Weerstation - Leest de waarde van een sensor binnen een maakt d…

Users » hendrikvincent » Code » Weerstation

Hendrik Vincent / Mbed 2 deprecated Weerstation

Leest de waarde van een sensor binnen een maakt deze beschikbaar via internet

Dependencies: NTPClient_NetServices mbed

NetServices/lwip/netif/ppp/auth.c@0:05ccbd4f84f1, 2013-12-02 (annotated)

Committer:: hendrikvincent
Date:: Mon Dec 02 09:01:23 2013 +0000
Revision:: 0:05ccbd4f84f1

eerste programma;

Who changed what in which revision?

User	Revision	Line number	New contents of line
hendrikvincent	0:05ccbd4f84f1	1	/*****************************************************************************
hendrikvincent	0:05ccbd4f84f1	2	* auth.c - Network Authentication and Phase Control program file.
hendrikvincent	0:05ccbd4f84f1	3	*
hendrikvincent	0:05ccbd4f84f1	4	* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
hendrikvincent	0:05ccbd4f84f1	5	* Copyright (c) 1997 by Global Election Systems Inc. All rights reserved.
hendrikvincent	0:05ccbd4f84f1	6	*
hendrikvincent	0:05ccbd4f84f1	7	* The authors hereby grant permission to use, copy, modify, distribute,
hendrikvincent	0:05ccbd4f84f1	8	* and license this software and its documentation for any purpose, provided
hendrikvincent	0:05ccbd4f84f1	9	* that existing copyright notices are retained in all copies and that this
hendrikvincent	0:05ccbd4f84f1	10	* notice and the following disclaimer are included verbatim in any
hendrikvincent	0:05ccbd4f84f1	11	* distributions. No written agreement, license, or royalty fee is required
hendrikvincent	0:05ccbd4f84f1	12	* for any of the authorized uses.
hendrikvincent	0:05ccbd4f84f1	13	*
hendrikvincent	0:05ccbd4f84f1	14	* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS AS IS AND ANY EXPRESS OR
hendrikvincent	0:05ccbd4f84f1	15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
hendrikvincent	0:05ccbd4f84f1	16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
hendrikvincent	0:05ccbd4f84f1	17	* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
hendrikvincent	0:05ccbd4f84f1	18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
hendrikvincent	0:05ccbd4f84f1	19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
hendrikvincent	0:05ccbd4f84f1	20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
hendrikvincent	0:05ccbd4f84f1	21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
hendrikvincent	0:05ccbd4f84f1	22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
hendrikvincent	0:05ccbd4f84f1	23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
hendrikvincent	0:05ccbd4f84f1	24	*
hendrikvincent	0:05ccbd4f84f1	25	******************************************************************************
hendrikvincent	0:05ccbd4f84f1	26	* REVISION HISTORY
hendrikvincent	0:05ccbd4f84f1	27	*
hendrikvincent	0:05ccbd4f84f1	28	* 03-01-01 Marc Boucher <marc@mbsi.ca>
hendrikvincent	0:05ccbd4f84f1	29	* Ported to lwIP.
hendrikvincent	0:05ccbd4f84f1	30	* 97-12-08 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
hendrikvincent	0:05ccbd4f84f1	31	* Ported from public pppd code.
hendrikvincent	0:05ccbd4f84f1	32	*****************************************************************************/
hendrikvincent	0:05ccbd4f84f1	33	/*
hendrikvincent	0:05ccbd4f84f1	34	* auth.c - PPP authentication and phase control.
hendrikvincent	0:05ccbd4f84f1	35	*
hendrikvincent	0:05ccbd4f84f1	36	* Copyright (c) 1993 The Australian National University.
hendrikvincent	0:05ccbd4f84f1	37	* All rights reserved.
hendrikvincent	0:05ccbd4f84f1	38	*
hendrikvincent	0:05ccbd4f84f1	39	* Redistribution and use in source and binary forms are permitted
hendrikvincent	0:05ccbd4f84f1	40	* provided that the above copyright notice and this paragraph are
hendrikvincent	0:05ccbd4f84f1	41	* duplicated in all such forms and that any documentation,
hendrikvincent	0:05ccbd4f84f1	42	* advertising materials, and other materials related to such
hendrikvincent	0:05ccbd4f84f1	43	* distribution and use acknowledge that the software was developed
hendrikvincent	0:05ccbd4f84f1	44	* by the Australian National University. The name of the University
hendrikvincent	0:05ccbd4f84f1	45	* may not be used to endorse or promote products derived from this
hendrikvincent	0:05ccbd4f84f1	46	* software without specific prior written permission.
hendrikvincent	0:05ccbd4f84f1	47	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
hendrikvincent	0:05ccbd4f84f1	48	* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
hendrikvincent	0:05ccbd4f84f1	49	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
hendrikvincent	0:05ccbd4f84f1	50	*
hendrikvincent	0:05ccbd4f84f1	51	* Copyright (c) 1989 Carnegie Mellon University.
hendrikvincent	0:05ccbd4f84f1	52	* All rights reserved.
hendrikvincent	0:05ccbd4f84f1	53	*
hendrikvincent	0:05ccbd4f84f1	54	* Redistribution and use in source and binary forms are permitted
hendrikvincent	0:05ccbd4f84f1	55	* provided that the above copyright notice and this paragraph are
hendrikvincent	0:05ccbd4f84f1	56	* duplicated in all such forms and that any documentation,
hendrikvincent	0:05ccbd4f84f1	57	* advertising materials, and other materials related to such
hendrikvincent	0:05ccbd4f84f1	58	* distribution and use acknowledge that the software was developed
hendrikvincent	0:05ccbd4f84f1	59	* by Carnegie Mellon University. The name of the
hendrikvincent	0:05ccbd4f84f1	60	* University may not be used to endorse or promote products derived
hendrikvincent	0:05ccbd4f84f1	61	* from this software without specific prior written permission.
hendrikvincent	0:05ccbd4f84f1	62	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
hendrikvincent	0:05ccbd4f84f1	63	* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
hendrikvincent	0:05ccbd4f84f1	64	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
hendrikvincent	0:05ccbd4f84f1	65	*/
hendrikvincent	0:05ccbd4f84f1	66
hendrikvincent	0:05ccbd4f84f1	67	#include "lwip/opt.h"
hendrikvincent	0:05ccbd4f84f1	68
hendrikvincent	0:05ccbd4f84f1	69	#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
hendrikvincent	0:05ccbd4f84f1	70
hendrikvincent	0:05ccbd4f84f1	71	#include "ppp.h"
hendrikvincent	0:05ccbd4f84f1	72	#include "pppdebug.h"
hendrikvincent	0:05ccbd4f84f1	73
hendrikvincent	0:05ccbd4f84f1	74	#include "fsm.h"
hendrikvincent	0:05ccbd4f84f1	75	#include "lcp.h"
hendrikvincent	0:05ccbd4f84f1	76	#include "pap.h"
hendrikvincent	0:05ccbd4f84f1	77	#include "chap.h"
hendrikvincent	0:05ccbd4f84f1	78	#include "auth.h"
hendrikvincent	0:05ccbd4f84f1	79	#include "ipcp.h"
hendrikvincent	0:05ccbd4f84f1	80
hendrikvincent	0:05ccbd4f84f1	81	#if CBCP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	82	#include "cbcp.h"
hendrikvincent	0:05ccbd4f84f1	83	#endif /* CBCP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	84
hendrikvincent	0:05ccbd4f84f1	85	#include "lwip/inet.h"
hendrikvincent	0:05ccbd4f84f1	86
hendrikvincent	0:05ccbd4f84f1	87	#include <string.h>
hendrikvincent	0:05ccbd4f84f1	88
hendrikvincent	0:05ccbd4f84f1	89	#if 0 /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	90	/* Bits in scan_authfile return value */
hendrikvincent	0:05ccbd4f84f1	91	#define NONWILD_SERVER 1
hendrikvincent	0:05ccbd4f84f1	92	#define NONWILD_CLIENT 2
hendrikvincent	0:05ccbd4f84f1	93
hendrikvincent	0:05ccbd4f84f1	94	#define ISWILD(word) (word[0] == '*' && word[1] == 0)
hendrikvincent	0:05ccbd4f84f1	95	#endif /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	96
hendrikvincent	0:05ccbd4f84f1	97	#if PAP_SUPPORT \|\| CHAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	98	/* The name by which the peer authenticated itself to us. */
hendrikvincent	0:05ccbd4f84f1	99	static char peer_authname[MAXNAMELEN];
hendrikvincent	0:05ccbd4f84f1	100	#endif /* PAP_SUPPORT \|\| CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	101
hendrikvincent	0:05ccbd4f84f1	102	/* Records which authentication operations haven't completed yet. */
hendrikvincent	0:05ccbd4f84f1	103	static int auth_pending[NUM_PPP];
hendrikvincent	0:05ccbd4f84f1	104
hendrikvincent	0:05ccbd4f84f1	105	/* Set if we have successfully called plogin() */
hendrikvincent	0:05ccbd4f84f1	106	static int logged_in;
hendrikvincent	0:05ccbd4f84f1	107
hendrikvincent	0:05ccbd4f84f1	108	/* Set if we have run the /etc/ppp/auth-up script. */
