresses which the peer may use. */ |
DieterGraef | 0:d26c1b55cfca | 112 | static struct wordlist *addresses[NUM_PPP]; |
DieterGraef | 0:d26c1b55cfca | 113 | |
DieterGraef | 0:d26c1b55cfca | 114 | #if 0 /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 115 | /* Wordlist giving addresses which the peer may use |
DieterGraef | 0:d26c1b55cfca | 116 | without authenticating itself. */ |
DieterGraef | 0:d26c1b55cfca | 117 | static struct wordlist *noauth_addrs; |
DieterGraef | 0:d26c1b55cfca | 118 | |
DieterGraef | 0:d26c1b55cfca | 119 | /* Extra options to apply, from the secrets file entry for the peer. */ |
DieterGraef | 0:d26c1b55cfca | 120 | static struct wordlist *extra_options; |
DieterGraef | 0:d26c1b55cfca | 121 | #endif /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 122 | |
DieterGraef | 0:d26c1b55cfca | 123 | /* Number of network protocols which we have opened. */ |
DieterGraef | 0:d26c1b55cfca | 124 | static int num_np_open; |
DieterGraef | 0:d26c1b55cfca | 125 | |
DieterGraef | 0:d26c1b55cfca | 126 | /* Number of network protocols which have come up. */ |
DieterGraef | 0:d26c1b55cfca | 127 | static int num_np_up; |
DieterGraef | 0:d26c1b55cfca | 128 | |
DieterGraef | 0:d26c1b55cfca | 129 | #if PAP_SUPPORT || CHAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 130 | /* Set if we got the contents of passwd[] from the pap-secrets file. */ |
DieterGraef | 0:d26c1b55cfca | 131 | static int passwd_from_file; |
DieterGraef | 0:d26c1b55cfca | 132 | #endif /* PAP_SUPPORT || CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 133 | |
DieterGraef | 0:d26c1b55cfca | 134 | #if 0 /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 135 | /* Set if we require authentication only because we have a default route. */ |
DieterGraef | 0:d26c1b55cfca | 136 | static bool default_auth; |
DieterGraef | 0:d26c1b55cfca | 137 | |
DieterGraef | 0:d26c1b55cfca | 138 | /* Hook to enable a plugin to control the idle time limit */ |
DieterGraef | 0:d26c1b55cfca | 139 | int (*idle_time_hook) __P((struct ppp_idle *)) = NULL; |
DieterGraef | 0:d26c1b55cfca | 140 | |
DieterGraef | 0:d26c1b55cfca | 141 | /* Hook for a plugin to say whether we can possibly authenticate any peer */ |
DieterGraef | 0:d26c1b55cfca | 142 | int (*pap_check_hook) __P((void)) = NULL; |
DieterGraef | 0:d26c1b55cfca | 143 | |
DieterGraef | 0:d26c1b55cfca | 144 | /* Hook for a plugin to check the PAP user and password */ |
DieterGraef | 0:d26c1b55cfca | 145 | int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp, |
DieterGraef | 0:d26c1b55cfca | 146 | struct wordlist **paddrs, |
DieterGraef | 0:d26c1b55cfca | 147 | struct wordlist **popts)) = NULL; |
DieterGraef | 0:d26c1b55cfca | 148 | |
DieterGraef | 0:d26c1b55cfca | 149 | /* Hook for a plugin to know about the PAP user logout */ |
DieterGraef | 0:d26c1b55cfca | 150 | void (*pap_logout_hook) __P((void)) = NULL; |
DieterGraef | 0:d26c1b55cfca | 151 | |
DieterGraef | 0:d26c1b55cfca | 152 | /* Hook for a plugin to get the PAP password for authenticating us */ |
DieterGraef | 0:d26c1b55cfca | 153 | int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL; |
DieterGraef | 0:d26c1b55cfca | 154 | |
DieterGraef | 0:d26c1b55cfca | 155 | /* |
DieterGraef | 0:d26c1b55cfca | 156 | * This is used to ensure that we don't start an auth-up/down |
DieterGraef | 0:d26c1b55cfca | 157 | * script while one is already running. |
DieterGraef | 0:d26c1b55cfca | 158 | */ |
DieterGraef | 0:d26c1b55cfca | 159 | enum script_state { |
DieterGraef | 0:d26c1b55cfca | 160 | s_down, |
DieterGraef | 0:d26c1b55cfca | 161 | s_up |
DieterGraef | 0:d26c1b55cfca | 162 | }; |
DieterGraef | 0:d26c1b55cfca | 163 | |
DieterGraef | 0:d26c1b55cfca | 164 | static enum script_state auth_state = s_down; |
DieterGraef | 0:d26c1b55cfca | 165 | static enum script_state auth_script_state = s_down; |
DieterGraef | 0:d26c1b55cfca | 166 | static pid_t auth_script_pid = 0; |
DieterGraef | 0:d26c1b55cfca | 167 | |
DieterGraef | 0:d26c1b55cfca | 168 | /* |
DieterGraef | 0:d26c1b55cfca | 169 | * Option variables. |
DieterGraef | 0:d26c1b55cfca | 170 | * lwip: some of these are present in the ppp_settings structure |
DieterGraef | 0:d26c1b55cfca | 171 | */ |
DieterGraef | 0:d26c1b55cfca | 172 | bool uselogin = 0; /* Use /etc/passwd for checking PAP */ |
DieterGraef | 0:d26c1b55cfca | 173 | bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */ |
DieterGraef | 0:d26c1b55cfca | 174 | bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */ |
DieterGraef | 0:d26c1b55cfca | 175 | bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */ |
DieterGraef | 0:d26c1b55cfca | 176 | bool usehostname = 0; /* Use hostname for our_name */ |
DieterGraef | 0:d26c1b55cfca | 177 | bool auth_required = 0; /* Always require authentication from peer */ |
DieterGraef | 0:d26c1b55cfca | 178 | bool allow_any_ip = 0; /* Allow peer to use any IP address */ |
DieterGraef | 0:d26c1b55cfca | 179 | bool explicit_remote = 0; /* User specified explicit remote name */ |
DieterGraef | 0:d26c1b55cfca | 180 | char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ |
DieterGraef | 0:d26c1b55cfca | 181 | |
DieterGraef | 0:d26c1b55cfca | 182 | #endif /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 183 | |
DieterGraef | 0:d26c1b55cfca | 184 | /* Bits in auth_pending[] */ |
DieterGraef | 0:d26c1b55cfca | 185 | #define PAP_WITHPEER 1 |
DieterGraef | 0:d26c1b55cfca | 186 | #define PAP_PEER 2 |
DieterGraef | 0:d26c1b55cfca | 187 | #define CHAP_WITHPEER 4 |
DieterGraef | 0:d26c1b55cfca | 188 | #define CHAP_PEER 8 |
DieterGraef | 0:d26c1b55cfca | 189 | |
DieterGraef | 0:d26c1b55cfca | 190 | /* @todo, move this somewhere */ |
DieterGraef | 0:d26c1b55cfca | 191 | /* Used for storing a sequence of words. Usually malloced. */ |
DieterGraef | 0:d26c1b55cfca | 192 | struct wordlist { |
DieterGraef | 0:d26c1b55cfca | 193 | struct wordlist *next; |
DieterGraef | 0:d26c1b55cfca | 194 | char word[1]; |
DieterGraef | 0:d26c1b55cfca | 195 | }; |
DieterGraef | 0:d26c1b55cfca | 196 | |
DieterGraef | 0:d26c1b55cfca | 197 | |
DieterGraef | 0:d26c1b55cfca | 198 | extern char *crypt (const char *, const char *); |
DieterGraef | 0:d26c1b55cfca | 199 | |
DieterGraef | 0:d26c1b55cfca | 200 | /* Prototypes for procedures local to this file. */ |
DieterGraef | 0:d26c1b55cfca | 201 | |
DieterGraef | 0:d26c1b55cfca | 202 | static void network_phase (int); |
DieterGraef | 0:d26c1b55cfca | 203 | static void check_idle (void *); |
DieterGraef | 0:d26c1b55cfca | 204 | static void connect_time_expired (void *); |
DieterGraef | 0:d26c1b55cfca | 205 | #if 0 |
DieterGraef | 0:d26c1b55cfca | 206 | static int plogin (char *, char *, char **, int *); |
DieterGraef | 0:d26c1b55cfca | 207 | #endif |
DieterGraef | 0:d26c1b55cfca | 208 | static void plogout (void); |
DieterGraef | 0:d26c1b55cfca | 209 | static int null_login (int); |
DieterGraef | 0:d26c1b55cfca | 210 | static int get_pap_passwd (int, char *, char *); |
DieterGraef | 0:d26c1b55cfca | 211 | static int have_pap_secret (void); |
DieterGraef | 0:d26c1b55cfca | 212 | static int have_chap_secret (char *, char *, u32_t); |
DieterGraef | 0:d26c1b55cfca | 213 | static int ip_addr_check (u32_t, struct wordlist *); |
DieterGraef | 0:d26c1b55cfca | 214 | |
DieterGraef | 0:d26c1b55cfca | 215 | #if 0 /* PAP_SUPPORT || CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 216 | static int scan_authfile (FILE *, char *, char *, char *, |
DieterGraef | 0:d26c1b55cfca | 217 | struct wordlist **, struct wordlist **, |
DieterGraef | 0:d26c1b55cfca | 218 | char *); |
DieterGraef | 0:d26c1b55cfca | 219 | static void free_wordlist (struct wordlist *); |
DieterGraef | 0:d26c1b55cfca | 220 | static void auth_script (char *); |
DieterGraef | 0:d26c1b55cfca | 221 | static void auth_script_done (void *); |
DieterGraef | 0:d26c1b55cfca | 222 | static void set_allowed_addrs (int unit, struct wordlist *addrs); |
DieterGraef | 0:d26c1b55cfca | 223 | static int some_ip_ok (struct wordlist *); |
DieterGraef | 0:d26c1b55cfca | 224 | static int setupapfile (char **); |
DieterGraef | 0:d26c1b55cfca | 225 | static int privgroup (char **); |
DieterGraef | 0:d26c1b55cfca | 226 | static int set_noauth_addr (char **); |
DieterGraef | 0:d26c1b55cfca | 227 | static void check_access (FILE *, char *); |
DieterGraef | 0:d26c1b55cfca | 228 | #endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 229 | |
DieterGraef | 0:d26c1b55cfca | 230 | #if 0 /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 231 | /* |
DieterGraef | 0:d26c1b55cfca | 232 | * Authentication-related options. |
DieterGraef | 0:d26c1b55cfca | 233 | */ |
DieterGraef | 0:d26c1b55cfca | 234 | option_t auth_options[] = { |
DieterGraef | 0:d26c1b55cfca | 235 | { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap, |
DieterGraef | 0:d26c1b55cfca | 236 | "Require PAP authentication from peer", 1, &auth_required }, |
DieterGraef | 0:d26c1b55cfca | 237 | { "+pap", o_bool, &lcp_wantoptions[0].neg_upap, |
DieterGraef | 0:d26c1b55cfca | 238 | "Require PAP authentication from peer", 1, &auth_required }, |
DieterGraef | 0:d26c1b55cfca | 239 | { "refuse-pap", o_bool, &refuse_pap, |
DieterGraef | 0:d26c1b55cfca | 240 | "Don't agree to auth to peer with PAP", 1 }, |
DieterGraef | 0:d26c1b55cfca | 241 | { "-pap", o_bool, &refuse_pap, |
DieterGraef | 0:d26c1b55cfca | 242 | "Don't allow PAP authentication with peer", 1 }, |
DieterGraef | 0:d26c1b55cfca | 243 | { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap, |
DieterGraef | 0:d26c1b55cfca | 244 | "Require CHAP authentication from peer", 1, &auth_required }, |
DieterGraef | 0:d26c1b55cfca | 245 | { "+chap", o_bool, &lcp_wantoptions[0].neg_chap, |