hendrikvincent	0:05ccbd4f84f1	109	static int did_authup; /* @todo, we don't need this in lwip*/
hendrikvincent	0:05ccbd4f84f1	110
hendrikvincent	0:05ccbd4f84f1	111	/* List of addresses which the peer may use. */
hendrikvincent	0:05ccbd4f84f1	112	static struct wordlist *addresses[NUM_PPP];
hendrikvincent	0:05ccbd4f84f1	113
hendrikvincent	0:05ccbd4f84f1	114	#if 0 /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	115	/* Wordlist giving addresses which the peer may use
hendrikvincent	0:05ccbd4f84f1	116	without authenticating itself. */
hendrikvincent	0:05ccbd4f84f1	117	static struct wordlist *noauth_addrs;
hendrikvincent	0:05ccbd4f84f1	118
hendrikvincent	0:05ccbd4f84f1	119	/* Extra options to apply, from the secrets file entry for the peer. */
hendrikvincent	0:05ccbd4f84f1	120	static struct wordlist *extra_options;
hendrikvincent	0:05ccbd4f84f1	121	#endif /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	122
hendrikvincent	0:05ccbd4f84f1	123	/* Number of network protocols which we have opened. */
hendrikvincent	0:05ccbd4f84f1	124	static int num_np_open;
hendrikvincent	0:05ccbd4f84f1	125
hendrikvincent	0:05ccbd4f84f1	126	/* Number of network protocols which have come up. */
hendrikvincent	0:05ccbd4f84f1	127	static int num_np_up;
hendrikvincent	0:05ccbd4f84f1	128
hendrikvincent	0:05ccbd4f84f1	129	#if PAP_SUPPORT \|\| CHAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	130	/* Set if we got the contents of passwd[] from the pap-secrets file. */
hendrikvincent	0:05ccbd4f84f1	131	static int passwd_from_file;
hendrikvincent	0:05ccbd4f84f1	132	#endif /* PAP_SUPPORT \|\| CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	133
hendrikvincent	0:05ccbd4f84f1	134	#if 0 /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	135	/* Set if we require authentication only because we have a default route. */
hendrikvincent	0:05ccbd4f84f1	136	static bool default_auth;
hendrikvincent	0:05ccbd4f84f1	137
hendrikvincent	0:05ccbd4f84f1	138	/* Hook to enable a plugin to control the idle time limit */
hendrikvincent	0:05ccbd4f84f1	139	int (idle_time_hook) __P((struct ppp_idle )) = NULL;
hendrikvincent	0:05ccbd4f84f1	140
hendrikvincent	0:05ccbd4f84f1	141	/* Hook for a plugin to say whether we can possibly authenticate any peer */
hendrikvincent	0:05ccbd4f84f1	142	int (*pap_check_hook) __P((void)) = NULL;
hendrikvincent	0:05ccbd4f84f1	143
hendrikvincent	0:05ccbd4f84f1	144	/* Hook for a plugin to check the PAP user and password */
hendrikvincent	0:05ccbd4f84f1	145	int (pap_auth_hook) __P((char user, char passwd, char *msgp,
hendrikvincent	0:05ccbd4f84f1	146	struct wordlist **paddrs,
hendrikvincent	0:05ccbd4f84f1	147	struct wordlist **popts)) = NULL;
hendrikvincent	0:05ccbd4f84f1	148
hendrikvincent	0:05ccbd4f84f1	149	/* Hook for a plugin to know about the PAP user logout */
hendrikvincent	0:05ccbd4f84f1	150	void (*pap_logout_hook) __P((void)) = NULL;
hendrikvincent	0:05ccbd4f84f1	151
hendrikvincent	0:05ccbd4f84f1	152	/* Hook for a plugin to get the PAP password for authenticating us */
hendrikvincent	0:05ccbd4f84f1	153	int (pap_passwd_hook) __P((char user, char *passwd)) = NULL;
hendrikvincent	0:05ccbd4f84f1	154
hendrikvincent	0:05ccbd4f84f1	155	/*
hendrikvincent	0:05ccbd4f84f1	156	* This is used to ensure that we don't start an auth-up/down
hendrikvincent	0:05ccbd4f84f1	157	* script while one is already running.
hendrikvincent	0:05ccbd4f84f1	158	*/
hendrikvincent	0:05ccbd4f84f1	159	enum script_state {
hendrikvincent	0:05ccbd4f84f1	160	s_down,
hendrikvincent	0:05ccbd4f84f1	161	s_up
hendrikvincent	0:05ccbd4f84f1	162	};
hendrikvincent	0:05ccbd4f84f1	163
hendrikvincent	0:05ccbd4f84f1	164	static enum script_state auth_state = s_down;
hendrikvincent	0:05ccbd4f84f1	165	static enum script_state auth_script_state = s_down;
hendrikvincent	0:05ccbd4f84f1	166	static pid_t auth_script_pid = 0;
hendrikvincent	0:05ccbd4f84f1	167
hendrikvincent	0:05ccbd4f84f1	168	/*
hendrikvincent	0:05ccbd4f84f1	169	* Option variables.
hendrikvincent	0:05ccbd4f84f1	170	* lwip: some of these are present in the ppp_settings structure
hendrikvincent	0:05ccbd4f84f1	171	*/
hendrikvincent	0:05ccbd4f84f1	172	bool uselogin = 0; /* Use /etc/passwd for checking PAP */
hendrikvincent	0:05ccbd4f84f1	173	bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */
hendrikvincent	0:05ccbd4f84f1	174	bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */
hendrikvincent	0:05ccbd4f84f1	175	bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */
hendrikvincent	0:05ccbd4f84f1	176	bool usehostname = 0; /* Use hostname for our_name */
hendrikvincent	0:05ccbd4f84f1	177	bool auth_required = 0; /* Always require authentication from peer */
hendrikvincent	0:05ccbd4f84f1	178	bool allow_any_ip = 0; /* Allow peer to use any IP address */
hendrikvincent	0:05ccbd4f84f1	179	bool explicit_remote = 0; /* User specified explicit remote name */
hendrikvincent	0:05ccbd4f84f1	180	char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
hendrikvincent	0:05ccbd4f84f1	181
hendrikvincent	0:05ccbd4f84f1	182	#endif /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	183
hendrikvincent	0:05ccbd4f84f1	184	/* Bits in auth_pending[] */
hendrikvincent	0:05ccbd4f84f1	185	#define PAP_WITHPEER 1
hendrikvincent	0:05ccbd4f84f1	186	#define PAP_PEER 2
hendrikvincent	0:05ccbd4f84f1	187	#define CHAP_WITHPEER 4
hendrikvincent	0:05ccbd4f84f1	188	#define CHAP_PEER 8
hendrikvincent	0:05ccbd4f84f1	189
hendrikvincent	0:05ccbd4f84f1	190	/* @todo, move this somewhere */
hendrikvincent	0:05ccbd4f84f1	191	/* Used for storing a sequence of words. Usually malloced. */
hendrikvincent	0:05ccbd4f84f1	192	struct wordlist {
hendrikvincent	0:05ccbd4f84f1	193	struct wordlist *next;
hendrikvincent	0:05ccbd4f84f1	194	char word[1];
hendrikvincent	0:05ccbd4f84f1	195	};
hendrikvincent	0:05ccbd4f84f1	196
hendrikvincent	0:05ccbd4f84f1	197
hendrikvincent	0:05ccbd4f84f1	198	extern char crypt (const char , const char *);
hendrikvincent	0:05ccbd4f84f1	199
hendrikvincent	0:05ccbd4f84f1	200	/* Prototypes for procedures local to this file. */
hendrikvincent	0:05ccbd4f84f1	201
hendrikvincent	0:05ccbd4f84f1	202	static void network_phase (int);
hendrikvincent	0:05ccbd4f84f1	203	static void check_idle (void *);
hendrikvincent	0:05ccbd4f84f1	204	static void connect_time_expired (void *);
hendrikvincent	0:05ccbd4f84f1	205	#if 0
hendrikvincent	0:05ccbd4f84f1	206	static int plogin (char , char , char *, int );
hendrikvincent	0:05ccbd4f84f1	207	#endif
hendrikvincent	0:05ccbd4f84f1	208	static void plogout (void);
hendrikvincent	0:05ccbd4f84f1	209	static int null_login (int);
hendrikvincent	0:05ccbd4f84f1	210	static int get_pap_passwd (int, char , char );
hendrikvincent	0:05ccbd4f84f1	211	static int have_pap_secret (void);
hendrikvincent	0:05ccbd4f84f1	212	static int have_chap_secret (char , char , u32_t);
hendrikvincent	0:05ccbd4f84f1	213	static int ip_addr_check (u32_t, struct wordlist *);
hendrikvincent	0:05ccbd4f84f1	214
hendrikvincent	0:05ccbd4f84f1	215	#if 0 /* PAP_SUPPORT \|\| CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	216	static int scan_authfile (FILE , char , char , char ,
hendrikvincent	0:05ccbd4f84f1	217	struct wordlist , struct wordlist ,
hendrikvincent	0:05ccbd4f84f1	218	char *);
hendrikvincent	0:05ccbd4f84f1	219	static void free_wordlist (struct wordlist *);
hendrikvincent	0:05ccbd4f84f1	220	static void auth_script (char *);
hendrikvincent	0:05ccbd4f84f1	221	static void auth_script_done (void *);
hendrikvincent	0:05ccbd4f84f1	222	static void set_allowed_addrs (int unit, struct wordlist *addrs);
hendrikvincent	0:05ccbd4f84f1	223	static int some_ip_ok (struct wordlist *);
hendrikvincent	0:05ccbd4f84f1	224	static int setupapfile (char **);
hendrikvincent	0:05ccbd4f84f1	225	static int privgroup (char **);
hendrikvincent	0:05ccbd4f84f1	226	static int set_noauth_addr (char **);
hendrikvincent	0:05ccbd4f84f1	227	static void check_access (FILE , char );
hendrikvincent	0:05ccbd4f84f1	228	#endif /* 0 / / PAP_SUPPORT \|\| CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	229
hendrikvincent	0:05ccbd4f84f1	230	#if 0 /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	231	/*
hendrikvincent	0:05ccbd4f84f1	232	* Authentication-related options.
hendrikvincent	0:05ccbd4f84f1	233	*/
hendrikvincent	0:05ccbd4f84f1	234	option_t auth_options[] = {
hendrikvincent	0:05ccbd4f84f1	235	{ "require-pap", o_bool, &lcp_wantoptions[0].neg_upap,
hendrikvincent	0:05ccbd4f84f1	236	"Require PAP authentication from peer", 1, &auth_required },
hendrikvincent	0:05ccbd4f84f1	237	{ "+pap", o_bool, &lcp_wantoptions[0].neg_upap,
hendrikvincent	0:05ccbd4f84f1	238	"Require PAP authentication from peer", 1, &auth_required },
hendrikvincent	0:05ccbd4f84f1	239	{ "refuse-pap", o_bool, &refuse_pap,
hendrikvincent	0:05ccbd4f84f1	240	"Don't agree to auth to peer with PAP", 1 },
hendrikvincent	0:05ccbd4f84f1	241	{ "-pap", o_bool, &refuse_pap,
hendrikvincent	0:05ccbd4f84f1	242	"Don't allow PAP authentication with peer", 1 },
hendrikvincent	0:05ccbd4f84f1	243	{ "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
hendrikvincent	0:05ccbd4f84f1	244	"Require CHAP authentication from peer", 1, &auth_required },
hendrikvincent	0:05ccbd4f84f1	245	{ "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
hendrikvincent	0:05ccbd4f84f1	246	"Require CHAP authentication from peer", 1, &auth_required },
hendrikvincent	0:05ccbd4f84f1	247	{ "refuse-chap", o_bool, &refuse_chap,
hendrikvincent	0:05ccbd4f84f1	248	"Don't agree to auth to peer with CHAP", 1 },
hendrikvincent	0:05ccbd4f84f1	249	{ "-chap", o_bool, &refuse_chap,
hendrikvincent	0:05ccbd4f84f1	250	"Don't allow CHAP authentication with peer", 1 },
hendrikvincent	0:05ccbd4f84f1	251	{ "name", o_string, our_name,
hendrikvincent	0:05ccbd4f84f1	252	"Set local name for authentication",
hendrikvincent	0:05ccbd4f84f1	253	OPT_PRIV\|OPT_STATIC, NULL, MAXNAMELEN },
hendrikvincent	0:05ccbd4f84f1	254	{ "user", o_string, user,
hendrikvincent	0:05ccbd4f84f1	255	"Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN },
hendrikvincent	0:05ccbd4f84f1	256	{ "usehostname", o_bool, &usehostname,
hendrikvincent	0:05ccbd4f84f1	257	"Must use hostname for authentication", 1 },
hendrikvincent	0:05ccbd4f84f1	258	{ "remotename", o_string, remote_name,
hendrikvincent	0:05ccbd4f84f1	259	"Set remote name for authentication", OPT_STATIC,
hendrikvincent	0:05ccbd4f84f1	260	&explicit_remote, MAXNAMELEN },
hendrikvincent	0:05ccbd4f84f1	261	{ "auth", o_bool, &auth_required,
hendrikvincent	0:05ccbd4f84f1	262	"Require authentication from peer", 1 },
hendrikvincent	0:05ccbd4f84f1	263	{ "noauth", o_bool, &auth_required,
hendrikvincent	0:05ccbd4f84f1	264	"Don't require peer to authenticate", OPT_PRIV, &allow_any_ip },
hendrikvincent	0:05ccbd4f84f1	265	{ "login", o_bool, &uselogin,
hendrikvincent	0:05ccbd4f84f1	266	"Use system password database for PAP", 1 },
hendrikvincent	0:05ccbd4f84f1	267	{ "papcrypt", o_bool, &cryptpap,
hendrikvincent	0:05ccbd4f84f1	268	"PAP passwords are encrypted", 1 },
hendrikvincent	0:05ccbd4f84f1	269	{ "+ua", o_special, (void *)setupapfile,
hendrikvincent	0:05ccbd4f84f1	270	"Get PAP user and password from file" },
hendrikvincent	0:05ccbd4f84f1	271	{ "password", o_string, passwd,
hendrikvincent	0:05ccbd4f84f1	272	"Password for authenticating us to the peer", OPT_STATIC,
hendrikvincent	0:05ccbd4f84f1	273	NULL, MAXSECRETLEN },
hendrikvincent	0:05ccbd4f84f1	274	{ "privgroup", o_special, (void *)privgroup,
hendrikvincent	0:05ccbd4f84f1	275	"Allow group members to use privileged options", OPT_PRIV },
hendrikvincent	0:05ccbd4f84f1	276	{ "allow-ip", o_special, (void *)set_noauth_addr,
hendrikvincent	0:05ccbd4f84f1	277	"Set IP address(es) which can be used without authentication",
hendrikvincent	0:05ccbd4f84f1	278	OPT_PRIV },
hendrikvincent	0:05ccbd4f84f1	279	{ NULL }
hendrikvincent	0:05ccbd4f84f1	280	};
hendrikvincent	0:05ccbd4f84f1	281	#endif /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	282	#if 0 /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	283	/*
hendrikvincent	0:05ccbd4f84f1	284	* setupapfile - specifies UPAP info for authenticating with peer.
hendrikvincent	0:05ccbd4f84f1	285	*/
hendrikvincent	0:05ccbd4f84f1	286	static int
hendrikvincent	0:05ccbd4f84f1	287	setupapfile(char **argv)
hendrikvincent	0:05ccbd4f84f1	288	{
hendrikvincent	0:05ccbd4f84f1	289	FILE * ufile;
hendrikvincent	0:05ccbd4f84f1	290	int l;
hendrikvincent	0:05ccbd4f84f1	291
hendrikvincent	0:05ccbd4f84f1	292	lcp_allowoptions[0].neg_upap = 1;
hendrikvincent	0:05ccbd4f84f1	293
hendrikvincent	0:05ccbd4f84f1	294	/* open user info file */
hendrikvincent	0:05ccbd4f84f1	295	seteuid(getuid());
hendrikvincent	0:05ccbd4f84f1	296	ufile = fopen(*argv, "r");
hendrikvincent	0:05ccbd4f84f1	297	seteuid(0);
hendrikvincent	0:05ccbd4f84f1	298	if (ufile == NULL) {
hendrikvincent	0:05ccbd4f84f1	299	option_error("unable to open user login data file %s", *argv);
hendrikvincent	0:05ccbd4f84f1	300	return 0;
hendrikvincent	0:05ccbd4f84f1	301	}
hendrikvincent	0:05ccbd4f84f1	302	check_access(ufile, *argv);
hendrikvincent	0:05ccbd4f84f1	303
hendrikvincent	0:05ccbd4f84f1	304	/* get username */
hendrikvincent	0:05ccbd4f84f1	305	if (fgets(user, MAXNAMELEN - 1, ufile) == NULL
hendrikvincent	0:05ccbd4f84f1	306	\|\| fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){
hendrikvincent	0:05ccbd4f84f1	307	option_error("unable to read user login data file %s", *argv);
hendrikvincent	0:05ccbd4f84f1	308	return 0;
hendrikvincent	0:05ccbd4f84f1	309	}
hendrikvincent	0:05ccbd4f84f1	310	fclose(ufile);
hendrikvincent	0:05ccbd4f84f1	311
hendrikvincent	0:05ccbd4f84f1	312	/* get rid of newlines */
hendrikvincent	0:05ccbd4f84f1	313	l = strlen(user);
hendrikvincent	0:05ccbd4f84f1	314	if (l > 0 && user[l-1] == '\n')
hendrikvincent	0:05ccbd4f84f1	315	user[l-1] = 0;
hendrikvincent	0:05ccbd4f84f1	316	l = strlen(passwd);
hendrikvincent	0:05ccbd4f84f1	317	if (l > 0 && passwd[l-1] == '\n')
hendrikvincent	0:05ccbd4f84f1	318	passwd[l-1] = 0;
hendrikvincent	0:05ccbd4f84f1	319
hendrikvincent	0:05ccbd4f84f1	320	return (1);
hendrikvincent	0:05ccbd4f84f1	321	}
hendrikvincent	0:05ccbd4f84f1	322	#endif /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	323
hendrikvincent	0:05ccbd4f84f1	324	#if 0 /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	325	/*
hendrikvincent	0:05ccbd4f84f1	326	* privgroup - allow members of the group to have privileged access.
hendrikvincent	0:05ccbd4f84f1	327	*/
hendrikvincent	0:05ccbd4f84f1	328	static int
hendrikvincent	0:05ccbd4f84f1	329	privgroup(char **argv)
hendrikvincent	0:05ccbd4f84f1	330	{
hendrikvincent	0:05ccbd4f84f1	331	struct group *g;
hendrikvincent	0:05ccbd4f84f1	332	int i;
hendrikvincent	0:05ccbd4f84f1	333
hendrikvincent	0:05ccbd4f84f1	334	g = getgrnam(*argv);
hendrikvincent	0:05ccbd4f84f1	335	if (g == 0) {
hendrikvincent	0:05ccbd4f84f1	336	option_error("group %s is unknown", *argv);
hendrikvincent	0:05ccbd4f84f1	337	return 0;
hendrikvincent	0:05ccbd4f84f1	338	}
hendrikvincent	0:05ccbd4f84f1	339	for (i = 0; i < ngroups; ++i) {
hendrikvincent	0:05ccbd4f84f1	340	if (groups[i] == g->gr_gid) {
hendrikvincent	0:05ccbd4f84f1	341	privileged = 1;
hendrikvincent	0:05ccbd4f84f1	342	break;
hendrikvincent	0:05ccbd4f84f1	343	}
hendrikvincent	0:05ccbd4f84f1	344	}
hendrikvincent	0:05ccbd4f84f1	345	return 1;
hendrikvincent	0:05ccbd4f84f1	346	}
hendrikvincent	0:05ccbd4f84f1	347	#endif
hendrikvincent	0:05ccbd4f84f1	348
hendrikvincent	0:05ccbd4f84f1	349	#if 0 /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	350	/*
hendrikvincent	0:05ccbd4f84f1	351	* set_noauth_addr - set address(es) that can be used without authentication.
hendrikvincent	0:05ccbd4f84f1	352	* Equivalent to specifying an entry like `"" * "" addr' in pap-secrets.