DieterGraef | 0:d26c1b55cfca | 246 | "Require CHAP authentication from peer", 1, &auth_required }, |
DieterGraef | 0:d26c1b55cfca | 247 | { "refuse-chap", o_bool, &refuse_chap, |
DieterGraef | 0:d26c1b55cfca | 248 | "Don't agree to auth to peer with CHAP", 1 }, |
DieterGraef | 0:d26c1b55cfca | 249 | { "-chap", o_bool, &refuse_chap, |
DieterGraef | 0:d26c1b55cfca | 250 | "Don't allow CHAP authentication with peer", 1 }, |
DieterGraef | 0:d26c1b55cfca | 251 | { "name", o_string, our_name, |
DieterGraef | 0:d26c1b55cfca | 252 | "Set local name for authentication", |
DieterGraef | 0:d26c1b55cfca | 253 | OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN }, |
DieterGraef | 0:d26c1b55cfca | 254 | { "user", o_string, user, |
DieterGraef | 0:d26c1b55cfca | 255 | "Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN }, |
DieterGraef | 0:d26c1b55cfca | 256 | { "usehostname", o_bool, &usehostname, |
DieterGraef | 0:d26c1b55cfca | 257 | "Must use hostname for authentication", 1 }, |
DieterGraef | 0:d26c1b55cfca | 258 | { "remotename", o_string, remote_name, |
DieterGraef | 0:d26c1b55cfca | 259 | "Set remote name for authentication", OPT_STATIC, |
DieterGraef | 0:d26c1b55cfca | 260 | &explicit_remote, MAXNAMELEN }, |
DieterGraef | 0:d26c1b55cfca | 261 | { "auth", o_bool, &auth_required, |
DieterGraef | 0:d26c1b55cfca | 262 | "Require authentication from peer", 1 }, |
DieterGraef | 0:d26c1b55cfca | 263 | { "noauth", o_bool, &auth_required, |
DieterGraef | 0:d26c1b55cfca | 264 | "Don't require peer to authenticate", OPT_PRIV, &allow_any_ip }, |
DieterGraef | 0:d26c1b55cfca | 265 | { "login", o_bool, &uselogin, |
DieterGraef | 0:d26c1b55cfca | 266 | "Use system password database for PAP", 1 }, |
DieterGraef | 0:d26c1b55cfca | 267 | { "papcrypt", o_bool, &cryptpap, |
DieterGraef | 0:d26c1b55cfca | 268 | "PAP passwords are encrypted", 1 }, |
DieterGraef | 0:d26c1b55cfca | 269 | { "+ua", o_special, (void *)setupapfile, |
DieterGraef | 0:d26c1b55cfca | 270 | "Get PAP user and password from file" }, |
DieterGraef | 0:d26c1b55cfca | 271 | { "password", o_string, passwd, |
DieterGraef | 0:d26c1b55cfca | 272 | "Password for authenticating us to the peer", OPT_STATIC, |
DieterGraef | 0:d26c1b55cfca | 273 | NULL, MAXSECRETLEN }, |
DieterGraef | 0:d26c1b55cfca | 274 | { "privgroup", o_special, (void *)privgroup, |
DieterGraef | 0:d26c1b55cfca | 275 | "Allow group members to use privileged options", OPT_PRIV }, |
DieterGraef | 0:d26c1b55cfca | 276 | { "allow-ip", o_special, (void *)set_noauth_addr, |
DieterGraef | 0:d26c1b55cfca | 277 | "Set IP address(es) which can be used without authentication", |
DieterGraef | 0:d26c1b55cfca | 278 | OPT_PRIV }, |
DieterGraef | 0:d26c1b55cfca | 279 | { NULL } |
DieterGraef | 0:d26c1b55cfca | 280 | }; |
DieterGraef | 0:d26c1b55cfca | 281 | #endif /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 282 | #if 0 /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 283 | /* |
DieterGraef | 0:d26c1b55cfca | 284 | * setupapfile - specifies UPAP info for authenticating with peer. |
DieterGraef | 0:d26c1b55cfca | 285 | */ |
DieterGraef | 0:d26c1b55cfca | 286 | static int |
DieterGraef | 0:d26c1b55cfca | 287 | setupapfile(char **argv) |
DieterGraef | 0:d26c1b55cfca | 288 | { |
DieterGraef | 0:d26c1b55cfca | 289 | FILE * ufile; |
DieterGraef | 0:d26c1b55cfca | 290 | int l; |
DieterGraef | 0:d26c1b55cfca | 291 | |
DieterGraef | 0:d26c1b55cfca | 292 | lcp_allowoptions[0].neg_upap = 1; |
DieterGraef | 0:d26c1b55cfca | 293 | |
DieterGraef | 0:d26c1b55cfca | 294 | /* open user info file */ |
DieterGraef | 0:d26c1b55cfca | 295 | seteuid(getuid()); |
DieterGraef | 0:d26c1b55cfca | 296 | ufile = fopen(*argv, "r"); |
DieterGraef | 0:d26c1b55cfca | 297 | seteuid(0); |
DieterGraef | 0:d26c1b55cfca | 298 | if (ufile == NULL) { |
DieterGraef | 0:d26c1b55cfca | 299 | option_error("unable to open user login data file %s", *argv); |
DieterGraef | 0:d26c1b55cfca | 300 | return 0; |
DieterGraef | 0:d26c1b55cfca | 301 | } |
DieterGraef | 0:d26c1b55cfca | 302 | check_access(ufile, *argv); |
DieterGraef | 0:d26c1b55cfca | 303 | |
DieterGraef | 0:d26c1b55cfca | 304 | /* get username */ |
DieterGraef | 0:d26c1b55cfca | 305 | if (fgets(user, MAXNAMELEN - 1, ufile) == NULL |
DieterGraef | 0:d26c1b55cfca | 306 | || fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){ |
DieterGraef | 0:d26c1b55cfca | 307 | option_error("unable to read user login data file %s", *argv); |
DieterGraef | 0:d26c1b55cfca | 308 | return 0; |
DieterGraef | 0:d26c1b55cfca | 309 | } |
DieterGraef | 0:d26c1b55cfca | 310 | fclose(ufile); |
DieterGraef | 0:d26c1b55cfca | 311 | |
DieterGraef | 0:d26c1b55cfca | 312 | /* get rid of newlines */ |
DieterGraef | 0:d26c1b55cfca | 313 | l = strlen(user); |
DieterGraef | 0:d26c1b55cfca | 314 | if (l > 0 && user[l-1] == '\n') |
DieterGraef | 0:d26c1b55cfca | 315 | user[l-1] = 0; |
DieterGraef | 0:d26c1b55cfca | 316 | l = strlen(passwd); |
DieterGraef | 0:d26c1b55cfca | 317 | if (l > 0 && passwd[l-1] == '\n') |
DieterGraef | 0:d26c1b55cfca | 318 | passwd[l-1] = 0; |
DieterGraef | 0:d26c1b55cfca | 319 | |
DieterGraef | 0:d26c1b55cfca | 320 | return (1); |
DieterGraef | 0:d26c1b55cfca | 321 | } |
DieterGraef | 0:d26c1b55cfca | 322 | #endif /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 323 | |
DieterGraef | 0:d26c1b55cfca | 324 | #if 0 /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 325 | /* |
DieterGraef | 0:d26c1b55cfca | 326 | * privgroup - allow members of the group to have privileged access. |
DieterGraef | 0:d26c1b55cfca | 327 | */ |
DieterGraef | 0:d26c1b55cfca | 328 | static int |
DieterGraef | 0:d26c1b55cfca | 329 | privgroup(char **argv) |
DieterGraef | 0:d26c1b55cfca | 330 | { |
DieterGraef | 0:d26c1b55cfca | 331 | struct group *g; |
DieterGraef | 0:d26c1b55cfca | 332 | int i; |
DieterGraef | 0:d26c1b55cfca | 333 | |
DieterGraef | 0:d26c1b55cfca | 334 | g = getgrnam(*argv); |
DieterGraef | 0:d26c1b55cfca | 335 | if (g == 0) { |
DieterGraef | 0:d26c1b55cfca | 336 | option_error("group %s is unknown", *argv); |
DieterGraef | 0:d26c1b55cfca | 337 | return 0; |
DieterGraef | 0:d26c1b55cfca | 338 | } |
DieterGraef | 0:d26c1b55cfca | 339 | for (i = 0; i < ngroups; ++i) { |
DieterGraef | 0:d26c1b55cfca | 340 | if (groups[i] == g->gr_gid) { |
DieterGraef | 0:d26c1b55cfca | 341 | privileged = 1; |
DieterGraef | 0:d26c1b55cfca | 342 | break; |
DieterGraef | 0:d26c1b55cfca | 343 | } |
DieterGraef | 0:d26c1b55cfca | 344 | } |
DieterGraef | 0:d26c1b55cfca | 345 | return 1; |
DieterGraef | 0:d26c1b55cfca | 346 | } |
DieterGraef | 0:d26c1b55cfca | 347 | #endif |
DieterGraef | 0:d26c1b55cfca | 348 | |
DieterGraef | 0:d26c1b55cfca | 349 | #if 0 /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 350 | /* |
DieterGraef | 0:d26c1b55cfca | 351 | * set_noauth_addr - set address(es) that can be used without authentication. |
DieterGraef | 0:d26c1b55cfca | 352 | * Equivalent to specifying an entry like `"" * "" addr' in pap-secrets. |
DieterGraef | 0:d26c1b55cfca | 353 | */ |
DieterGraef | 0:d26c1b55cfca | 354 | static int |
DieterGraef | 0:d26c1b55cfca | 355 | set_noauth_addr(char **argv) |
DieterGraef | 0:d26c1b55cfca | 356 | { |
DieterGraef | 0:d26c1b55cfca | 357 | char *addr = *argv; |
DieterGraef | 0:d26c1b55cfca | 358 | int l = strlen(addr); |
DieterGraef | 0:d26c1b55cfca | 359 | struct wordlist *wp; |
DieterGraef | 0:d26c1b55cfca | 360 | |
DieterGraef | 0:d26c1b55cfca | 361 | wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l + 1); |
DieterGraef | 0:d26c1b55cfca | 362 | if (wp == NULL) |
DieterGraef | 0:d26c1b55cfca | 363 | novm("allow-ip argument"); |
DieterGraef | 0:d26c1b55cfca | 364 | wp->word = (char *) (wp + 1); |
DieterGraef | 0:d26c1b55cfca | 365 | wp->next = noauth_addrs; |
DieterGraef | 0:d26c1b55cfca | 366 | BCOPY(addr, wp->word, l); |
DieterGraef | 0:d26c1b55cfca | 367 | noauth_addrs = wp; |
DieterGraef | 0:d26c1b55cfca | 368 | return 1; |
DieterGraef | 0:d26c1b55cfca | 369 | } |
DieterGraef | 0:d26c1b55cfca | 370 | #endif /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 371 | |
DieterGraef | 0:d26c1b55cfca | 372 | /* |
DieterGraef | 0:d26c1b55cfca | 373 | * An Open on LCP has requested a change from Dead to Establish phase. |
DieterGraef | 0:d26c1b55cfca | 374 | * Do what's necessary to bring the physical layer up. |
DieterGraef | 0:d26c1b55cfca | 375 | */ |
DieterGraef | 0:d26c1b55cfca | 376 | void |
DieterGraef | 0:d26c1b55cfca | 377 | link_required(int unit) |
DieterGraef | 0:d26c1b55cfca | 378 | { |
DieterGraef | 0:d26c1b55cfca | 379 | LWIP_UNUSED_ARG(unit); |
DieterGraef | 0:d26c1b55cfca | 380 | |
DieterGraef | 0:d26c1b55cfca | 381 | AUTHDEBUG(LOG_INFO, ("link_required: %d\n", unit)); |
DieterGraef | 0:d26c1b55cfca | 382 | } |
DieterGraef | 0:d26c1b55cfca | 383 | |
DieterGraef | 0:d26c1b55cfca | 384 | /* |
DieterGraef | 0:d26c1b55cfca | 385 | * LCP has terminated the link; go to the Dead phase and take the |
DieterGraef | 0:d26c1b55cfca | 386 | * physical layer down. |
DieterGraef | 0:d26c1b55cfca | 387 | */ |
DieterGraef | 0:d26c1b55cfca | 388 | void |
DieterGraef | 0:d26c1b55cfca | 389 | link_terminated(int unit) |
DieterGraef | 0:d26c1b55cfca | 390 | { |
DieterGraef | 0:d26c1b55cfca | 391 | AUTHDEBUG(LOG_INFO, ("link_terminated: %d\n", unit)); |
DieterGraef | 0:d26c1b55cfca | 392 | if (lcp_phase[unit] == PHASE_DEAD) { |
DieterGraef | 0:d26c1b55cfca | 393 | return; |
DieterGraef | 0:d26c1b55cfca | 394 | } |
DieterGraef | 0:d26c1b55cfca | 395 | if (logged_in) { |
DieterGraef | 0:d26c1b55cfca | 396 | plogout(); |
DieterGraef | 0:d26c1b55cfca | 397 | } |