hendrikvincent	0:05ccbd4f84f1	353	*/
hendrikvincent	0:05ccbd4f84f1	354	static int
hendrikvincent	0:05ccbd4f84f1	355	set_noauth_addr(char **argv)
hendrikvincent	0:05ccbd4f84f1	356	{
hendrikvincent	0:05ccbd4f84f1	357	char addr = argv;
hendrikvincent	0:05ccbd4f84f1	358	int l = strlen(addr);
hendrikvincent	0:05ccbd4f84f1	359	struct wordlist *wp;
hendrikvincent	0:05ccbd4f84f1	360
hendrikvincent	0:05ccbd4f84f1	361	wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l + 1);
hendrikvincent	0:05ccbd4f84f1	362	if (wp == NULL)
hendrikvincent	0:05ccbd4f84f1	363	novm("allow-ip argument");
hendrikvincent	0:05ccbd4f84f1	364	wp->word = (char *) (wp + 1);
hendrikvincent	0:05ccbd4f84f1	365	wp->next = noauth_addrs;
hendrikvincent	0:05ccbd4f84f1	366	BCOPY(addr, wp->word, l);
hendrikvincent	0:05ccbd4f84f1	367	noauth_addrs = wp;
hendrikvincent	0:05ccbd4f84f1	368	return 1;
hendrikvincent	0:05ccbd4f84f1	369	}
hendrikvincent	0:05ccbd4f84f1	370	#endif /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	371
hendrikvincent	0:05ccbd4f84f1	372	/*
hendrikvincent	0:05ccbd4f84f1	373	* An Open on LCP has requested a change from Dead to Establish phase.
hendrikvincent	0:05ccbd4f84f1	374	* Do what's necessary to bring the physical layer up.
hendrikvincent	0:05ccbd4f84f1	375	*/
hendrikvincent	0:05ccbd4f84f1	376	void
hendrikvincent	0:05ccbd4f84f1	377	link_required(int unit)
hendrikvincent	0:05ccbd4f84f1	378	{
hendrikvincent	0:05ccbd4f84f1	379	LWIP_UNUSED_ARG(unit);
hendrikvincent	0:05ccbd4f84f1	380
hendrikvincent	0:05ccbd4f84f1	381	AUTHDEBUG(LOG_INFO, ("link_required: %d\n", unit));
hendrikvincent	0:05ccbd4f84f1	382	}
hendrikvincent	0:05ccbd4f84f1	383
hendrikvincent	0:05ccbd4f84f1	384	/*
hendrikvincent	0:05ccbd4f84f1	385	* LCP has terminated the link; go to the Dead phase and take the
hendrikvincent	0:05ccbd4f84f1	386	* physical layer down.
hendrikvincent	0:05ccbd4f84f1	387	*/
hendrikvincent	0:05ccbd4f84f1	388	void
hendrikvincent	0:05ccbd4f84f1	389	link_terminated(int unit)
hendrikvincent	0:05ccbd4f84f1	390	{
hendrikvincent	0:05ccbd4f84f1	391	AUTHDEBUG(LOG_INFO, ("link_terminated: %d\n", unit));
hendrikvincent	0:05ccbd4f84f1	392	if (lcp_phase[unit] == PHASE_DEAD) {
hendrikvincent	0:05ccbd4f84f1	393	return;
hendrikvincent	0:05ccbd4f84f1	394	}
hendrikvincent	0:05ccbd4f84f1	395	if (logged_in) {
hendrikvincent	0:05ccbd4f84f1	396	plogout();
hendrikvincent	0:05ccbd4f84f1	397	}
hendrikvincent	0:05ccbd4f84f1	398	lcp_phase[unit] = PHASE_DEAD;
hendrikvincent	0:05ccbd4f84f1	399	AUTHDEBUG(LOG_NOTICE, ("Connection terminated.\n"));
hendrikvincent	0:05ccbd4f84f1	400	pppLinkTerminated(unit);
hendrikvincent	0:05ccbd4f84f1	401	}
hendrikvincent	0:05ccbd4f84f1	402
hendrikvincent	0:05ccbd4f84f1	403	/*
hendrikvincent	0:05ccbd4f84f1	404	* LCP has gone down; it will either die or try to re-establish.
hendrikvincent	0:05ccbd4f84f1	405	*/
hendrikvincent	0:05ccbd4f84f1	406	void
hendrikvincent	0:05ccbd4f84f1	407	link_down(int unit)
hendrikvincent	0:05ccbd4f84f1	408	{
hendrikvincent	0:05ccbd4f84f1	409	int i;
hendrikvincent	0:05ccbd4f84f1	410	struct protent *protp;
hendrikvincent	0:05ccbd4f84f1	411
hendrikvincent	0:05ccbd4f84f1	412	AUTHDEBUG(LOG_INFO, ("link_down: %d\n", unit));
hendrikvincent	0:05ccbd4f84f1	413
hendrikvincent	0:05ccbd4f84f1	414	if (did_authup) {
hendrikvincent	0:05ccbd4f84f1	415	/* XXX Do link down processing. */
hendrikvincent	0:05ccbd4f84f1	416	did_authup = 0;
hendrikvincent	0:05ccbd4f84f1	417	}
hendrikvincent	0:05ccbd4f84f1	418	for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
hendrikvincent	0:05ccbd4f84f1	419	if (!protp->enabled_flag) {
hendrikvincent	0:05ccbd4f84f1	420	continue;
hendrikvincent	0:05ccbd4f84f1	421	}
hendrikvincent	0:05ccbd4f84f1	422	if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) {
hendrikvincent	0:05ccbd4f84f1	423	(*protp->lowerdown)(unit);
hendrikvincent	0:05ccbd4f84f1	424	}
hendrikvincent	0:05ccbd4f84f1	425	if (protp->protocol < 0xC000 && protp->close != NULL) {
hendrikvincent	0:05ccbd4f84f1	426	(*protp->close)(unit, "LCP down");
hendrikvincent	0:05ccbd4f84f1	427	}
hendrikvincent	0:05ccbd4f84f1	428	}
hendrikvincent	0:05ccbd4f84f1	429	num_np_open = 0; /* number of network protocols we have opened */
hendrikvincent	0:05ccbd4f84f1	430	num_np_up = 0; /* Number of network protocols which have come up */
hendrikvincent	0:05ccbd4f84f1	431
hendrikvincent	0:05ccbd4f84f1	432	if (lcp_phase[unit] != PHASE_DEAD) {
hendrikvincent	0:05ccbd4f84f1	433	lcp_phase[unit] = PHASE_TERMINATE;
hendrikvincent	0:05ccbd4f84f1	434	}
hendrikvincent	0:05ccbd4f84f1	435	pppLinkDown(unit);
hendrikvincent	0:05ccbd4f84f1	436	}
hendrikvincent	0:05ccbd4f84f1	437
hendrikvincent	0:05ccbd4f84f1	438	/*
hendrikvincent	0:05ccbd4f84f1	439	* The link is established.
hendrikvincent	0:05ccbd4f84f1	440	* Proceed to the Dead, Authenticate or Network phase as appropriate.
hendrikvincent	0:05ccbd4f84f1	441	*/
hendrikvincent	0:05ccbd4f84f1	442	void
hendrikvincent	0:05ccbd4f84f1	443	link_established(int unit)
hendrikvincent	0:05ccbd4f84f1	444	{
hendrikvincent	0:05ccbd4f84f1	445	int auth;
hendrikvincent	0:05ccbd4f84f1	446	int i;
hendrikvincent	0:05ccbd4f84f1	447	struct protent *protp;
hendrikvincent	0:05ccbd4f84f1	448	lcp_options *wo = &lcp_wantoptions[unit];
hendrikvincent	0:05ccbd4f84f1	449	lcp_options *go = &lcp_gotoptions[unit];
hendrikvincent	0:05ccbd4f84f1	450	#if PAP_SUPPORT \|\| CHAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	451	lcp_options *ho = &lcp_hisoptions[unit];
hendrikvincent	0:05ccbd4f84f1	452	#endif /* PAP_SUPPORT \|\| CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	453
hendrikvincent	0:05ccbd4f84f1	454	AUTHDEBUG(LOG_INFO, ("link_established: unit %d; Lowering up all protocols...\n", unit));
hendrikvincent	0:05ccbd4f84f1	455	/*
hendrikvincent	0:05ccbd4f84f1	456	* Tell higher-level protocols that LCP is up.
hendrikvincent	0:05ccbd4f84f1	457	*/
hendrikvincent	0:05ccbd4f84f1	458	for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
hendrikvincent	0:05ccbd4f84f1	459	if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL) {
hendrikvincent	0:05ccbd4f84f1	460	(*protp->lowerup)(unit);
hendrikvincent	0:05ccbd4f84f1	461	}
hendrikvincent	0:05ccbd4f84f1	462	}
hendrikvincent	0:05ccbd4f84f1	463	if (ppp_settings.auth_required && !(go->neg_chap \|\| go->neg_upap)) {
hendrikvincent	0:05ccbd4f84f1	464	/*
hendrikvincent	0:05ccbd4f84f1	465	* We wanted the peer to authenticate itself, and it refused:
hendrikvincent	0:05ccbd4f84f1	466	* treat it as though it authenticated with PAP using a username
hendrikvincent	0:05ccbd4f84f1	467	* of "" and a password of "". If that's not OK, boot it out.