DieterGraef | 0:d26c1b55cfca | 398 | lcp_phase[unit] = PHASE_DEAD; |
DieterGraef | 0:d26c1b55cfca | 399 | AUTHDEBUG(LOG_NOTICE, ("Connection terminated.\n")); |
DieterGraef | 0:d26c1b55cfca | 400 | pppLinkTerminated(unit); |
DieterGraef | 0:d26c1b55cfca | 401 | } |
DieterGraef | 0:d26c1b55cfca | 402 | |
DieterGraef | 0:d26c1b55cfca | 403 | /* |
DieterGraef | 0:d26c1b55cfca | 404 | * LCP has gone down; it will either die or try to re-establish. |
DieterGraef | 0:d26c1b55cfca | 405 | */ |
DieterGraef | 0:d26c1b55cfca | 406 | void |
DieterGraef | 0:d26c1b55cfca | 407 | link_down(int unit) |
DieterGraef | 0:d26c1b55cfca | 408 | { |
DieterGraef | 0:d26c1b55cfca | 409 | int i; |
DieterGraef | 0:d26c1b55cfca | 410 | struct protent *protp; |
DieterGraef | 0:d26c1b55cfca | 411 | |
DieterGraef | 0:d26c1b55cfca | 412 | AUTHDEBUG(LOG_INFO, ("link_down: %d\n", unit)); |
DieterGraef | 0:d26c1b55cfca | 413 | |
DieterGraef | 0:d26c1b55cfca | 414 | if (did_authup) { |
DieterGraef | 0:d26c1b55cfca | 415 | /* XXX Do link down processing. */ |
DieterGraef | 0:d26c1b55cfca | 416 | did_authup = 0; |
DieterGraef | 0:d26c1b55cfca | 417 | } |
DieterGraef | 0:d26c1b55cfca | 418 | for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) { |
DieterGraef | 0:d26c1b55cfca | 419 | if (!protp->enabled_flag) { |
DieterGraef | 0:d26c1b55cfca | 420 | continue; |
DieterGraef | 0:d26c1b55cfca | 421 | } |
DieterGraef | 0:d26c1b55cfca | 422 | if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) { |
DieterGraef | 0:d26c1b55cfca | 423 | (*protp->lowerdown)(unit); |
DieterGraef | 0:d26c1b55cfca | 424 | } |
DieterGraef | 0:d26c1b55cfca | 425 | if (protp->protocol < 0xC000 && protp->close != NULL) { |
DieterGraef | 0:d26c1b55cfca | 426 | (*protp->close)(unit, "LCP down"); |
DieterGraef | 0:d26c1b55cfca | 427 | } |
DieterGraef | 0:d26c1b55cfca | 428 | } |
DieterGraef | 0:d26c1b55cfca | 429 | num_np_open = 0; /* number of network protocols we have opened */ |
DieterGraef | 0:d26c1b55cfca | 430 | num_np_up = 0; /* Number of network protocols which have come up */ |
DieterGraef | 0:d26c1b55cfca | 431 | |
DieterGraef | 0:d26c1b55cfca | 432 | if (lcp_phase[unit] != PHASE_DEAD) { |
DieterGraef | 0:d26c1b55cfca | 433 | lcp_phase[unit] = PHASE_TERMINATE; |
DieterGraef | 0:d26c1b55cfca | 434 | } |
DieterGraef | 0:d26c1b55cfca | 435 | pppLinkDown(unit); |
DieterGraef | 0:d26c1b55cfca | 436 | } |
DieterGraef | 0:d26c1b55cfca | 437 | |
DieterGraef | 0:d26c1b55cfca | 438 | /* |
DieterGraef | 0:d26c1b55cfca | 439 | * The link is established. |
DieterGraef | 0:d26c1b55cfca | 440 | * Proceed to the Dead, Authenticate or Network phase as appropriate. |
DieterGraef | 0:d26c1b55cfca | 441 | */ |
DieterGraef | 0:d26c1b55cfca | 442 | void |
DieterGraef | 0:d26c1b55cfca | 443 | link_established(int unit) |
DieterGraef | 0:d26c1b55cfca | 444 | { |
DieterGraef | 0:d26c1b55cfca | 445 | int auth; |
DieterGraef | 0:d26c1b55cfca | 446 | int i; |
DieterGraef | 0:d26c1b55cfca | 447 | struct protent *protp; |
DieterGraef | 0:d26c1b55cfca | 448 | lcp_options *wo = &lcp_wantoptions[unit]; |
DieterGraef | 0:d26c1b55cfca | 449 | lcp_options *go = &lcp_gotoptions[unit]; |
DieterGraef | 0:d26c1b55cfca | 450 | #if PAP_SUPPORT || CHAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 451 | lcp_options *ho = &lcp_hisoptions[unit]; |
DieterGraef | 0:d26c1b55cfca | 452 | #endif /* PAP_SUPPORT || CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 453 | |
DieterGraef | 0:d26c1b55cfca | 454 | AUTHDEBUG(LOG_INFO, ("link_established: unit %d; Lowering up all protocols...\n", unit)); |
DieterGraef | 0:d26c1b55cfca | 455 | /* |
DieterGraef | 0:d26c1b55cfca | 456 | * Tell higher-level protocols that LCP is up. |
DieterGraef | 0:d26c1b55cfca | 457 | */ |
DieterGraef | 0:d26c1b55cfca | 458 | for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) { |
DieterGraef | 0:d26c1b55cfca | 459 | if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL) { |
DieterGraef | 0:d26c1b55cfca | 460 | (*protp->lowerup)(unit); |
DieterGraef | 0:d26c1b55cfca | 461 | } |
DieterGraef | 0:d26c1b55cfca | 462 | } |
DieterGraef | 0:d26c1b55cfca | 463 | if (ppp_settings.auth_required && !(go->neg_chap || go->neg_upap)) { |
DieterGraef | 0:d26c1b55cfca | 464 | /* |
DieterGraef | 0:d26c1b55cfca | 465 | * We wanted the peer to authenticate itself, and it refused: |
DieterGraef | 0:d26c1b55cfca | 466 | * treat it as though it authenticated with PAP using a username |
DieterGraef | 0:d26c1b55cfca | 467 | * of "" and a password of "". If that's not OK, boot it out. |
DieterGraef | 0:d26c1b55cfca | 468 | */ |
DieterGraef | 0:d26c1b55cfca | 469 | if (!wo->neg_upap || !null_login(unit)) { |
DieterGraef | 0:d26c1b55cfca | 470 | AUTHDEBUG(LOG_WARNING, ("peer refused to authenticate\n")); |
DieterGraef | 0:d26c1b55cfca | 471 | lcp_close(unit, "peer refused to authenticate"); |
DieterGraef | 0:d26c1b55cfca | 472 | return; |
DieterGraef | 0:d26c1b55cfca | 473 | } |
DieterGraef | 0:d26c1b55cfca | 474 | } |
DieterGraef | 0:d26c1b55cfca | 475 | |
DieterGraef | 0:d26c1b55cfca | 476 | lcp_phase[unit] = PHASE_AUTHENTICATE; |
DieterGraef | 0:d26c1b55cfca | 477 | auth = 0; |
DieterGraef | 0:d26c1b55cfca | 478 | #if CHAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 479 | if (go->neg_chap) { |
DieterGraef | 0:d26c1b55cfca | 480 | ChapAuthPeer(unit, ppp_settings.our_name, go->chap_mdtype); |
DieterGraef | 0:d26c1b55cfca | 481 | auth |= CHAP_PEER; |
DieterGraef | 0:d26c1b55cfca | 482 | } |
DieterGraef | 0:d26c1b55cfca | 483 | #endif /* CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 484 | #if PAP_SUPPORT && CHAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 485 | else |
DieterGraef | 0:d26c1b55cfca | 486 | #endif /* PAP_SUPPORT && CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 487 | #if PAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 488 | if (go->neg_upap) { |
DieterGraef | 0:d26c1b55cfca | 489 | upap_authpeer(unit); |
DieterGraef | 0:d26c1b55cfca | 490 | auth |= PAP_PEER; |
DieterGraef | 0:d26c1b55cfca | 491 | } |
DieterGraef | 0:d26c1b55cfca | 492 | #endif /* PAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 493 | #if CHAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 494 | if (ho->neg_chap) { |
DieterGraef | 0:d26c1b55cfca | 495 | ChapAuthWithPeer(unit, ppp_settings.user, ho->chap_mdtype); |
DieterGraef | 0:d26c1b55cfca | 496 | auth |= CHAP_WITHPEER; |
DieterGraef | 0:d26c1b55cfca | 497 | } |
DieterGraef | 0:d26c1b55cfca | 498 | #endif /* CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 499 | #if PAP_SUPPORT && CHAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 500 | else |
DieterGraef | 0:d26c1b55cfca | 501 | #endif /* PAP_SUPPORT && CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 502 | #if PAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 503 | if (ho->neg_upap) { |
DieterGraef | 0:d26c1b55cfca | 504 | if (ppp_settings.passwd[0] == 0) { |
DieterGraef | 0:d26c1b55cfca | 505 | passwd_from_file = 1; |
DieterGraef | 0:d26c1b55cfca | 506 | if (!get_pap_passwd(unit, ppp_settings.user, ppp_settings.passwd)) { |
DieterGraef | 0:d26c1b55cfca | 507 | AUTHDEBUG(LOG_ERR, ("No secret found for PAP login\n")); |
DieterGraef | 0:d26c1b55cfca | 508 | } |
DieterGraef | 0:d26c1b55cfca | 509 | } |
DieterGraef | 0:d26c1b55cfca | 510 | upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd); |
DieterGraef | 0:d26c1b55cfca | 511 | auth |= PAP_WITHPEER; |
DieterGraef | 0:d26c1b55cfca | 512 | } |
DieterGraef | 0:d26c1b55cfca | 513 | #endif /* PAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 514 | auth_pending[unit] = auth; |
DieterGraef | 0:d26c1b55cfca | 515 | |
DieterGraef | 0:d26c1b55cfca | 516 | if (!auth) { |
DieterGraef | 0:d26c1b55cfca | 517 | network_phase(unit); |
DieterGraef | 0:d26c1b55cfca | 518 | } |
DieterGraef | 0:d26c1b55cfca | 519 | } |
DieterGraef | 0:d26c1b55cfca | 520 | |
DieterGraef | 0:d26c1b55cfca | 521 | /* |
DieterGraef | 0:d26c1b55cfca | 522 | * Proceed to the network phase. |
DieterGraef | 0:d26c1b55cfca | 523 | */ |
DieterGraef | 0:d26c1b55cfca | 524 | static void |
DieterGraef | 0:d26c1b55cfca | 525 | network_phase(int unit) |
DieterGraef | 0:d26c1b55cfca | 526 | { |
DieterGraef | 0:d26c1b55cfca | 527 | int i; |
DieterGraef | 0:d26c1b55cfca | 528 | struct protent *protp; |
DieterGraef | 0:d26c1b55cfca | 529 | lcp_options *go = &lcp_gotoptions[unit]; |
DieterGraef | 0:d26c1b55cfca | 530 | |
DieterGraef | 0:d26c1b55cfca | 531 | /* |
DieterGraef | 0:d26c1b55cfca | 532 | * If the peer had to authenticate, run the auth-up script now. |
DieterGraef | 0:d26c1b55cfca | 533 | */ |
DieterGraef | 0:d26c1b55cfca | 534 | if ((go->neg_chap || go->neg_upap) && !did_authup) { |
DieterGraef | 0:d26c1b55cfca | 535 | /* XXX Do setup for peer authentication. */ |
DieterGraef | 0:d26c1b55cfca | 536 | did_authup = 1; |
DieterGraef | 0:d26c1b55cfca | 537 | } |
DieterGraef | 0:d26c1b55cfca | 538 | |
DieterGraef | 0:d26c1b55cfca | 539 | #if CBCP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 540 | /* |
DieterGraef | 0:d26c1b55cfca | 541 | * If we negotiated callback, do it now. |
DieterGraef | 0:d26c1b55cfca | 542 | */ |
DieterGraef | 0:d26c1b55cfca | 543 | if (go->neg_cbcp) { |
DieterGraef | 0:d26c1b55cfca | 544 | lcp_phase[unit] = PHASE_CALLBACK; |
DieterGraef | 0:d26c1b55cfca | 545 | (*cbcp_protent.open)(unit); |
DieterGraef | 0:d26c1b55cfca | 546 | return; |
DieterGraef | 0:d26c1b55cfca | 547 | } |
DieterGraef | 0:d26c1b55cfca | 548 | #endif /* CBCP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 549 | |
DieterGraef | 0:d26c1b55cfca | 550 | lcp_phase[unit] = PHASE_NETWORK; |
DieterGraef | 0:d26c1b55cfca | 551 | for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) { |
DieterGraef | 0:d26c1b55cfca | 552 | if (protp->protocol < 0xC000 && protp->enabled_flag && protp->open != NULL) { |
DieterGraef | 0:d26c1b55cfca | 553 | (*protp->open)(unit); |
DieterGraef | 0:d26c1b55cfca | 554 | if (protp->protocol != PPP_CCP) { |
DieterGraef | 0:d26c1b55cfca | 555 | ++num_np_open; |
DieterGraef | 0:d26c1b55cfca | 556 | } |
DieterGraef | 0:d26c1b55cfca | 557 | } |
DieterGraef | 0:d26c1b55cfca | 558 | } |
DieterGraef | 0:d26c1b55cfca | 559 | |
DieterGraef | 0:d26c1b55cfca | 560 | if (num_np_open == 0) { |
DieterGraef | 0:d26c1b55cfca | 561 | /* nothing to do */ |
DieterGraef | 0:d26c1b55cfca | 562 | lcp_close(0, "No network protocols running"); |
DieterGraef | 0:d26c1b55cfca | 563 | } |
DieterGraef | 0:d26c1b55cfca | 564 | } |
DieterGraef | 0:d26c1b55cfca | 565 | /* @todo: add void start_networks(void) here (pppd 2.3.11) */ |
DieterGraef | 0:d26c1b55cfca | 566 | |
DieterGraef | 0:d26c1b55cfca | 567 | /* |
DieterGraef | 0:d26c1b55cfca | 568 | * The peer has failed to authenticate himself using `protocol'. |
DieterGraef | 0:d26c1b55cfca | 569 | */ |
DieterGraef | 0:d26c1b55cfca | 570 | void |
DieterGraef | 0:d26c1b55cfca | 571 | auth_peer_fail(int unit, u16_t protocol) |
DieterGraef | 0:d26c1b55cfca | 572 | { |
DieterGraef | 0:d26c1b55cfca | 573 | LWIP_UNUSED_ARG(protocol); |
DieterGraef | 0:d26c1b55cfca | 574 | |
DieterGraef | 0:d26c1b55cfca | 575 | AUTHDEBUG(LOG_INFO, ("auth_peer_fail: %d proto=%X\n", unit, protocol)); |
DieterGraef | 0:d26c1b55cfca | 576 | /* |
DieterGraef | 0:d26c1b55cfca | 577 | * Authentication failure: take the link down |
DieterGraef | 0:d26c1b55cfca | 578 | */ |
DieterGraef | 0:d26c1b55cfca | 579 | lcp_close(unit, "Authentication failed"); |
DieterGraef | 0:d26c1b55cfca | 580 | } |
DieterGraef | 0:d26c1b55cfca | 581 | |
DieterGraef | 0:d26c1b55cfca | 582 | |
DieterGraef | 0:d26c1b55cfca | 583 | #if PAP_SUPPORT || CHAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 584 | /* |
DieterGraef | 0:d26c1b55cfca | 585 | * The peer has been successfully authenticated using `protocol'. |
DieterGraef | 0:d26c1b55cfca | 586 | */ |
DieterGraef | 0:d26c1b55cfca | 587 | void |
DieterGraef | 0:d26c1b55cfca | 588 | auth_peer_success(int unit, u16_t protocol, char *name, int namelen) |
DieterGraef | 0:d26c1b55cfca | 589 | { |
DieterGraef | 0:d26c1b55cfca | 590 | int pbit; |
DieterGraef | 0:d26c1b55cfca | 591 | |
DieterGraef | 0:d26c1b55cfca | 592 | AUTHDEBUG(LOG_INFO, ("auth_peer_success: %d proto=%X\n", unit, protocol)); |
DieterGraef | 0:d26c1b55cfca | 593 | switch (protocol) { |
DieterGraef | 0:d26c1b55cfca | 594 | case PPP_CHAP: |
DieterGraef | 0:d26c1b55cfca | 595 | pbit = CHAP_PEER; |
DieterGraef | 0:d26c1b55cfca | 596 | break; |
DieterGraef | 0:d26c1b55cfca | 597 | case PPP_PAP: |
DieterGraef | 0:d26c1b55cfca | 598 | pbit = PAP_PEER; |
DieterGraef | 0:d26c1b55cfca | 599 | break; |
DieterGraef | 0:d26c1b55cfca | 600 | default: |
DieterGraef | 0:d26c1b55cfca | 601 | AUTHDEBUG(LOG_WARNING, ("auth_peer_success: unknown protocol %x\n", protocol)); |
DieterGraef | 0:d26c1b55cfca | 602 | return; |
DieterGraef | 0:d26c1b55cfca | 603 | } |
DieterGraef | 0:d26c1b55cfca | 604 | |
DieterGraef | 0:d26c1b55cfca | 605 | /* |
DieterGraef | 0:d26c1b55cfca | 606 | * Save the authenticated name of the peer for later. |
DieterGraef | 0:d26c1b55cfca | 607 | */ |
DieterGraef | 0:d26c1b55cfca | 608 | if (namelen > (int)sizeof(peer_authname) - 1) { |
DieterGraef | 0:d26c1b55cfca | 609 | namelen = sizeof(peer_authname) - 1; |
DieterGraef | 0:d26c1b55cfca | 610 | } |
DieterGraef | 0:d26c1b55cfca | 611 | BCOPY(name, peer_authname, namelen); |
DieterGraef | 0:d26c1b55cfca | 612 | peer_authname[namelen] = 0; |
DieterGraef | 0:d26c1b55cfca | 613 | |
DieterGraef | 0:d26c1b55cfca | 614 | /* |
DieterGraef | 0:d26c1b55cfca | 615 | * If there is no more authentication still to be done, |
DieterGraef | 0:d26c1b55cfca | 616 | * proceed to the network (or callback) phase. |
DieterGraef | 0:d26c1b55cfca | 617 | */ |
DieterGraef | 0:d26c1b55cfca | 618 | if ((auth_pending[unit] &= ~pbit) == 0) { |
DieterGraef | 0:d26c1b55cfca | 619 | network_phase(unit); |
DieterGraef | 0:d26c1b55cfca | 620 | } |
DieterGraef | 0:d26c1b55cfca | 621 | } |
DieterGraef | 0:d26c1b55cfca | 622 | |
DieterGraef | 0:d26c1b55cfca | 623 | /* |
DieterGraef | 0:d26c1b55cfca | 624 | * We have failed to authenticate ourselves to the peer using `protocol'. |
DieterGraef | 0:d26c1b55cfca | 625 | */ |
DieterGraef | 0:d26c1b55cfca | 626 | void |
DieterGraef | 0:d26c1b55cfca | 627 | auth_withpeer_fail(int unit, u16_t protocol) |
DieterGraef | 0:d26c1b55cfca | 628 | { |
DieterGraef | 0:d26c1b55cfca | 629 | int errCode = PPPERR_AUTHFAIL; |
DieterGraef | 0:d26c1b55cfca | 630 | |
DieterGraef | 0:d26c1b55cfca | 631 | LWIP_UNUSED_ARG(protocol); |
DieterGraef | 0:d26c1b55cfca | 632 | |
DieterGraef | 0:d26c1b55cfca | 633 | AUTHDEBUG(LOG_INFO, ("auth_withpeer_fail: %d proto=%X\n", unit, protocol)); |
DieterGraef | 0:d26c1b55cfca | 634 | if (passwd_from_file) { |
DieterGraef | 0:d26c1b55cfca | 635 | BZERO(ppp_settings.passwd, MAXSECRETLEN); |
DieterGraef | 0:d26c1b55cfca | 636 | } |
DieterGraef | 0:d26c1b55cfca | 637 | |
DieterGraef | 0:d26c1b55cfca | 638 | /* |
DieterGraef | 0:d26c1b55cfca | 639 | * We've failed to authenticate ourselves to our peer. |
DieterGraef | 0:d26c1b55cfca | 640 | * He'll probably take the link down, and there's not much |
DieterGraef | 0:d26c1b55cfca | 641 | * we can do except wait for that. |
DieterGraef | 0:d26c1b55cfca | 642 | */ |
DieterGraef | 0:d26c1b55cfca | 643 | pppIOCtl(unit, PPPCTLS_ERRCODE, &errCode); |
DieterGraef | 0:d26c1b55cfca | 644 | lcp_close(unit, "Failed to authenticate ourselves to peer"); |
DieterGraef | 0:d26c1b55cfca | 645 | } |
DieterGraef | 0:d26c1b55cfca | 646 | |
DieterGraef | 0:d26c1b55cfca | 647 | /* |
DieterGraef | 0:d26c1b55cfca | 648 | * We have successfully authenticated ourselves with the peer using `protocol'. |
DieterGraef | 0:d26c1b55cfca | 649 | */ |
DieterGraef | 0:d26c1b55cfca | 650 | void |
DieterGraef | 0:d26c1b55cfca | 651 | auth_withpeer_success(int unit, u16_t protocol) |
DieterGraef | 0:d26c1b55cfca | 652 | { |
DieterGraef | 0:d26c1b55cfca | 653 | int pbit; |
DieterGraef | 0:d26c1b55cfca | 654 | |
DieterGraef | 0:d26c1b55cfca | 655 | AUTHDEBUG(LOG_INFO, ("auth_withpeer_success: %d proto=%X\n", unit, protocol)); |
DieterGraef | 0:d26c1b55cfca | 656 | switch (protocol) { |
DieterGraef | 0:d26c1b55cfca | 657 | case PPP_CHAP: |
DieterGraef | 0:d26c1b55cfca | 658 | pbit = CHAP_WITHPEER; |
DieterGraef | 0:d26c1b55cfca | 659 | break; |
DieterGraef | 0:d26c1b55cfca | 660 | case PPP_PAP: |
DieterGraef | 0:d26c1b55cfca | 661 | if (passwd_from_file) { |
DieterGraef | 0:d26c1b55cfca | 662 | BZERO(ppp_settings.passwd, MAXSECRETLEN); |
DieterGraef | 0:d26c1b55cfca | 663 | } |
DieterGraef | 0:d26c1b55cfca | 664 | pbit = PAP_WITHPEER; |
DieterGraef | 0:d26c1b55cfca | 665 | break; |
DieterGraef | 0:d26c1b55cfca | 666 | default: |
DieterGraef | 0:d26c1b55cfca | 667 | AUTHDEBUG(LOG_WARNING, ("auth_peer_success: unknown protocol %x\n", protocol)); |
DieterGraef | 0:d26c1b55cfca | 668 | pbit = 0; |
DieterGraef | 0:d26c1b55cfca | 669 | } |
DieterGraef | 0:d26c1b55cfca | 670 | |
DieterGraef | 0:d26c1b55cfca | 671 | /* |
DieterGraef | 0:d26c1b55cfca | 672 | * If there is no more authentication still being done, |
DieterGraef | 0:d26c1b55cfca | 673 | * proceed to the network (or callback) phase. |
DieterGraef | 0:d26c1b55cfca | 674 | */ |
DieterGraef | 0:d26c1b55cfca | 675 | if ((auth_pending[unit] &= ~pbit) == 0) { |
DieterGraef | 0:d26c1b55cfca | 676 | network_phase(unit); |
DieterGraef | 0:d26c1b55cfca | 677 | } |
DieterGraef | 0:d26c1b55cfca | 678 | } |
DieterGraef | 0:d26c1b55cfca | 679 | #endif /* PAP_SUPPORT || CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 680 | |
DieterGraef | 0:d26c1b55cfca | 681 | |
DieterGraef | 0:d26c1b55cfca | 682 | /* |
DieterGraef | 0:d26c1b55cfca | 683 | * np_up - a network protocol has come up. |
DieterGraef | 0:d26c1b55cfca | 684 | */ |
DieterGraef | 0:d26c1b55cfca | 685 | void |
DieterGraef | 0:d26c1b55cfca | 686 | np_up(int unit, u16_t proto) |
DieterGraef | 0:d26c1b55cfca | 687 | { |
DieterGraef | 0:d26c1b55cfca | 688 | LWIP_UNUSED_ARG(unit); |
DieterGraef | 0:d26c1b55cfca | 689 | LWIP_UNUSED_ARG(proto); |
DieterGraef | 0:d26c1b55cfca | 690 | |
DieterGraef | 0:d26c1b55cfca | 691 | AUTHDEBUG(LOG_INFO, ("np_up: %d proto=%X\n", unit, proto)); |
DieterGraef | 0:d26c1b55cfca | 692 | if (num_np_up == 0) { |
DieterGraef | 0:d26c1b55cfca | 693 | AUTHDEBUG(LOG_INFO, ("np_up: maxconnect=%d idle_time_limit=%d\n",ppp_settings.maxconnect,ppp_settings.idle_time_limit)); |
DieterGraef | 0:d26c1b55cfca | 694 | /* |
DieterGraef | 0:d26c1b55cfca | 695 | * At this point we consider that the link has come up successfully. |
DieterGraef | 0:d26c1b55cfca | 696 | */ |
DieterGraef | 0:d26c1b55cfca | 697 | if (ppp_settings.idle_time_limit > 0) { |
DieterGraef | 0:d26c1b55cfca | 698 | TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit); |
DieterGraef | 0:d26c1b55cfca | 699 | } |
DieterGraef | 0:d26c1b55cfca | 700 | |
DieterGraef | 0:d26c1b55cfca | 701 | /* |
DieterGraef | 0:d26c1b55cfca | 702 | * Set a timeout to close the connection once the maximum |
DieterGraef | 0:d26c1b55cfca | 703 | * connect time has expired. |
DieterGraef | 0:d26c1b55cfca | 704 | */ |
DieterGraef | 0:d26c1b55cfca | 705 | if (ppp_settings.maxconnect > 0) { |
DieterGraef | 0:d26c1b55cfca | 706 | TIMEOUT(connect_time_expired, 0, ppp_settings.maxconnect); |