hendrikvincent	0:05ccbd4f84f1	468	*/
hendrikvincent	0:05ccbd4f84f1	469	if (!wo->neg_upap \|\| !null_login(unit)) {
hendrikvincent	0:05ccbd4f84f1	470	AUTHDEBUG(LOG_WARNING, ("peer refused to authenticate\n"));
hendrikvincent	0:05ccbd4f84f1	471	lcp_close(unit, "peer refused to authenticate");
hendrikvincent	0:05ccbd4f84f1	472	return;
hendrikvincent	0:05ccbd4f84f1	473	}
hendrikvincent	0:05ccbd4f84f1	474	}
hendrikvincent	0:05ccbd4f84f1	475
hendrikvincent	0:05ccbd4f84f1	476	lcp_phase[unit] = PHASE_AUTHENTICATE;
hendrikvincent	0:05ccbd4f84f1	477	auth = 0;
hendrikvincent	0:05ccbd4f84f1	478	#if CHAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	479	if (go->neg_chap) {
hendrikvincent	0:05ccbd4f84f1	480	ChapAuthPeer(unit, ppp_settings.our_name, go->chap_mdtype);
hendrikvincent	0:05ccbd4f84f1	481	auth \|= CHAP_PEER;
hendrikvincent	0:05ccbd4f84f1	482	}
hendrikvincent	0:05ccbd4f84f1	483	#endif /* CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	484	#if PAP_SUPPORT && CHAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	485	else
hendrikvincent	0:05ccbd4f84f1	486	#endif /* PAP_SUPPORT && CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	487	#if PAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	488	if (go->neg_upap) {
hendrikvincent	0:05ccbd4f84f1	489	upap_authpeer(unit);
hendrikvincent	0:05ccbd4f84f1	490	auth \|= PAP_PEER;
hendrikvincent	0:05ccbd4f84f1	491	}
hendrikvincent	0:05ccbd4f84f1	492	#endif /* PAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	493	#if CHAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	494	if (ho->neg_chap) {
hendrikvincent	0:05ccbd4f84f1	495	ChapAuthWithPeer(unit, ppp_settings.user, ho->chap_mdtype);
hendrikvincent	0:05ccbd4f84f1	496	auth \|= CHAP_WITHPEER;
hendrikvincent	0:05ccbd4f84f1	497	}
hendrikvincent	0:05ccbd4f84f1	498	#endif /* CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	499	#if PAP_SUPPORT && CHAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	500	else
hendrikvincent	0:05ccbd4f84f1	501	#endif /* PAP_SUPPORT && CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	502	#if PAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	503	if (ho->neg_upap) {
hendrikvincent	0:05ccbd4f84f1	504	if (ppp_settings.passwd[0] == 0) {
hendrikvincent	0:05ccbd4f84f1	505	passwd_from_file = 1;
hendrikvincent	0:05ccbd4f84f1	506	if (!get_pap_passwd(unit, ppp_settings.user, ppp_settings.passwd)) {
hendrikvincent	0:05ccbd4f84f1	507	AUTHDEBUG(LOG_ERR, ("No secret found for PAP login\n"));
hendrikvincent	0:05ccbd4f84f1	508	}
hendrikvincent	0:05ccbd4f84f1	509	}
hendrikvincent	0:05ccbd4f84f1	510	upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd);
hendrikvincent	0:05ccbd4f84f1	511	auth \|= PAP_WITHPEER;
hendrikvincent	0:05ccbd4f84f1	512	}
hendrikvincent	0:05ccbd4f84f1	513	#endif /* PAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	514	auth_pending[unit] = auth;
hendrikvincent	0:05ccbd4f84f1	515
hendrikvincent	0:05ccbd4f84f1	516	if (!auth) {
hendrikvincent	0:05ccbd4f84f1	517	network_phase(unit);
hendrikvincent	0:05ccbd4f84f1	518	}
hendrikvincent	0:05ccbd4f84f1	519	}
hendrikvincent	0:05ccbd4f84f1	520
hendrikvincent	0:05ccbd4f84f1	521	/*
hendrikvincent	0:05ccbd4f84f1	522	* Proceed to the network phase.
hendrikvincent	0:05ccbd4f84f1	523	*/
hendrikvincent	0:05ccbd4f84f1	524	static void
hendrikvincent	0:05ccbd4f84f1	525	network_phase(int unit)
hendrikvincent	0:05ccbd4f84f1	526	{
hendrikvincent	0:05ccbd4f84f1	527	int i;
hendrikvincent	0:05ccbd4f84f1	528	struct protent *protp;
hendrikvincent	0:05ccbd4f84f1	529	lcp_options *go = &lcp_gotoptions[unit];
hendrikvincent	0:05ccbd4f84f1	530
hendrikvincent	0:05ccbd4f84f1	531	/*
hendrikvincent	0:05ccbd4f84f1	532	* If the peer had to authenticate, run the auth-up script now.
hendrikvincent	0:05ccbd4f84f1	533	*/
hendrikvincent	0:05ccbd4f84f1	534	if ((go->neg_chap \|\| go->neg_upap) && !did_authup) {
hendrikvincent	0:05ccbd4f84f1	535	/* XXX Do setup for peer authentication. */
hendrikvincent	0:05ccbd4f84f1	536	did_authup = 1;
hendrikvincent	0:05ccbd4f84f1	537	}
hendrikvincent	0:05ccbd4f84f1	538
hendrikvincent	0:05ccbd4f84f1	539	#if CBCP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	540	/*
hendrikvincent	0:05ccbd4f84f1	541	* If we negotiated callback, do it now.
hendrikvincent	0:05ccbd4f84f1	542	*/
hendrikvincent	0:05ccbd4f84f1	543	if (go->neg_cbcp) {
hendrikvincent	0:05ccbd4f84f1	544	lcp_phase[unit] = PHASE_CALLBACK;
hendrikvincent	0:05ccbd4f84f1	545	(*cbcp_protent.open)(unit);
hendrikvincent	0:05ccbd4f84f1	546	return;
hendrikvincent	0:05ccbd4f84f1	547	}
hendrikvincent	0:05ccbd4f84f1	548	#endif /* CBCP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	549
hendrikvincent	0:05ccbd4f84f1	550	lcp_phase[unit] = PHASE_NETWORK;
hendrikvincent	0:05ccbd4f84f1	551	for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
hendrikvincent	0:05ccbd4f84f1	552	if (protp->protocol < 0xC000 && protp->enabled_flag && protp->open != NULL) {
hendrikvincent	0:05ccbd4f84f1	553	(*protp->open)(unit);
hendrikvincent	0:05ccbd4f84f1	554	if (protp->protocol != PPP_CCP) {
hendrikvincent	0:05ccbd4f84f1	555	++num_np_open;
hendrikvincent	0:05ccbd4f84f1	556	}
hendrikvincent	0:05ccbd4f84f1	557	}
hendrikvincent	0:05ccbd4f84f1	558	}
hendrikvincent	0:05ccbd4f84f1	559
hendrikvincent	0:05ccbd4f84f1	560	if (num_np_open == 0) {
hendrikvincent	0:05ccbd4f84f1	561	/* nothing to do */
hendrikvincent	0:05ccbd4f84f1	562	lcp_close(0, "No network protocols running");
hendrikvincent	0:05ccbd4f84f1	563	}
hendrikvincent	0:05ccbd4f84f1	564	}
hendrikvincent	0:05ccbd4f84f1	565	/* @todo: add void start_networks(void) here (pppd 2.3.11) */
hendrikvincent	0:05ccbd4f84f1	566
hendrikvincent	0:05ccbd4f84f1	567	/*
hendrikvincent	0:05ccbd4f84f1	568	* The peer has failed to authenticate himself using `protocol'.
hendrikvincent	0:05ccbd4f84f1	569	*/
hendrikvincent	0:05ccbd4f84f1	570	void
hendrikvincent	0:05ccbd4f84f1	571	auth_peer_fail(int unit, u16_t protocol)
hendrikvincent	0:05ccbd4f84f1	572	{
hendrikvincent	0:05ccbd4f84f1	573	LWIP_UNUSED_ARG(protocol);
hendrikvincent	0:05ccbd4f84f1	574
hendrikvincent	0:05ccbd4f84f1	575	AUTHDEBUG(LOG_INFO, ("auth_peer_fail: %d proto=%X\n", unit, protocol));
hendrikvincent	0:05ccbd4f84f1	576	/*
hendrikvincent	0:05ccbd4f84f1	577	* Authentication failure: take the link down
hendrikvincent	0:05ccbd4f84f1	578	*/
hendrikvincent	0:05ccbd4f84f1	579	lcp_close(unit, "Authentication failed");
hendrikvincent	0:05ccbd4f84f1	580	}
hendrikvincent	0:05ccbd4f84f1	581
hendrikvincent	0:05ccbd4f84f1	582
hendrikvincent	0:05ccbd4f84f1	583	#if PAP_SUPPORT \|\| CHAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	584	/*
hendrikvincent	0:05ccbd4f84f1	585	* The peer has been successfully authenticated using `protocol'.
hendrikvincent	0:05ccbd4f84f1	586	*/
hendrikvincent	0:05ccbd4f84f1	587	void
hendrikvincent	0:05ccbd4f84f1	588	auth_peer_success(int unit, u16_t protocol, char *name, int namelen)
hendrikvincent	0:05ccbd4f84f1	589	{
hendrikvincent	0:05ccbd4f84f1	590	int pbit;
hendrikvincent	0:05ccbd4f84f1	591
hendrikvincent	0:05ccbd4f84f1	592	AUTHDEBUG(LOG_INFO, ("auth_peer_success: %d proto=%X\n", unit, protocol));
hendrikvincent	0:05ccbd4f84f1	593	switch (protocol) {
hendrikvincent	0:05ccbd4f84f1	594	case PPP_CHAP:
hendrikvincent	0:05ccbd4f84f1	595	pbit = CHAP_PEER;
hendrikvincent	0:05ccbd4f84f1	596	break;
hendrikvincent	0:05ccbd4f84f1	597	case PPP_PAP:
hendrikvincent	0:05ccbd4f84f1	598	pbit = PAP_PEER;
hendrikvincent	0:05ccbd4f84f1	599	break;
hendrikvincent	0:05ccbd4f84f1	600	default:
hendrikvincent	0:05ccbd4f84f1	601	AUTHDEBUG(LOG_WARNING, ("auth_peer_success: unknown protocol %x\n", protocol));
hendrikvincent	0:05ccbd4f84f1	602	return;
hendrikvincent	0:05ccbd4f84f1	603	}
hendrikvincent	0:05ccbd4f84f1	604
hendrikvincent	0:05ccbd4f84f1	605	/*
hendrikvincent	0:05ccbd4f84f1	606	* Save the authenticated name of the peer for later.