DieterGraef | 0:d26c1b55cfca | 707 | } |
DieterGraef | 0:d26c1b55cfca | 708 | } |
DieterGraef | 0:d26c1b55cfca | 709 | ++num_np_up; |
DieterGraef | 0:d26c1b55cfca | 710 | } |
DieterGraef | 0:d26c1b55cfca | 711 | |
DieterGraef | 0:d26c1b55cfca | 712 | /* |
DieterGraef | 0:d26c1b55cfca | 713 | * np_down - a network protocol has gone down. |
DieterGraef | 0:d26c1b55cfca | 714 | */ |
DieterGraef | 0:d26c1b55cfca | 715 | void |
DieterGraef | 0:d26c1b55cfca | 716 | np_down(int unit, u16_t proto) |
DieterGraef | 0:d26c1b55cfca | 717 | { |
DieterGraef | 0:d26c1b55cfca | 718 | LWIP_UNUSED_ARG(unit); |
DieterGraef | 0:d26c1b55cfca | 719 | LWIP_UNUSED_ARG(proto); |
DieterGraef | 0:d26c1b55cfca | 720 | |
DieterGraef | 0:d26c1b55cfca | 721 | AUTHDEBUG(LOG_INFO, ("np_down: %d proto=%X\n", unit, proto)); |
DieterGraef | 0:d26c1b55cfca | 722 | if (--num_np_up == 0 && ppp_settings.idle_time_limit > 0) { |
DieterGraef | 0:d26c1b55cfca | 723 | UNTIMEOUT(check_idle, NULL); |
DieterGraef | 0:d26c1b55cfca | 724 | } |
DieterGraef | 0:d26c1b55cfca | 725 | } |
DieterGraef | 0:d26c1b55cfca | 726 | |
DieterGraef | 0:d26c1b55cfca | 727 | /* |
DieterGraef | 0:d26c1b55cfca | 728 | * np_finished - a network protocol has finished using the link. |
DieterGraef | 0:d26c1b55cfca | 729 | */ |
DieterGraef | 0:d26c1b55cfca | 730 | void |
DieterGraef | 0:d26c1b55cfca | 731 | np_finished(int unit, u16_t proto) |
DieterGraef | 0:d26c1b55cfca | 732 | { |
DieterGraef | 0:d26c1b55cfca | 733 | LWIP_UNUSED_ARG(unit); |
DieterGraef | 0:d26c1b55cfca | 734 | LWIP_UNUSED_ARG(proto); |
DieterGraef | 0:d26c1b55cfca | 735 | |
DieterGraef | 0:d26c1b55cfca | 736 | AUTHDEBUG(LOG_INFO, ("np_finished: %d proto=%X\n", unit, proto)); |
DieterGraef | 0:d26c1b55cfca | 737 | if (--num_np_open <= 0) { |
DieterGraef | 0:d26c1b55cfca | 738 | /* no further use for the link: shut up shop. */ |
DieterGraef | 0:d26c1b55cfca | 739 | lcp_close(0, "No network protocols running"); |
DieterGraef | 0:d26c1b55cfca | 740 | } |
DieterGraef | 0:d26c1b55cfca | 741 | } |
DieterGraef | 0:d26c1b55cfca | 742 | |
DieterGraef | 0:d26c1b55cfca | 743 | /* |
DieterGraef | 0:d26c1b55cfca | 744 | * check_idle - check whether the link has been idle for long |
DieterGraef | 0:d26c1b55cfca | 745 | * enough that we can shut it down. |
DieterGraef | 0:d26c1b55cfca | 746 | */ |
DieterGraef | 0:d26c1b55cfca | 747 | static void |
DieterGraef | 0:d26c1b55cfca | 748 | check_idle(void *arg) |
DieterGraef | 0:d26c1b55cfca | 749 | { |
DieterGraef | 0:d26c1b55cfca | 750 | struct ppp_idle idle; |
DieterGraef | 0:d26c1b55cfca | 751 | u_short itime; |
DieterGraef | 0:d26c1b55cfca | 752 | |
DieterGraef | 0:d26c1b55cfca | 753 | LWIP_UNUSED_ARG(arg); |
DieterGraef | 0:d26c1b55cfca | 754 | if (!get_idle_time(0, &idle)) { |
DieterGraef | 0:d26c1b55cfca | 755 | return; |
DieterGraef | 0:d26c1b55cfca | 756 | } |
DieterGraef | 0:d26c1b55cfca | 757 | itime = LWIP_MIN(idle.xmit_idle, idle.recv_idle); |
DieterGraef | 0:d26c1b55cfca | 758 | if (itime >= ppp_settings.idle_time_limit) { |
DieterGraef | 0:d26c1b55cfca | 759 | /* link is idle: shut it down. */ |
DieterGraef | 0:d26c1b55cfca | 760 | AUTHDEBUG(LOG_INFO, ("Terminating connection due to lack of activity.\n")); |
DieterGraef | 0:d26c1b55cfca | 761 | lcp_close(0, "Link inactive"); |
DieterGraef | 0:d26c1b55cfca | 762 | } else { |
DieterGraef | 0:d26c1b55cfca | 763 | TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit - itime); |
DieterGraef | 0:d26c1b55cfca | 764 | } |
DieterGraef | 0:d26c1b55cfca | 765 | } |
DieterGraef | 0:d26c1b55cfca | 766 | |
DieterGraef | 0:d26c1b55cfca | 767 | /* |
DieterGraef | 0:d26c1b55cfca | 768 | * connect_time_expired - log a message and close the connection. |
DieterGraef | 0:d26c1b55cfca | 769 | */ |
DieterGraef | 0:d26c1b55cfca | 770 | static void |
DieterGraef | 0:d26c1b55cfca | 771 | connect_time_expired(void *arg) |
DieterGraef | 0:d26c1b55cfca | 772 | { |
DieterGraef | 0:d26c1b55cfca | 773 | LWIP_UNUSED_ARG(arg); |
DieterGraef | 0:d26c1b55cfca | 774 | |
DieterGraef | 0:d26c1b55cfca | 775 | AUTHDEBUG(LOG_INFO, ("Connect time expired\n")); |
DieterGraef | 0:d26c1b55cfca | 776 | lcp_close(0, "Connect time expired"); /* Close connection */ |
DieterGraef | 0:d26c1b55cfca | 777 | } |
DieterGraef | 0:d26c1b55cfca | 778 | |
DieterGraef | 0:d26c1b55cfca | 779 | #if 0 /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 780 | /* |
DieterGraef | 0:d26c1b55cfca | 781 | * auth_check_options - called to check authentication options. |
DieterGraef | 0:d26c1b55cfca | 782 | */ |
DieterGraef | 0:d26c1b55cfca | 783 | void |
DieterGraef | 0:d26c1b55cfca | 784 | auth_check_options(void) |
DieterGraef | 0:d26c1b55cfca | 785 | { |
DieterGraef | 0:d26c1b55cfca | 786 | lcp_options *wo = &lcp_wantoptions[0]; |
DieterGraef | 0:d26c1b55cfca | 787 | int can_auth; |
DieterGraef | 0:d26c1b55cfca | 788 | ipcp_options *ipwo = &ipcp_wantoptions[0]; |
DieterGraef | 0:d26c1b55cfca | 789 | u32_t remote; |
DieterGraef | 0:d26c1b55cfca | 790 | |
DieterGraef | 0:d26c1b55cfca | 791 | /* Default our_name to hostname, and user to our_name */ |
DieterGraef | 0:d26c1b55cfca | 792 | if (ppp_settings.our_name[0] == 0 || ppp_settings.usehostname) { |
DieterGraef | 0:d26c1b55cfca | 793 | strcpy(ppp_settings.our_name, ppp_settings.hostname); |
DieterGraef | 0:d26c1b55cfca | 794 | } |
DieterGraef | 0:d26c1b55cfca | 795 | |
DieterGraef | 0:d26c1b55cfca | 796 | if (ppp_settings.user[0] == 0) { |
DieterGraef | 0:d26c1b55cfca | 797 | strcpy(ppp_settings.user, ppp_settings.our_name); |
DieterGraef | 0:d26c1b55cfca | 798 | } |
DieterGraef | 0:d26c1b55cfca | 799 | |
DieterGraef | 0:d26c1b55cfca | 800 | /* If authentication is required, ask peer for CHAP or PAP. */ |
DieterGraef | 0:d26c1b55cfca | 801 | if (ppp_settings.auth_required && !wo->neg_chap && !wo->neg_upap) { |
DieterGraef | 0:d26c1b55cfca | 802 | wo->neg_chap = 1; |
DieterGraef | 0:d26c1b55cfca | 803 | wo->neg_upap = 1; |
DieterGraef | 0:d26c1b55cfca | 804 | } |
DieterGraef | 0:d26c1b55cfca | 805 | |
DieterGraef | 0:d26c1b55cfca | 806 | /* |
DieterGraef | 0:d26c1b55cfca | 807 | * Check whether we have appropriate secrets to use |
DieterGraef | 0:d26c1b55cfca | 808 | * to authenticate the peer. |
DieterGraef | 0:d26c1b55cfca | 809 | */ |
DieterGraef | 0:d26c1b55cfca | 810 | can_auth = wo->neg_upap && have_pap_secret(); |
DieterGraef | 0:d26c1b55cfca | 811 | if (!can_auth && wo->neg_chap) { |
DieterGraef | 0:d26c1b55cfca | 812 | remote = ipwo->accept_remote? 0: ipwo->hisaddr; |
DieterGraef | 0:d26c1b55cfca | 813 | can_auth = have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote); |
DieterGraef | 0:d26c1b55cfca | 814 | } |
DieterGraef | 0:d26c1b55cfca | 815 | |
DieterGraef | 0:d26c1b55cfca | 816 | if (ppp_settings.auth_required && !can_auth) { |
DieterGraef | 0:d26c1b55cfca | 817 | ppp_panic("No auth secret"); |
DieterGraef | 0:d26c1b55cfca | 818 | } |
DieterGraef | 0:d26c1b55cfca | 819 | } |
DieterGraef | 0:d26c1b55cfca | 820 | #endif /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 821 | |
DieterGraef | 0:d26c1b55cfca | 822 | /* |
DieterGraef | 0:d26c1b55cfca | 823 | * auth_reset - called when LCP is starting negotiations to recheck |
DieterGraef | 0:d26c1b55cfca | 824 | * authentication options, i.e. whether we have appropriate secrets |
DieterGraef | 0:d26c1b55cfca | 825 | * to use for authenticating ourselves and/or the peer. |
DieterGraef | 0:d26c1b55cfca | 826 | */ |
DieterGraef | 0:d26c1b55cfca | 827 | void |
DieterGraef | 0:d26c1b55cfca | 828 | auth_reset(int unit) |
DieterGraef | 0:d26c1b55cfca | 829 | { |
DieterGraef | 0:d26c1b55cfca | 830 | lcp_options *go = &lcp_gotoptions[unit]; |
DieterGraef | 0:d26c1b55cfca | 831 | lcp_options *ao = &lcp_allowoptions[0]; |
DieterGraef | 0:d26c1b55cfca | 832 | ipcp_options *ipwo = &ipcp_wantoptions[0]; |
DieterGraef | 0:d26c1b55cfca | 833 | u32_t remote; |
DieterGraef | 0:d26c1b55cfca | 834 | |
DieterGraef | 0:d26c1b55cfca | 835 | AUTHDEBUG(LOG_INFO, ("auth_reset: %d\n", unit)); |
DieterGraef | 0:d26c1b55cfca | 836 | ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(unit, NULL, NULL)); |
DieterGraef | 0:d26c1b55cfca | 837 | ao->neg_chap = !ppp_settings.refuse_chap && ppp_settings.passwd[0] != 0 /*have_chap_secret(ppp_settings.user, ppp_settings.remote_name, (u32_t)0)*/; |
DieterGraef | 0:d26c1b55cfca | 838 | |
DieterGraef | 0:d26c1b55cfca | 839 | if (go->neg_upap && !have_pap_secret()) { |
DieterGraef | 0:d26c1b55cfca | 840 | go->neg_upap = 0; |
DieterGraef | 0:d26c1b55cfca | 841 | } |
DieterGraef | 0:d26c1b55cfca | 842 | if (go->neg_chap) { |
DieterGraef | 0:d26c1b55cfca | 843 | remote = ipwo->accept_remote? 0: ipwo->hisaddr; |
DieterGraef | 0:d26c1b55cfca | 844 | if (!have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote)) { |
DieterGraef | 0:d26c1b55cfca | 845 | go->neg_chap = 0; |
DieterGraef | 0:d26c1b55cfca | 846 | } |
DieterGraef | 0:d26c1b55cfca | 847 | } |
DieterGraef | 0:d26c1b55cfca | 848 | } |
DieterGraef | 0:d26c1b55cfca | 849 | |
DieterGraef | 0:d26c1b55cfca | 850 | #if PAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 851 | /* |
DieterGraef | 0:d26c1b55cfca | 852 | * check_passwd - Check the user name and passwd against the PAP secrets |
DieterGraef | 0:d26c1b55cfca | 853 | * file. If requested, also check against the system password database, |
DieterGraef | 0:d26c1b55cfca | 854 | * and login the user if OK. |
DieterGraef | 0:d26c1b55cfca | 855 | * |
DieterGraef | 0:d26c1b55cfca | 856 | * returns: |
DieterGraef | 0:d26c1b55cfca | 857 | * UPAP_AUTHNAK: Authentication failed. |
DieterGraef | 0:d26c1b55cfca | 858 | * UPAP_AUTHACK: Authentication succeeded. |
DieterGraef | 0:d26c1b55cfca | 859 | * In either case, msg points to an appropriate message. |
DieterGraef | 0:d26c1b55cfca | 860 | */ |
DieterGraef | 0:d26c1b55cfca | 861 | u_char |
DieterGraef | 0:d26c1b55cfca | 862 | check_passwd( int unit, char *auser, int userlen, char *apasswd, int passwdlen, char **msg, int *msglen) |
DieterGraef | 0:d26c1b55cfca | 863 | { |
DieterGraef | 0:d26c1b55cfca | 864 | #if 1 /* XXX Assume all entries OK. */ |
DieterGraef | 0:d26c1b55cfca | 865 | LWIP_UNUSED_ARG(unit); |
DieterGraef | 0:d26c1b55cfca | 866 | LWIP_UNUSED_ARG(auser); |
DieterGraef | 0:d26c1b55cfca | 867 | LWIP_UNUSED_ARG(userlen); |
DieterGraef | 0:d26c1b55cfca | 868 | LWIP_UNUSED_ARG(apasswd); |
DieterGraef | 0:d26c1b55cfca | 869 | LWIP_UNUSED_ARG(passwdlen); |
DieterGraef | 0:d26c1b55cfca | 870 | LWIP_UNUSED_ARG(msglen); |
DieterGraef | 0:d26c1b55cfca | 871 | *msg = (char *) 0; |
DieterGraef | 0:d26c1b55cfca | 872 | return UPAP_AUTHACK; /* XXX Assume all entries OK. */ |
DieterGraef | 0:d26c1b55cfca | 873 | #else |
DieterGraef | 0:d26c1b55cfca | 874 | u_char ret = 0; |
DieterGraef | 0:d26c1b55cfca | 875 | struct wordlist *addrs = NULL; |
DieterGraef | 0:d26c1b55cfca | 876 | char passwd[256], user[256]; |
DieterGraef | 0:d26c1b55cfca | 877 | char secret[MAXWORDLEN]; |
DieterGraef | 0:d26c1b55cfca | 878 | static u_short attempts = 0; |
DieterGraef | 0:d26c1b55cfca | 879 | |
DieterGraef | 0:d26c1b55cfca | 880 | /* |
DieterGraef | 0:d26c1b55cfca | 881 | * Make copies of apasswd and auser, then null-terminate them. |
DieterGraef | 0:d26c1b55cfca | 882 | */ |
DieterGraef | 0:d26c1b55cfca | 883 | BCOPY(apasswd, passwd, passwdlen); |
DieterGraef | 0:d26c1b55cfca | 884 | passwd[passwdlen] = '\0'; |
DieterGraef | 0:d26c1b55cfca | 885 | BCOPY(auser, user, userlen); |
DieterGraef | 0:d26c1b55cfca | 886 | user[userlen] = '\0'; |
DieterGraef | 0:d26c1b55cfca | 887 | *msg = (char *) 0; |
DieterGraef | 0:d26c1b55cfca | 888 | |
DieterGraef | 0:d26c1b55cfca | 889 | /* XXX Validate user name and password. */ |
DieterGraef | 0:d26c1b55cfca | 890 | ret = UPAP_AUTHACK; /* XXX Assume all entries OK. */ |
DieterGraef | 0:d26c1b55cfca | 891 | |
DieterGraef | 0:d26c1b55cfca | 892 | if (ret == UPAP_AUTHNAK) { |
DieterGraef | 0:d26c1b55cfca | 893 | if (*msg == (char *) 0) { |
DieterGraef | 0:d26c1b55cfca | 894 | *msg = "Login incorrect"; |
DieterGraef | 0:d26c1b55cfca | 895 | } |
DieterGraef | 0:d26c1b55cfca | 896 | *msglen = strlen(*msg); |
DieterGraef | 0:d26c1b55cfca | 897 | /* |
DieterGraef | 0:d26c1b55cfca | 898 | * Frustrate passwd stealer programs. |
DieterGraef | 0:d26c1b55cfca | 899 | * Allow 10 tries, but start backing off after 3 (stolen from login). |
DieterGraef | 0:d26c1b55cfca | 900 | * On 10'th, drop the connection. |
DieterGraef | 0:d26c1b55cfca | 901 | */ |
DieterGraef | 0:d26c1b55cfca | 902 | if (attempts++ >= 10) { |
DieterGraef | 0:d26c1b55cfca | 903 | AUTHDEBUG(LOG_WARNING, ("%d LOGIN FAILURES BY %s\n", attempts, user)); |
DieterGraef | 0:d26c1b55cfca | 904 | /*ppp_panic("Excess Bad Logins");*/ |
DieterGraef | 0:d26c1b55cfca | 905 | } |
DieterGraef | 0:d26c1b55cfca | 906 | if (attempts > 3) { |
DieterGraef | 0:d26c1b55cfca | 907 | /* @todo: this was sleep(), i.e. seconds, not milliseconds |
DieterGraef | 0:d26c1b55cfca | 908 | * I don't think we really need this in lwIP - we would block tcpip_thread! |
DieterGraef | 0:d26c1b55cfca | 909 | */ |
DieterGraef | 0:d26c1b55cfca | 910 | /*sys_msleep((attempts - 3) * 5);*/ |
DieterGraef | 0:d26c1b55cfca | 911 | } |
DieterGraef | 0:d26c1b55cfca | 912 | if (addrs != NULL) { |
DieterGraef | 0:d26c1b55cfca | 913 | free_wordlist(addrs); |
DieterGraef | 0:d26c1b55cfca | 914 | } |
DieterGraef | 0:d26c1b55cfca | 915 | } else { |
DieterGraef | 0:d26c1b55cfca | 916 | attempts = 0; /* Reset count */ |
DieterGraef | 0:d26c1b55cfca | 917 | if (*msg == (char *) 0) { |
DieterGraef | 0:d26c1b55cfca | 918 | *msg = "Login ok"; |
DieterGraef | 0:d26c1b55cfca | 919 | } |
DieterGraef | 0:d26c1b55cfca | 920 | *msglen = strlen(*msg); |
DieterGraef | 0:d26c1b55cfca | 921 | set_allowed_addrs(unit, addrs); |
DieterGraef | 0:d26c1b55cfca | 922 | } |
DieterGraef | 0:d26c1b55cfca | 923 | |
DieterGraef | 0:d26c1b55cfca | 924 | BZERO(passwd, sizeof(passwd)); |
DieterGraef | 0:d26c1b55cfca | 925 | BZERO(secret, sizeof(secret)); |
DieterGraef | 0:d26c1b55cfca | 926 | |
DieterGraef | 0:d26c1b55cfca | 927 | return ret; |
DieterGraef | 0:d26c1b55cfca | 928 | #endif |
DieterGraef | 0:d26c1b55cfca | 929 | } |
DieterGraef | 0:d26c1b55cfca | 930 | #endif /* PAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 931 | |
DieterGraef | 0:d26c1b55cfca | 932 | #if 0 /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 933 | /* |
DieterGraef | 0:d26c1b55cfca | 934 | * This function is needed for PAM. |
DieterGraef | 0:d26c1b55cfca | 935 | */ |
DieterGraef | 0:d26c1b55cfca | 936 | |
DieterGraef | 0:d26c1b55cfca | 937 | #ifdef USE_PAM |
DieterGraef | 0:d26c1b55cfca | 938 | |
DieterGraef | 0:d26c1b55cfca | 939 | /* lwip does not support PAM*/ |
DieterGraef | 0:d26c1b55cfca | 940 | |
DieterGraef | 0:d26c1b55cfca | 941 | #endif /* USE_PAM */ |
DieterGraef | 0:d26c1b55cfca | 942 | |
DieterGraef | 0:d26c1b55cfca | 943 | #endif /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 944 | |
DieterGraef | 0:d26c1b55cfca | 945 | |
DieterGraef | 0:d26c1b55cfca | 946 | #if 0 /* UNUSED */ |
DieterGraef | 0:d26c1b55cfca | 947 | /* |
DieterGraef | 0:d26c1b55cfca | 948 | * plogin - Check the user name and password against the system |
DieterGraef | 0:d26c1b55cfca | 949 | * password database, and login the user if OK. |
DieterGraef | 0:d26c1b55cfca | 950 | * |
DieterGraef | 0:d26c1b55cfca | 951 | * returns: |
DieterGraef | 0:d26c1b55cfca | 952 | * UPAP_AUTHNAK: Login failed. |
DieterGraef | 0:d26c1b55cfca | 953 | * UPAP_AUTHACK: Login succeeded. |
DieterGraef | 0:d26c1b55cfca | 954 | * In either case, msg points to an appropriate message. |
DieterGraef | 0:d26c1b55cfca | 955 | */ |
DieterGraef | 0:d26c1b55cfca | 956 | static int |
DieterGraef | 0:d26c1b55cfca | 957 | plogin(char *user, char *passwd, char **msg, int *msglen) |
DieterGraef | 0:d26c1b55cfca | 958 | { |
DieterGraef | 0:d26c1b55cfca | 959 | |
DieterGraef | 0:d26c1b55cfca | 960 | LWIP_UNUSED_ARG(user); |
DieterGraef | 0:d26c1b55cfca | 961 | LWIP_UNUSED_ARG(passwd); |
DieterGraef | 0:d26c1b55cfca | 962 | LWIP_UNUSED_ARG(msg); |
DieterGraef | 0:d26c1b55cfca | 963 | LWIP_UNUSED_ARG(msglen); |
DieterGraef | 0:d26c1b55cfca | 964 | |
DieterGraef | 0:d26c1b55cfca | 965 | |
DieterGraef | 0:d26c1b55cfca | 966 | /* The new lines are here align the file when |
DieterGraef | 0:d26c1b55cfca | 967 | * compared against the pppd 2.3.11 code */ |
DieterGraef | 0:d26c1b55cfca | 968 | |
DieterGraef | 0:d26c1b55cfca | 969 | |
DieterGraef | 0:d26c1b55cfca | 970 | |
DieterGraef | 0:d26c1b55cfca | 971 | |
DieterGraef | 0:d26c1b55cfca | 972 | |
DieterGraef | 0:d26c1b55cfca | 973 | |
DieterGraef | 0:d26c1b55cfca | 974 | |
DieterGraef | 0:d26c1b55cfca | 975 | |
DieterGraef | 0:d26c1b55cfca | 976 | |
DieterGraef | 0:d26c1b55cfca | 977 | |
DieterGraef | 0:d26c1b55cfca | 978 | |
DieterGraef | 0:d26c1b55cfca | 979 | |
DieterGraef | 0:d26c1b55cfca | 980 | |
DieterGraef | 0:d26c1b55cfca | 981 | |
DieterGraef | 0:d26c1b55cfca | 982 | |
DieterGraef | 0:d26c1b55cfca | 983 | |
DieterGraef | 0:d26c1b55cfca | 984 | /* XXX Fail until we decide that we want to support logins. */ |
DieterGraef | 0:d26c1b55cfca | 985 | return (UPAP_AUTHNAK); |
DieterGraef | 0:d26c1b55cfca | 986 | } |
DieterGraef | 0:d26c1b55cfca | 987 | #endif |
DieterGraef | 0:d26c1b55cfca | 988 | |
DieterGraef | 0:d26c1b55cfca | 989 | |
DieterGraef | 0:d26c1b55cfca | 990 | |
DieterGraef | 0:d26c1b55cfca | 991 | /* |
DieterGraef | 0:d26c1b55cfca | 992 | * plogout - Logout the user. |
DieterGraef | 0:d26c1b55cfca | 993 | */ |
DieterGraef | 0:d26c1b55cfca | 994 | static void |
DieterGraef | 0:d26c1b55cfca | 995 | plogout(void) |
DieterGraef | 0:d26c1b55cfca | 996 | { |
DieterGraef | 0:d26c1b55cfca | 997 | logged_in = 0; |
DieterGraef | 0:d26c1b55cfca | 998 | } |
DieterGraef | 0:d26c1b55cfca | 999 | |
DieterGraef | 0:d26c1b55cfca | 1000 | /* |
DieterGraef | 0:d26c1b55cfca | 1001 | * null_login - Check if a username of "" and a password of "" are |
DieterGraef | 0:d26c1b55cfca | 1002 | * acceptable, and iff so, set the list of acceptable IP addresses |
DieterGraef | 0:d26c1b55cfca | 1003 | * and return 1. |
DieterGraef | 0:d26c1b55cfca | 1004 | */ |
DieterGraef | 0:d26c1b55cfca | 1005 | static int |
DieterGraef | 0:d26c1b55cfca | 1006 | null_login(int unit) |
DieterGraef | 0:d26c1b55cfca | 1007 | { |
DieterGraef | 0:d26c1b55cfca | 1008 | LWIP_UNUSED_ARG(unit); |
DieterGraef | 0:d26c1b55cfca | 1009 | /* XXX Fail until we decide that we want to support logins. */ |
DieterGraef | 0:d26c1b55cfca | 1010 | return 0; |
DieterGraef | 0:d26c1b55cfca | 1011 | } |
DieterGraef | 0:d26c1b55cfca | 1012 | |
DieterGraef | 0:d26c1b55cfca | 1013 | |
DieterGraef | 0:d26c1b55cfca | 1014 | /* |
DieterGraef | 0:d26c1b55cfca | 1015 | * get_pap_passwd - get a password for authenticating ourselves with |
DieterGraef | 0:d26c1b55cfca | 1016 | * our peer using PAP. Returns 1 on success, 0 if no suitable password |
DieterGraef | 0:d26c1b55cfca | 1017 | * could be found. |
DieterGraef | 0:d26c1b55cfca | 1018 | */ |
DieterGraef | 0:d26c1b55cfca | 1019 | static int |
DieterGraef | 0:d26c1b55cfca | 1020 | get_pap_passwd(int unit, char *user, char *passwd) |
DieterGraef | 0:d26c1b55cfca | 1021 | { |
DieterGraef | 0:d26c1b55cfca | 1022 | LWIP_UNUSED_ARG(unit); |
DieterGraef | 0:d26c1b55cfca | 1023 | /* normally we would reject PAP if no password is provided, |