hendrikvincent	0:05ccbd4f84f1	607	*/
hendrikvincent	0:05ccbd4f84f1	608	if (namelen > (int)sizeof(peer_authname) - 1) {
hendrikvincent	0:05ccbd4f84f1	609	namelen = sizeof(peer_authname) - 1;
hendrikvincent	0:05ccbd4f84f1	610	}
hendrikvincent	0:05ccbd4f84f1	611	BCOPY(name, peer_authname, namelen);
hendrikvincent	0:05ccbd4f84f1	612	peer_authname[namelen] = 0;
hendrikvincent	0:05ccbd4f84f1	613
hendrikvincent	0:05ccbd4f84f1	614	/*
hendrikvincent	0:05ccbd4f84f1	615	* If there is no more authentication still to be done,
hendrikvincent	0:05ccbd4f84f1	616	* proceed to the network (or callback) phase.
hendrikvincent	0:05ccbd4f84f1	617	*/
hendrikvincent	0:05ccbd4f84f1	618	if ((auth_pending[unit] &= ~pbit) == 0) {
hendrikvincent	0:05ccbd4f84f1	619	network_phase(unit);
hendrikvincent	0:05ccbd4f84f1	620	}
hendrikvincent	0:05ccbd4f84f1	621	}
hendrikvincent	0:05ccbd4f84f1	622
hendrikvincent	0:05ccbd4f84f1	623	/*
hendrikvincent	0:05ccbd4f84f1	624	* We have failed to authenticate ourselves to the peer using `protocol'.
hendrikvincent	0:05ccbd4f84f1	625	*/
hendrikvincent	0:05ccbd4f84f1	626	void
hendrikvincent	0:05ccbd4f84f1	627	auth_withpeer_fail(int unit, u16_t protocol)
hendrikvincent	0:05ccbd4f84f1	628	{
hendrikvincent	0:05ccbd4f84f1	629	int errCode = PPPERR_AUTHFAIL;
hendrikvincent	0:05ccbd4f84f1	630
hendrikvincent	0:05ccbd4f84f1	631	LWIP_UNUSED_ARG(protocol);
hendrikvincent	0:05ccbd4f84f1	632
hendrikvincent	0:05ccbd4f84f1	633	AUTHDEBUG(LOG_INFO, ("auth_withpeer_fail: %d proto=%X\n", unit, protocol));
hendrikvincent	0:05ccbd4f84f1	634	if (passwd_from_file) {
hendrikvincent	0:05ccbd4f84f1	635	BZERO(ppp_settings.passwd, MAXSECRETLEN);
hendrikvincent	0:05ccbd4f84f1	636	}
hendrikvincent	0:05ccbd4f84f1	637
hendrikvincent	0:05ccbd4f84f1	638	/*
hendrikvincent	0:05ccbd4f84f1	639	* We've failed to authenticate ourselves to our peer.
hendrikvincent	0:05ccbd4f84f1	640	* He'll probably take the link down, and there's not much
hendrikvincent	0:05ccbd4f84f1	641	* we can do except wait for that.
hendrikvincent	0:05ccbd4f84f1	642	*/
hendrikvincent	0:05ccbd4f84f1	643	pppIOCtl(unit, PPPCTLS_ERRCODE, &errCode);
hendrikvincent	0:05ccbd4f84f1	644	lcp_close(unit, "Failed to authenticate ourselves to peer");
hendrikvincent	0:05ccbd4f84f1	645	}
hendrikvincent	0:05ccbd4f84f1	646
hendrikvincent	0:05ccbd4f84f1	647	/*
hendrikvincent	0:05ccbd4f84f1	648	* We have successfully authenticated ourselves with the peer using `protocol'.
hendrikvincent	0:05ccbd4f84f1	649	*/
hendrikvincent	0:05ccbd4f84f1	650	void
hendrikvincent	0:05ccbd4f84f1	651	auth_withpeer_success(int unit, u16_t protocol)
hendrikvincent	0:05ccbd4f84f1	652	{
hendrikvincent	0:05ccbd4f84f1	653	int pbit;
hendrikvincent	0:05ccbd4f84f1	654
hendrikvincent	0:05ccbd4f84f1	655	AUTHDEBUG(LOG_INFO, ("auth_withpeer_success: %d proto=%X\n", unit, protocol));
hendrikvincent	0:05ccbd4f84f1	656	switch (protocol) {
hendrikvincent	0:05ccbd4f84f1	657	case PPP_CHAP:
hendrikvincent	0:05ccbd4f84f1	658	pbit = CHAP_WITHPEER;
hendrikvincent	0:05ccbd4f84f1	659	break;
hendrikvincent	0:05ccbd4f84f1	660	case PPP_PAP:
hendrikvincent	0:05ccbd4f84f1	661	if (passwd_from_file) {
hendrikvincent	0:05ccbd4f84f1	662	BZERO(ppp_settings.passwd, MAXSECRETLEN);
hendrikvincent	0:05ccbd4f84f1	663	}
hendrikvincent	0:05ccbd4f84f1	664	pbit = PAP_WITHPEER;
hendrikvincent	0:05ccbd4f84f1	665	break;
hendrikvincent	0:05ccbd4f84f1	666	default:
hendrikvincent	0:05ccbd4f84f1	667	AUTHDEBUG(LOG_WARNING, ("auth_peer_success: unknown protocol %x\n", protocol));
hendrikvincent	0:05ccbd4f84f1	668	pbit = 0;
hendrikvincent	0:05ccbd4f84f1	669	}
hendrikvincent	0:05ccbd4f84f1	670
hendrikvincent	0:05ccbd4f84f1	671	/*
hendrikvincent	0:05ccbd4f84f1	672	* If there is no more authentication still being done,
hendrikvincent	0:05ccbd4f84f1	673	* proceed to the network (or callback) phase.
hendrikvincent	0:05ccbd4f84f1	674	*/
hendrikvincent	0:05ccbd4f84f1	675	if ((auth_pending[unit] &= ~pbit) == 0) {
hendrikvincent	0:05ccbd4f84f1	676	network_phase(unit);
hendrikvincent	0:05ccbd4f84f1	677	}
hendrikvincent	0:05ccbd4f84f1	678	}
hendrikvincent	0:05ccbd4f84f1	679	#endif /* PAP_SUPPORT \|\| CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	680
hendrikvincent	0:05ccbd4f84f1	681
hendrikvincent	0:05ccbd4f84f1	682	/*
hendrikvincent	0:05ccbd4f84f1	683	* np_up - a network protocol has come up.
hendrikvincent	0:05ccbd4f84f1	684	*/
hendrikvincent	0:05ccbd4f84f1	685	void
hendrikvincent	0:05ccbd4f84f1	686	np_up(int unit, u16_t proto)
hendrikvincent	0:05ccbd4f84f1	687	{
hendrikvincent	0:05ccbd4f84f1	688	LWIP_UNUSED_ARG(unit);
hendrikvincent	0:05ccbd4f84f1	689	LWIP_UNUSED_ARG(proto);
hendrikvincent	0:05ccbd4f84f1	690
hendrikvincent	0:05ccbd4f84f1	691	AUTHDEBUG(LOG_INFO, ("np_up: %d proto=%X\n", unit, proto));
hendrikvincent	0:05ccbd4f84f1	692	if (num_np_up == 0) {
hendrikvincent	0:05ccbd4f84f1	693	AUTHDEBUG(LOG_INFO, ("np_up: maxconnect=%d idle_time_limit=%d\n",ppp_settings.maxconnect,ppp_settings.idle_time_limit));
hendrikvincent	0:05ccbd4f84f1	694	/*
hendrikvincent	0:05ccbd4f84f1	695	* At this point we consider that the link has come up successfully.
hendrikvincent	0:05ccbd4f84f1	696	*/
hendrikvincent	0:05ccbd4f84f1	697	if (ppp_settings.idle_time_limit > 0) {
hendrikvincent	0:05ccbd4f84f1	698	TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit);
hendrikvincent	0:05ccbd4f84f1	699	}
hendrikvincent	0:05ccbd4f84f1	700
hendrikvincent	0:05ccbd4f84f1	701	/*
hendrikvincent	0:05ccbd4f84f1	702	* Set a timeout to close the connection once the maximum
hendrikvincent	0:05ccbd4f84f1	703	* connect time has expired.
hendrikvincent	0:05ccbd4f84f1	704	*/
hendrikvincent	0:05ccbd4f84f1	705	if (ppp_settings.maxconnect > 0) {
hendrikvincent	0:05ccbd4f84f1	706	TIMEOUT(connect_time_expired, 0, ppp_settings.maxconnect);
hendrikvincent	0:05ccbd4f84f1	707	}
hendrikvincent	0:05ccbd4f84f1	708	}
hendrikvincent	0:05ccbd4f84f1	709	++num_np_up;
hendrikvincent	0:05ccbd4f84f1	710	}
hendrikvincent	0:05ccbd4f84f1	711
hendrikvincent	0:05ccbd4f84f1	712	/*
hendrikvincent	0:05ccbd4f84f1	713	* np_down - a network protocol has gone down.
hendrikvincent	0:05ccbd4f84f1	714	*/
hendrikvincent	0:05ccbd4f84f1	715	void
hendrikvincent	0:05ccbd4f84f1	716	np_down(int unit, u16_t proto)
hendrikvincent	0:05ccbd4f84f1	717	{
hendrikvincent	0:05ccbd4f84f1	718	LWIP_UNUSED_ARG(unit);
hendrikvincent	0:05ccbd4f84f1	719	LWIP_UNUSED_ARG(proto);
hendrikvincent	0:05ccbd4f84f1	720
hendrikvincent	0:05ccbd4f84f1	721	AUTHDEBUG(LOG_INFO, ("np_down: %d proto=%X\n", unit, proto));
hendrikvincent	0:05ccbd4f84f1	722	if (--num_np_up == 0 && ppp_settings.idle_time_limit > 0) {
hendrikvincent	0:05ccbd4f84f1	723	UNTIMEOUT(check_idle, NULL);
hendrikvincent	0:05ccbd4f84f1	724	}
hendrikvincent	0:05ccbd4f84f1	725	}
hendrikvincent	0:05ccbd4f84f1	726
hendrikvincent	0:05ccbd4f84f1	727	/*
hendrikvincent	0:05ccbd4f84f1	728	* np_finished - a network protocol has finished using the link.
hendrikvincent	0:05ccbd4f84f1	729	*/
hendrikvincent	0:05ccbd4f84f1	730	void
hendrikvincent	0:05ccbd4f84f1	731	np_finished(int unit, u16_t proto)
hendrikvincent	0:05ccbd4f84f1	732	{
hendrikvincent	0:05ccbd4f84f1	733	LWIP_UNUSED_ARG(unit);
hendrikvincent	0:05ccbd4f84f1	734	LWIP_UNUSED_ARG(proto);
hendrikvincent	0:05ccbd4f84f1	735
hendrikvincent	0:05ccbd4f84f1	736	AUTHDEBUG(LOG_INFO, ("np_finished: %d proto=%X\n", unit, proto));
hendrikvincent	0:05ccbd4f84f1	737	if (--num_np_open <= 0) {
hendrikvincent	0:05ccbd4f84f1	738	/* no further use for the link: shut up shop. */
hendrikvincent	0:05ccbd4f84f1	739	lcp_close(0, "No network protocols running");
hendrikvincent	0:05ccbd4f84f1	740	}
hendrikvincent	0:05ccbd4f84f1	741	}
hendrikvincent	0:05ccbd4f84f1	742
hendrikvincent	0:05ccbd4f84f1	743	/*
hendrikvincent	0:05ccbd4f84f1	744	* check_idle - check whether the link has been idle for long
hendrikvincent	0:05ccbd4f84f1	745	* enough that we can shut it down.
hendrikvincent	0:05ccbd4f84f1	746	*/
hendrikvincent	0:05ccbd4f84f1	747	static void
hendrikvincent	0:05ccbd4f84f1	748	check_idle(void *arg)
hendrikvincent	0:05ccbd4f84f1	749	{
hendrikvincent	0:05ccbd4f84f1	750	struct ppp_idle idle;
hendrikvincent	0:05ccbd4f84f1	751	u_short itime;
hendrikvincent	0:05ccbd4f84f1	752
hendrikvincent	0:05ccbd4f84f1	753	LWIP_UNUSED_ARG(arg);
hendrikvincent	0:05ccbd4f84f1	754	if (!get_idle_time(0, &idle)) {
hendrikvincent	0:05ccbd4f84f1	755	return;
hendrikvincent	0:05ccbd4f84f1	756	}
hendrikvincent	0:05ccbd4f84f1	757	itime = LWIP_MIN(idle.xmit_idle, idle.recv_idle);
hendrikvincent	0:05ccbd4f84f1	758	if (itime >= ppp_settings.idle_time_limit) {
hendrikvincent	0:05ccbd4f84f1	759	/* link is idle: shut it down. */
hendrikvincent	0:05ccbd4f84f1	760	AUTHDEBUG(LOG_INFO, ("Terminating connection due to lack of activity.\n"));
hendrikvincent	0:05ccbd4f84f1	761	lcp_close(0, "Link inactive");
hendrikvincent	0:05ccbd4f84f1	762	} else {
hendrikvincent	0:05ccbd4f84f1	763	TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit - itime);
hendrikvincent	0:05ccbd4f84f1	764	}
hendrikvincent	0:05ccbd4f84f1	765	}
hendrikvincent	0:05ccbd4f84f1	766
hendrikvincent	0:05ccbd4f84f1	767	/*
hendrikvincent	0:05ccbd4f84f1	768	* connect_time_expired - log a message and close the connection.
hendrikvincent	0:05ccbd4f84f1	769	*/
hendrikvincent	0:05ccbd4f84f1	770	static void
hendrikvincent	0:05ccbd4f84f1	771	connect_time_expired(void *arg)
hendrikvincent	0:05ccbd4f84f1	772	{
hendrikvincent	0:05ccbd4f84f1	773	LWIP_UNUSED_ARG(arg);
hendrikvincent	0:05ccbd4f84f1	774
hendrikvincent	0:05ccbd4f84f1	775	AUTHDEBUG(LOG_INFO, ("Connect time expired\n"));
hendrikvincent	0:05ccbd4f84f1	776	lcp_close(0, "Connect time expired"); /* Close connection */
hendrikvincent	0:05ccbd4f84f1	777	}
hendrikvincent	0:05ccbd4f84f1	778
hendrikvincent	0:05ccbd4f84f1	779	#if 0 /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	780	/*
hendrikvincent	0:05ccbd4f84f1	781	* auth_check_options - called to check authentication options.
hendrikvincent	0:05ccbd4f84f1	782	*/
hendrikvincent	0:05ccbd4f84f1	783	void
hendrikvincent	0:05ccbd4f84f1	784	auth_check_options(void)
hendrikvincent	0:05ccbd4f84f1	785	{
hendrikvincent	0:05ccbd4f84f1	786	lcp_options *wo = &lcp_wantoptions[0];
hendrikvincent	0:05ccbd4f84f1	787	int can_auth;
hendrikvincent	0:05ccbd4f84f1	788	ipcp_options *ipwo = &ipcp_wantoptions[0];
hendrikvincent	0:05ccbd4f84f1	789	u32_t remote;
hendrikvincent	0:05ccbd4f84f1	790
hendrikvincent	0:05ccbd4f84f1	791	/* Default our_name to hostname, and user to our_name */
hendrikvincent	0:05ccbd4f84f1	792	if (ppp_settings.our_name[0] == 0 \|\| ppp_settings.usehostname) {
hendrikvincent	0:05ccbd4f84f1	793	strcpy(ppp_settings.our_name, ppp_settings.hostname);
hendrikvincent	0:05ccbd4f84f1	794	}
hendrikvincent	0:05ccbd4f84f1	795
hendrikvincent	0:05ccbd4f84f1	796	if (ppp_settings.user[0] == 0) {
hendrikvincent	0:05ccbd4f84f1	797	strcpy(ppp_settings.user, ppp_settings.our_name);
hendrikvincent	0:05ccbd4f84f1	798	}
hendrikvincent	0:05ccbd4f84f1	799
hendrikvincent	0:05ccbd4f84f1	800	/* If authentication is required, ask peer for CHAP or PAP. */
hendrikvincent	0:05ccbd4f84f1	801	if (ppp_settings.auth_required && !wo->neg_chap && !wo->neg_upap) {
hendrikvincent	0:05ccbd4f84f1	802	wo->neg_chap = 1;
hendrikvincent	0:05ccbd4f84f1	803	wo->neg_upap = 1;
hendrikvincent	0:05ccbd4f84f1	804	}
hendrikvincent	0:05ccbd4f84f1	805
hendrikvincent	0:05ccbd4f84f1	806	/*
hendrikvincent	0:05ccbd4f84f1	807	* Check whether we have appropriate secrets to use
hendrikvincent	0:05ccbd4f84f1	808	* to authenticate the peer.
hendrikvincent	0:05ccbd4f84f1	809	*/
hendrikvincent	0:05ccbd4f84f1	810	can_auth = wo->neg_upap && have_pap_secret();
hendrikvincent	0:05ccbd4f84f1	811	if (!can_auth && wo->neg_chap) {
hendrikvincent	0:05ccbd4f84f1	812	remote = ipwo->accept_remote? 0: ipwo->hisaddr;
hendrikvincent	0:05ccbd4f84f1	813	can_auth = have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote);
hendrikvincent	0:05ccbd4f84f1	814	}
hendrikvincent	0:05ccbd4f84f1	815
hendrikvincent	0:05ccbd4f84f1	816	if (ppp_settings.auth_required && !can_auth) {
hendrikvincent	0:05ccbd4f84f1	817	ppp_panic("No auth secret");
hendrikvincent	0:05ccbd4f84f1	818	}
hendrikvincent	0:05ccbd4f84f1	819	}
hendrikvincent	0:05ccbd4f84f1	820	#endif /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	821
hendrikvincent	0:05ccbd4f84f1	822	/*
hendrikvincent	0:05ccbd4f84f1	823	* auth_reset - called when LCP is starting negotiations to recheck
hendrikvincent	0:05ccbd4f84f1	824	* authentication options, i.e. whether we have appropriate secrets
hendrikvincent	0:05ccbd4f84f1	825	* to use for authenticating ourselves and/or the peer.
hendrikvincent	0:05ccbd4f84f1	826	*/
hendrikvincent	0:05ccbd4f84f1	827	void
hendrikvincent	0:05ccbd4f84f1	828	auth_reset(int unit)
hendrikvincent	0:05ccbd4f84f1	829	{
hendrikvincent	0:05ccbd4f84f1	830	lcp_options *go = &lcp_gotoptions[unit];
hendrikvincent	0:05ccbd4f84f1	831	lcp_options *ao = &lcp_allowoptions[0];
hendrikvincent	0:05ccbd4f84f1	832	ipcp_options *ipwo = &ipcp_wantoptions[0];
hendrikvincent	0:05ccbd4f84f1	833	u32_t remote;
hendrikvincent	0:05ccbd4f84f1	834
hendrikvincent	0:05ccbd4f84f1	835	AUTHDEBUG(LOG_INFO, ("auth_reset: %d\n", unit));
hendrikvincent	0:05ccbd4f84f1	836	ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 \|\| get_pap_passwd(unit, NULL, NULL));
hendrikvincent	0:05ccbd4f84f1	837	ao->neg_chap = !ppp_settings.refuse_chap && ppp_settings.passwd[0] != 0 /have_chap_secret(ppp_settings.user, ppp_settings.remote_name, (u32_t)0)/;
hendrikvincent	0:05ccbd4f84f1	838
hendrikvincent	0:05ccbd4f84f1	839	if (go->neg_upap && !have_pap_secret()) {
hendrikvincent	0:05ccbd4f84f1	840	go->neg_upap = 0;
hendrikvincent	0:05ccbd4f84f1	841	}
hendrikvincent	0:05ccbd4f84f1	842	if (go->neg_chap) {
hendrikvincent	0:05ccbd4f84f1	843	remote = ipwo->accept_remote? 0: ipwo->hisaddr;
hendrikvincent	0:05ccbd4f84f1	844	if (!have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote)) {
hendrikvincent	0:05ccbd4f84f1	845	go->neg_chap = 0;
hendrikvincent	0:05ccbd4f84f1	846	}
hendrikvincent	0:05ccbd4f84f1	847	}
hendrikvincent	0:05ccbd4f84f1	848	}
hendrikvincent	0:05ccbd4f84f1	849
hendrikvincent	0:05ccbd4f84f1	850	#if PAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	851	/*
hendrikvincent	0:05ccbd4f84f1	852	* check_passwd - Check the user name and passwd against the PAP secrets
hendrikvincent	0:05ccbd4f84f1	853	* file. If requested, also check against the system password database,
hendrikvincent	0:05ccbd4f84f1	854	* and login the user if OK.