DieterGraef | 0:d26c1b55cfca | 1024 | but this causes problems with some providers (like CHT in Taiwan) |
DieterGraef | 0:d26c1b55cfca | 1025 | who incorrectly request PAP and expect a bogus/empty password, so |
DieterGraef | 0:d26c1b55cfca | 1026 | always provide a default user/passwd of "none"/"none" |
DieterGraef | 0:d26c1b55cfca | 1027 | |
DieterGraef | 0:d26c1b55cfca | 1028 | @todo: This should be configured by the user, instead of being hardcoded here! |
DieterGraef | 0:d26c1b55cfca | 1029 | */ |
DieterGraef | 0:d26c1b55cfca | 1030 | if(user) { |
DieterGraef | 0:d26c1b55cfca | 1031 | strcpy(user, "none"); |
DieterGraef | 0:d26c1b55cfca | 1032 | } |
DieterGraef | 0:d26c1b55cfca | 1033 | if(passwd) { |
DieterGraef | 0:d26c1b55cfca | 1034 | strcpy(passwd, "none"); |
DieterGraef | 0:d26c1b55cfca | 1035 | } |
DieterGraef | 0:d26c1b55cfca | 1036 | return 1; |
DieterGraef | 0:d26c1b55cfca | 1037 | } |
DieterGraef | 0:d26c1b55cfca | 1038 | |
DieterGraef | 0:d26c1b55cfca | 1039 | /* |
DieterGraef | 0:d26c1b55cfca | 1040 | * have_pap_secret - check whether we have a PAP file with any |
DieterGraef | 0:d26c1b55cfca | 1041 | * secrets that we could possibly use for authenticating the peer. |
DieterGraef | 0:d26c1b55cfca | 1042 | */ |
DieterGraef | 0:d26c1b55cfca | 1043 | static int |
DieterGraef | 0:d26c1b55cfca | 1044 | have_pap_secret(void) |
DieterGraef | 0:d26c1b55cfca | 1045 | { |
DieterGraef | 0:d26c1b55cfca | 1046 | /* XXX Fail until we set up our passwords. */ |
DieterGraef | 0:d26c1b55cfca | 1047 | return 0; |
DieterGraef | 0:d26c1b55cfca | 1048 | } |
DieterGraef | 0:d26c1b55cfca | 1049 | |
DieterGraef | 0:d26c1b55cfca | 1050 | /* |
DieterGraef | 0:d26c1b55cfca | 1051 | * have_chap_secret - check whether we have a CHAP file with a |
DieterGraef | 0:d26c1b55cfca | 1052 | * secret that we could possibly use for authenticating `client' |
DieterGraef | 0:d26c1b55cfca | 1053 | * on `server'. Either can be the null string, meaning we don't |
DieterGraef | 0:d26c1b55cfca | 1054 | * know the identity yet. |
DieterGraef | 0:d26c1b55cfca | 1055 | */ |
DieterGraef | 0:d26c1b55cfca | 1056 | static int |
DieterGraef | 0:d26c1b55cfca | 1057 | have_chap_secret(char *client, char *server, u32_t remote) |
DieterGraef | 0:d26c1b55cfca | 1058 | { |
DieterGraef | 0:d26c1b55cfca | 1059 | LWIP_UNUSED_ARG(client); |
DieterGraef | 0:d26c1b55cfca | 1060 | LWIP_UNUSED_ARG(server); |
DieterGraef | 0:d26c1b55cfca | 1061 | LWIP_UNUSED_ARG(remote); |
DieterGraef | 0:d26c1b55cfca | 1062 | |
DieterGraef | 0:d26c1b55cfca | 1063 | /* XXX Fail until we set up our passwords. */ |
DieterGraef | 0:d26c1b55cfca | 1064 | return 0; |
DieterGraef | 0:d26c1b55cfca | 1065 | } |
DieterGraef | 0:d26c1b55cfca | 1066 | #if CHAP_SUPPORT |
DieterGraef | 0:d26c1b55cfca | 1067 | |
DieterGraef | 0:d26c1b55cfca | 1068 | /* |
DieterGraef | 0:d26c1b55cfca | 1069 | * get_secret - open the CHAP secret file and return the secret |
DieterGraef | 0:d26c1b55cfca | 1070 | * for authenticating the given client on the given server. |
DieterGraef | 0:d26c1b55cfca | 1071 | * (We could be either client or server). |
DieterGraef | 0:d26c1b55cfca | 1072 | */ |
DieterGraef | 0:d26c1b55cfca | 1073 | int |
DieterGraef | 0:d26c1b55cfca | 1074 | get_secret(int unit, char *client, char *server, char *secret, int *secret_len, int save_addrs) |
DieterGraef | 0:d26c1b55cfca | 1075 | { |
DieterGraef | 0:d26c1b55cfca | 1076 | #if 1 |
DieterGraef | 0:d26c1b55cfca | 1077 | int len; |
DieterGraef | 0:d26c1b55cfca | 1078 | struct wordlist *addrs; |
DieterGraef | 0:d26c1b55cfca | 1079 | |
DieterGraef | 0:d26c1b55cfca | 1080 | LWIP_UNUSED_ARG(unit); |
DieterGraef | 0:d26c1b55cfca | 1081 | LWIP_UNUSED_ARG(server); |
DieterGraef | 0:d26c1b55cfca | 1082 | LWIP_UNUSED_ARG(save_addrs); |
DieterGraef | 0:d26c1b55cfca | 1083 | |
DieterGraef | 0:d26c1b55cfca | 1084 | addrs = NULL; |
DieterGraef | 0:d26c1b55cfca | 1085 | |
DieterGraef | 0:d26c1b55cfca | 1086 | if(!client || !client[0] || strcmp(client, ppp_settings.user)) { |
DieterGraef | 0:d26c1b55cfca | 1087 | return 0; |
DieterGraef | 0:d26c1b55cfca | 1088 | } |
DieterGraef | 0:d26c1b55cfca | 1089 | |
DieterGraef | 0:d26c1b55cfca | 1090 | len = (int)strlen(ppp_settings.passwd); |
DieterGraef | 0:d26c1b55cfca | 1091 | if (len > MAXSECRETLEN) { |
DieterGraef | 0:d26c1b55cfca | 1092 | AUTHDEBUG(LOG_ERR, ("Secret for %s on %s is too long\n", client, server)); |
DieterGraef | 0:d26c1b55cfca | 1093 | len = MAXSECRETLEN; |
DieterGraef | 0:d26c1b55cfca | 1094 | } |
DieterGraef | 0:d26c1b55cfca | 1095 | |
DieterGraef | 0:d26c1b55cfca | 1096 | BCOPY(ppp_settings.passwd, secret, len); |
DieterGraef | 0:d26c1b55cfca | 1097 | *secret_len = len; |
DieterGraef | 0:d26c1b55cfca | 1098 | |
DieterGraef | 0:d26c1b55cfca | 1099 | return 1; |
DieterGraef | 0:d26c1b55cfca | 1100 | #else |
DieterGraef | 0:d26c1b55cfca | 1101 | int ret = 0, len; |
DieterGraef | 0:d26c1b55cfca | 1102 | struct wordlist *addrs; |
DieterGraef | 0:d26c1b55cfca | 1103 | char secbuf[MAXWORDLEN]; |
DieterGraef | 0:d26c1b55cfca | 1104 | |
DieterGraef | 0:d26c1b55cfca | 1105 | addrs = NULL; |
DieterGraef | 0:d26c1b55cfca | 1106 | secbuf[0] = 0; |
DieterGraef | 0:d26c1b55cfca | 1107 | |
DieterGraef | 0:d26c1b55cfca | 1108 | /* XXX Find secret. */ |
DieterGraef | 0:d26c1b55cfca | 1109 | if (ret < 0) { |
DieterGraef | 0:d26c1b55cfca | 1110 | return 0; |
DieterGraef | 0:d26c1b55cfca | 1111 | } |
DieterGraef | 0:d26c1b55cfca | 1112 | |
DieterGraef | 0:d26c1b55cfca | 1113 | if (save_addrs) { |
DieterGraef | 0:d26c1b55cfca | 1114 | set_allowed_addrs(unit, addrs); |
DieterGraef | 0:d26c1b55cfca | 1115 | } |
DieterGraef | 0:d26c1b55cfca | 1116 | |
DieterGraef | 0:d26c1b55cfca | 1117 | len = strlen(secbuf); |
DieterGraef | 0:d26c1b55cfca | 1118 | if (len > MAXSECRETLEN) { |
DieterGraef | 0:d26c1b55cfca | 1119 | AUTHDEBUG(LOG_ERR, ("Secret for %s on %s is too long\n", client, server)); |
DieterGraef | 0:d26c1b55cfca | 1120 | len = MAXSECRETLEN; |
DieterGraef | 0:d26c1b55cfca | 1121 | } |
DieterGraef | 0:d26c1b55cfca | 1122 | |
DieterGraef | 0:d26c1b55cfca | 1123 | BCOPY(secbuf, secret, len); |
DieterGraef | 0:d26c1b55cfca | 1124 | BZERO(secbuf, sizeof(secbuf)); |
DieterGraef | 0:d26c1b55cfca | 1125 | *secret_len = len; |
DieterGraef | 0:d26c1b55cfca | 1126 | |
DieterGraef | 0:d26c1b55cfca | 1127 | return 1; |
DieterGraef | 0:d26c1b55cfca | 1128 | #endif |
DieterGraef | 0:d26c1b55cfca | 1129 | } |
DieterGraef | 0:d26c1b55cfca | 1130 | #endif /* CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 1131 | |
DieterGraef | 0:d26c1b55cfca | 1132 | |
DieterGraef | 0:d26c1b55cfca | 1133 | #if 0 /* PAP_SUPPORT || CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 1134 | /* |
DieterGraef | 0:d26c1b55cfca | 1135 | * set_allowed_addrs() - set the list of allowed addresses. |
DieterGraef | 0:d26c1b55cfca | 1136 | */ |
DieterGraef | 0:d26c1b55cfca | 1137 | static void |
DieterGraef | 0:d26c1b55cfca | 1138 | set_allowed_addrs(int unit, struct wordlist *addrs) |
DieterGraef | 0:d26c1b55cfca | 1139 | { |
DieterGraef | 0:d26c1b55cfca | 1140 | if (addresses[unit] != NULL) { |
DieterGraef | 0:d26c1b55cfca | 1141 | free_wordlist(addresses[unit]); |
DieterGraef | 0:d26c1b55cfca | 1142 | } |
DieterGraef | 0:d26c1b55cfca | 1143 | addresses[unit] = addrs; |
DieterGraef | 0:d26c1b55cfca | 1144 | |
DieterGraef | 0:d26c1b55cfca | 1145 | #if 0 |
DieterGraef | 0:d26c1b55cfca | 1146 | /* |
DieterGraef | 0:d26c1b55cfca | 1147 | * If there's only one authorized address we might as well |
DieterGraef | 0:d26c1b55cfca | 1148 | * ask our peer for that one right away |
DieterGraef | 0:d26c1b55cfca | 1149 | */ |
DieterGraef | 0:d26c1b55cfca | 1150 | if (addrs != NULL && addrs->next == NULL) { |
DieterGraef | 0:d26c1b55cfca | 1151 | char *p = addrs->word; |
DieterGraef | 0:d26c1b55cfca | 1152 | struct ipcp_options *wo = &ipcp_wantoptions[unit]; |
DieterGraef | 0:d26c1b55cfca | 1153 | u32_t a; |
DieterGraef | 0:d26c1b55cfca | 1154 | struct hostent *hp; |
DieterGraef | 0:d26c1b55cfca | 1155 | |
DieterGraef | 0:d26c1b55cfca | 1156 | if (wo->hisaddr == 0 && *p != '!' && *p != '-' && strchr(p, '/') == NULL) { |
DieterGraef | 0:d26c1b55cfca | 1157 | hp = gethostbyname(p); |
DieterGraef | 0:d26c1b55cfca | 1158 | if (hp != NULL && hp->h_addrtype == AF_INET) { |
DieterGraef | 0:d26c1b55cfca | 1159 | a = *(u32_t *)hp->h_addr; |
DieterGraef | 0:d26c1b55cfca | 1160 | } else { |
DieterGraef | 0:d26c1b55cfca | 1161 | a = inet_addr(p); |
DieterGraef | 0:d26c1b55cfca | 1162 | } |
DieterGraef | 0:d26c1b55cfca | 1163 | if (a != (u32_t) -1) { |
DieterGraef | 0:d26c1b55cfca | 1164 | wo->hisaddr = a; |
DieterGraef | 0:d26c1b55cfca | 1165 | } |
DieterGraef | 0:d26c1b55cfca | 1166 | } |
DieterGraef | 0:d26c1b55cfca | 1167 | } |
DieterGraef | 0:d26c1b55cfca | 1168 | #endif |
DieterGraef | 0:d26c1b55cfca | 1169 | } |
DieterGraef | 0:d26c1b55cfca | 1170 | #endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 1171 | |
DieterGraef | 0:d26c1b55cfca | 1172 | /* |
DieterGraef | 0:d26c1b55cfca | 1173 | * auth_ip_addr - check whether the peer is authorized to use |
DieterGraef | 0:d26c1b55cfca | 1174 | * a given IP address. Returns 1 if authorized, 0 otherwise. |
DieterGraef | 0:d26c1b55cfca | 1175 | */ |
DieterGraef | 0:d26c1b55cfca | 1176 | int |
DieterGraef | 0:d26c1b55cfca | 1177 | auth_ip_addr(int unit, u32_t addr) |
DieterGraef | 0:d26c1b55cfca | 1178 | { |
DieterGraef | 0:d26c1b55cfca | 1179 | return ip_addr_check(addr, addresses[unit]); |
DieterGraef | 0:d26c1b55cfca | 1180 | } |
DieterGraef | 0:d26c1b55cfca | 1181 | |
DieterGraef | 0:d26c1b55cfca | 1182 | static int /* @todo: integrate this funtion into auth_ip_addr()*/ |
DieterGraef | 0:d26c1b55cfca | 1183 | ip_addr_check(u32_t addr, struct wordlist *addrs) |
DieterGraef | 0:d26c1b55cfca | 1184 | { |
DieterGraef | 0:d26c1b55cfca | 1185 | /* don't allow loopback or multicast address */ |
DieterGraef | 0:d26c1b55cfca | 1186 | if (bad_ip_adrs(addr)) { |
DieterGraef | 0:d26c1b55cfca | 1187 | return 0; |
DieterGraef | 0:d26c1b55cfca | 1188 | } |
DieterGraef | 0:d26c1b55cfca | 1189 | |
DieterGraef | 0:d26c1b55cfca | 1190 | if (addrs == NULL) { |
DieterGraef | 0:d26c1b55cfca | 1191 | return !ppp_settings.auth_required; /* no addresses authorized */ |
DieterGraef | 0:d26c1b55cfca | 1192 | } |
DieterGraef | 0:d26c1b55cfca | 1193 | |
DieterGraef | 0:d26c1b55cfca | 1194 | /* XXX All other addresses allowed. */ |
DieterGraef | 0:d26c1b55cfca | 1195 | return 1; |
DieterGraef | 0:d26c1b55cfca | 1196 | } |
DieterGraef | 0:d26c1b55cfca | 1197 | |
DieterGraef | 0:d26c1b55cfca | 1198 | /* |
DieterGraef | 0:d26c1b55cfca | 1199 | * bad_ip_adrs - return 1 if the IP address is one we don't want |
DieterGraef | 0:d26c1b55cfca | 1200 | * to use, such as an address in the loopback net or a multicast address. |
DieterGraef | 0:d26c1b55cfca | 1201 | * addr is in network byte order. |
DieterGraef | 0:d26c1b55cfca | 1202 | */ |
DieterGraef | 0:d26c1b55cfca | 1203 | int |
DieterGraef | 0:d26c1b55cfca | 1204 | bad_ip_adrs(u32_t addr) |
DieterGraef | 0:d26c1b55cfca | 1205 | { |
DieterGraef | 0:d26c1b55cfca | 1206 | addr = ntohl(addr); |
DieterGraef | 0:d26c1b55cfca | 1207 | return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET |
DieterGraef | 0:d26c1b55cfca | 1208 | || IN_MULTICAST(addr) || IN_BADCLASS(addr); |
DieterGraef | 0:d26c1b55cfca | 1209 | } |
DieterGraef | 0:d26c1b55cfca | 1210 | |
DieterGraef | 0:d26c1b55cfca | 1211 | #if 0 /* UNUSED */ /* PAP_SUPPORT || CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 1212 | /* |
DieterGraef | 0:d26c1b55cfca | 1213 | * some_ip_ok - check a wordlist to see if it authorizes any |
DieterGraef | 0:d26c1b55cfca | 1214 | * IP address(es). |
DieterGraef | 0:d26c1b55cfca | 1215 | */ |
DieterGraef | 0:d26c1b55cfca | 1216 | static int |
DieterGraef | 0:d26c1b55cfca | 1217 | some_ip_ok(struct wordlist *addrs) |
DieterGraef | 0:d26c1b55cfca | 1218 | { |
DieterGraef | 0:d26c1b55cfca | 1219 | for (; addrs != 0; addrs = addrs->next) { |
DieterGraef | 0:d26c1b55cfca | 1220 | if (addrs->word[0] == '-') |
DieterGraef | 0:d26c1b55cfca | 1221 | break; |
DieterGraef | 0:d26c1b55cfca | 1222 | if (addrs->word[0] != '!') |
DieterGraef | 0:d26c1b55cfca | 1223 | return 1; /* some IP address is allowed */ |
DieterGraef | 0:d26c1b55cfca | 1224 | } |
DieterGraef | 0:d26c1b55cfca | 1225 | return 0; |
DieterGraef | 0:d26c1b55cfca | 1226 | } |
DieterGraef | 0:d26c1b55cfca | 1227 | |
DieterGraef | 0:d26c1b55cfca | 1228 | /* |
DieterGraef | 0:d26c1b55cfca | 1229 | * check_access - complain if a secret file has too-liberal permissions. |
DieterGraef | 0:d26c1b55cfca | 1230 | */ |
DieterGraef | 0:d26c1b55cfca | 1231 | static void |
DieterGraef | 0:d26c1b55cfca | 1232 | check_access(FILE *f, char *filename) |
DieterGraef | 0:d26c1b55cfca | 1233 | { |
DieterGraef | 0:d26c1b55cfca | 1234 | struct stat sbuf; |
DieterGraef | 0:d26c1b55cfca | 1235 | |
DieterGraef | 0:d26c1b55cfca | 1236 | if (fstat(fileno(f), &sbuf) < 0) { |
DieterGraef | 0:d26c1b55cfca | 1237 | warn("cannot stat secret file %s: %m", filename); |
DieterGraef | 0:d26c1b55cfca | 1238 | } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) { |
DieterGraef | 0:d26c1b55cfca | 1239 | warn("Warning - secret file %s has world and/or group access", |
DieterGraef | 0:d26c1b55cfca | 1240 | filename); |
DieterGraef | 0:d26c1b55cfca | 1241 | } |
DieterGraef | 0:d26c1b55cfca | 1242 | } |
DieterGraef | 0:d26c1b55cfca | 1243 | |
DieterGraef | 0:d26c1b55cfca | 1244 | |
DieterGraef | 0:d26c1b55cfca | 1245 | /* |
DieterGraef | 0:d26c1b55cfca | 1246 | * scan_authfile - Scan an authorization file for a secret suitable |
DieterGraef | 0:d26c1b55cfca | 1247 | * for authenticating `client' on `server'. The return value is -1 |
DieterGraef | 0:d26c1b55cfca | 1248 | * if no secret is found, otherwise >= 0. The return value has |
DieterGraef | 0:d26c1b55cfca | 1249 | * NONWILD_CLIENT set if the secret didn't have "*" for the client, and |
DieterGraef | 0:d26c1b55cfca | 1250 | * NONWILD_SERVER set if the secret didn't have "*" for the server. |
DieterGraef | 0:d26c1b55cfca | 1251 | * Any following words on the line up to a "--" (i.e. address authorization |
DieterGraef | 0:d26c1b55cfca | 1252 | * info) are placed in a wordlist and returned in *addrs. Any |
DieterGraef | 0:d26c1b55cfca | 1253 | * following words (extra options) are placed in a wordlist and |
DieterGraef | 0:d26c1b55cfca | 1254 | * returned in *opts. |
DieterGraef | 0:d26c1b55cfca | 1255 | * We assume secret is NULL or points to MAXWORDLEN bytes of space. |
DieterGraef | 0:d26c1b55cfca | 1256 | */ |
DieterGraef | 0:d26c1b55cfca | 1257 | static int |
DieterGraef | 0:d26c1b55cfca | 1258 | scan_authfile(FILE *f, char *client, char *server, char *secret, struct wordlist **addrs, struct wordlist **opts, char *filename) |
DieterGraef | 0:d26c1b55cfca | 1259 | { |
DieterGraef | 0:d26c1b55cfca | 1260 | /* We do not (currently) need this in lwip */ |
DieterGraef | 0:d26c1b55cfca | 1261 | return 0; /* dummy */ |
DieterGraef | 0:d26c1b55cfca | 1262 | } |
DieterGraef | 0:d26c1b55cfca | 1263 | /* |
DieterGraef | 0:d26c1b55cfca | 1264 | * free_wordlist - release memory allocated for a wordlist. |
DieterGraef | 0:d26c1b55cfca | 1265 | */ |
DieterGraef | 0:d26c1b55cfca | 1266 | static void |
DieterGraef | 0:d26c1b55cfca | 1267 | free_wordlist(struct wordlist *wp) |
DieterGraef | 0:d26c1b55cfca | 1268 | { |
DieterGraef | 0:d26c1b55cfca | 1269 | struct wordlist *next; |
DieterGraef | 0:d26c1b55cfca | 1270 | |
DieterGraef | 0:d26c1b55cfca | 1271 | while (wp != NULL) { |
DieterGraef | 0:d26c1b55cfca | 1272 | next = wp->next; |
DieterGraef | 0:d26c1b55cfca | 1273 | free(wp); |
DieterGraef | 0:d26c1b55cfca | 1274 | wp = next; |
DieterGraef | 0:d26c1b55cfca | 1275 | } |
DieterGraef | 0:d26c1b55cfca | 1276 | } |
DieterGraef | 0:d26c1b55cfca | 1277 | |
DieterGraef | 0:d26c1b55cfca | 1278 | /* |
DieterGraef | 0:d26c1b55cfca | 1279 | * auth_script_done - called when the auth-up or auth-down script |
DieterGraef | 0:d26c1b55cfca | 1280 | * has finished. |
DieterGraef | 0:d26c1b55cfca | 1281 | */ |
DieterGraef | 0:d26c1b55cfca | 1282 | static void |
DieterGraef | 0:d26c1b55cfca | 1283 | auth_script_done(void *arg) |
DieterGraef | 0:d26c1b55cfca | 1284 | { |
DieterGraef | 0:d26c1b55cfca | 1285 | auth_script_pid = 0; |
DieterGraef | 0:d26c1b55cfca | 1286 | switch (auth_script_state) { |
DieterGraef | 0:d26c1b55cfca | 1287 | case s_up: |
DieterGraef | 0:d26c1b55cfca | 1288 | if (auth_state == s_down) { |
DieterGraef | 0:d26c1b55cfca | 1289 | auth_script_state = s_down; |
DieterGraef | 0:d26c1b55cfca | 1290 | auth_script(_PATH_AUTHDOWN); |
DieterGraef | 0:d26c1b55cfca | 1291 | } |
DieterGraef | 0:d26c1b55cfca | 1292 | break; |
DieterGraef | 0:d26c1b55cfca | 1293 | case s_down: |
DieterGraef | 0:d26c1b55cfca | 1294 | if (auth_state == s_up) { |
DieterGraef | 0:d26c1b55cfca | 1295 | auth_script_state = s_up; |
DieterGraef | 0:d26c1b55cfca | 1296 | auth_script(_PATH_AUTHUP); |
DieterGraef | 0:d26c1b55cfca | 1297 | } |
DieterGraef | 0:d26c1b55cfca | 1298 | break; |
DieterGraef | 0:d26c1b55cfca | 1299 | } |
DieterGraef | 0:d26c1b55cfca | 1300 | } |
DieterGraef | 0:d26c1b55cfca | 1301 | |
DieterGraef | 0:d26c1b55cfca | 1302 | /* |
DieterGraef | 0:d26c1b55cfca | 1303 | * auth_script - execute a script with arguments |
DieterGraef | 0:d26c1b55cfca | 1304 | * interface-name peer-name real-user tty speed |
DieterGraef | 0:d26c1b55cfca | 1305 | */ |
DieterGraef | 0:d26c1b55cfca | 1306 | static void |
DieterGraef | 0:d26c1b55cfca | 1307 | auth_script(char *script) |
DieterGraef | 0:d26c1b55cfca | 1308 | { |
DieterGraef | 0:d26c1b55cfca | 1309 | char strspeed[32]; |
DieterGraef | 0:d26c1b55cfca | 1310 | struct passwd *pw; |
DieterGraef | 0:d26c1b55cfca | 1311 | char struid[32]; |
DieterGraef | 0:d26c1b55cfca | 1312 | char *user_name; |
DieterGraef | 0:d26c1b55cfca | 1313 | char *argv[8]; |
DieterGraef | 0:d26c1b55cfca | 1314 | |
DieterGraef | 0:d26c1b55cfca | 1315 | if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL) |
DieterGraef | 0:d26c1b55cfca | 1316 | user_name = pw->pw_name; |
DieterGraef | 0:d26c1b55cfca | 1317 | else { |
DieterGraef | 0:d26c1b55cfca | 1318 | slprintf(struid, sizeof(struid), "%d", getuid()); |
DieterGraef | 0:d26c1b55cfca | 1319 | user_name = struid; |
DieterGraef | 0:d26c1b55cfca | 1320 | } |
DieterGraef | 0:d26c1b55cfca | 1321 | slprintf(strspeed, sizeof(strspeed), "%d", baud_rate); |
DieterGraef | 0:d26c1b55cfca | 1322 | |
DieterGraef | 0:d26c1b55cfca | 1323 | argv[0] = script; |
DieterGraef | 0:d26c1b55cfca | 1324 | argv[1] = ifname; |
DieterGraef | 0:d26c1b55cfca | 1325 | argv[2] = peer_authname; |
DieterGraef | 0:d26c1b55cfca | 1326 | argv[3] = user_name; |
DieterGraef | 0:d26c1b55cfca | 1327 | argv[4] = devnam; |
DieterGraef | 0:d26c1b55cfca | 1328 | argv[5] = strspeed; |
DieterGraef | 0:d26c1b55cfca | 1329 | argv[6] = NULL; |
DieterGraef | 0:d26c1b55cfca | 1330 | |
DieterGraef | 0:d26c1b55cfca | 1331 | auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL); |
DieterGraef | 0:d26c1b55cfca | 1332 | } |
DieterGraef | 0:d26c1b55cfca | 1333 | #endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */ |
DieterGraef | 0:d26c1b55cfca | 1334 | #endif /* PPP_SUPPORT */ |