hendrikvincent	0:05ccbd4f84f1	855	*
hendrikvincent	0:05ccbd4f84f1	856	* returns:
hendrikvincent	0:05ccbd4f84f1	857	* UPAP_AUTHNAK: Authentication failed.
hendrikvincent	0:05ccbd4f84f1	858	* UPAP_AUTHACK: Authentication succeeded.
hendrikvincent	0:05ccbd4f84f1	859	* In either case, msg points to an appropriate message.
hendrikvincent	0:05ccbd4f84f1	860	*/
hendrikvincent	0:05ccbd4f84f1	861	u_char
hendrikvincent	0:05ccbd4f84f1	862	check_passwd( int unit, char auser, int userlen, char apasswd, int passwdlen, char *msg, int msglen)
hendrikvincent	0:05ccbd4f84f1	863	{
hendrikvincent	0:05ccbd4f84f1	864	#if 1 /* XXX Assume all entries OK. */
hendrikvincent	0:05ccbd4f84f1	865	LWIP_UNUSED_ARG(unit);
hendrikvincent	0:05ccbd4f84f1	866	LWIP_UNUSED_ARG(auser);
hendrikvincent	0:05ccbd4f84f1	867	LWIP_UNUSED_ARG(userlen);
hendrikvincent	0:05ccbd4f84f1	868	LWIP_UNUSED_ARG(apasswd);
hendrikvincent	0:05ccbd4f84f1	869	LWIP_UNUSED_ARG(passwdlen);
hendrikvincent	0:05ccbd4f84f1	870	LWIP_UNUSED_ARG(msglen);
hendrikvincent	0:05ccbd4f84f1	871	msg = (char ) 0;
hendrikvincent	0:05ccbd4f84f1	872	return UPAP_AUTHACK; /* XXX Assume all entries OK. */
hendrikvincent	0:05ccbd4f84f1	873	#else
hendrikvincent	0:05ccbd4f84f1	874	u_char ret = 0;
hendrikvincent	0:05ccbd4f84f1	875	struct wordlist *addrs = NULL;
hendrikvincent	0:05ccbd4f84f1	876	char passwd[256], user[256];
hendrikvincent	0:05ccbd4f84f1	877	char secret[MAXWORDLEN];
hendrikvincent	0:05ccbd4f84f1	878	static u_short attempts = 0;
hendrikvincent	0:05ccbd4f84f1	879
hendrikvincent	0:05ccbd4f84f1	880	/*
hendrikvincent	0:05ccbd4f84f1	881	* Make copies of apasswd and auser, then null-terminate them.
hendrikvincent	0:05ccbd4f84f1	882	*/
hendrikvincent	0:05ccbd4f84f1	883	BCOPY(apasswd, passwd, passwdlen);
hendrikvincent	0:05ccbd4f84f1	884	passwd[passwdlen] = '\0';
hendrikvincent	0:05ccbd4f84f1	885	BCOPY(auser, user, userlen);
hendrikvincent	0:05ccbd4f84f1	886	user[userlen] = '\0';
hendrikvincent	0:05ccbd4f84f1	887	msg = (char ) 0;
hendrikvincent	0:05ccbd4f84f1	888
hendrikvincent	0:05ccbd4f84f1	889	/* XXX Validate user name and password. */
hendrikvincent	0:05ccbd4f84f1	890	ret = UPAP_AUTHACK; /* XXX Assume all entries OK. */
hendrikvincent	0:05ccbd4f84f1	891
hendrikvincent	0:05ccbd4f84f1	892	if (ret == UPAP_AUTHNAK) {
hendrikvincent	0:05ccbd4f84f1	893	if (msg == (char ) 0) {
hendrikvincent	0:05ccbd4f84f1	894	*msg = "Login incorrect";
hendrikvincent	0:05ccbd4f84f1	895	}
hendrikvincent	0:05ccbd4f84f1	896	msglen = strlen(msg);
hendrikvincent	0:05ccbd4f84f1	897	/*
hendrikvincent	0:05ccbd4f84f1	898	* Frustrate passwd stealer programs.
hendrikvincent	0:05ccbd4f84f1	899	* Allow 10 tries, but start backing off after 3 (stolen from login).
hendrikvincent	0:05ccbd4f84f1	900	* On 10'th, drop the connection.
hendrikvincent	0:05ccbd4f84f1	901	*/
hendrikvincent	0:05ccbd4f84f1	902	if (attempts++ >= 10) {
hendrikvincent	0:05ccbd4f84f1	903	AUTHDEBUG(LOG_WARNING, ("%d LOGIN FAILURES BY %s\n", attempts, user));
hendrikvincent	0:05ccbd4f84f1	904	/ppp_panic("Excess Bad Logins");/
hendrikvincent	0:05ccbd4f84f1	905	}
hendrikvincent	0:05ccbd4f84f1	906	if (attempts > 3) {
hendrikvincent	0:05ccbd4f84f1	907	/* @todo: this was sleep(), i.e. seconds, not milliseconds
hendrikvincent	0:05ccbd4f84f1	908	* I don't think we really need this in lwIP - we would block tcpip_thread!
hendrikvincent	0:05ccbd4f84f1	909	*/
hendrikvincent	0:05ccbd4f84f1	910	/sys_msleep((attempts - 3) 5);*/
hendrikvincent	0:05ccbd4f84f1	911	}
hendrikvincent	0:05ccbd4f84f1	912	if (addrs != NULL) {
hendrikvincent	0:05ccbd4f84f1	913	free_wordlist(addrs);
hendrikvincent	0:05ccbd4f84f1	914	}
hendrikvincent	0:05ccbd4f84f1	915	} else {
hendrikvincent	0:05ccbd4f84f1	916	attempts = 0; /* Reset count */
hendrikvincent	0:05ccbd4f84f1	917	if (msg == (char ) 0) {
hendrikvincent	0:05ccbd4f84f1	918	*msg = "Login ok";
hendrikvincent	0:05ccbd4f84f1	919	}
hendrikvincent	0:05ccbd4f84f1	920	msglen = strlen(msg);
hendrikvincent	0:05ccbd4f84f1	921	set_allowed_addrs(unit, addrs);
hendrikvincent	0:05ccbd4f84f1	922	}
hendrikvincent	0:05ccbd4f84f1	923
hendrikvincent	0:05ccbd4f84f1	924	BZERO(passwd, sizeof(passwd));
hendrikvincent	0:05ccbd4f84f1	925	BZERO(secret, sizeof(secret));
hendrikvincent	0:05ccbd4f84f1	926
hendrikvincent	0:05ccbd4f84f1	927	return ret;
hendrikvincent	0:05ccbd4f84f1	928	#endif
hendrikvincent	0:05ccbd4f84f1	929	}
hendrikvincent	0:05ccbd4f84f1	930	#endif /* PAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	931
hendrikvincent	0:05ccbd4f84f1	932	#if 0 /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	933	/*
hendrikvincent	0:05ccbd4f84f1	934	* This function is needed for PAM.
hendrikvincent	0:05ccbd4f84f1	935	*/
hendrikvincent	0:05ccbd4f84f1	936
hendrikvincent	0:05ccbd4f84f1	937	#ifdef USE_PAM
hendrikvincent	0:05ccbd4f84f1	938
hendrikvincent	0:05ccbd4f84f1	939	/* lwip does not support PAM*/
hendrikvincent	0:05ccbd4f84f1	940
hendrikvincent	0:05ccbd4f84f1	941	#endif /* USE_PAM */
hendrikvincent	0:05ccbd4f84f1	942
hendrikvincent	0:05ccbd4f84f1	943	#endif /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	944
hendrikvincent	0:05ccbd4f84f1	945
hendrikvincent	0:05ccbd4f84f1	946	#if 0 /* UNUSED */
hendrikvincent	0:05ccbd4f84f1	947	/*
hendrikvincent	0:05ccbd4f84f1	948	* plogin - Check the user name and password against the system
hendrikvincent	0:05ccbd4f84f1	949	* password database, and login the user if OK.
hendrikvincent	0:05ccbd4f84f1	950	*
hendrikvincent	0:05ccbd4f84f1	951	* returns:
hendrikvincent	0:05ccbd4f84f1	952	* UPAP_AUTHNAK: Login failed.
hendrikvincent	0:05ccbd4f84f1	953	* UPAP_AUTHACK: Login succeeded.
hendrikvincent	0:05ccbd4f84f1	954	* In either case, msg points to an appropriate message.
hendrikvincent	0:05ccbd4f84f1	955	*/
hendrikvincent	0:05ccbd4f84f1	956	static int
hendrikvincent	0:05ccbd4f84f1	957	plogin(char user, char passwd, char *msg, int msglen)
hendrikvincent	0:05ccbd4f84f1	958	{
hendrikvincent	0:05ccbd4f84f1	959
hendrikvincent	0:05ccbd4f84f1	960	LWIP_UNUSED_ARG(user);
hendrikvincent	0:05ccbd4f84f1	961	LWIP_UNUSED_ARG(passwd);
hendrikvincent	0:05ccbd4f84f1	962	LWIP_UNUSED_ARG(msg);
hendrikvincent	0:05ccbd4f84f1	963	LWIP_UNUSED_ARG(msglen);
hendrikvincent	0:05ccbd4f84f1	964
hendrikvincent	0:05ccbd4f84f1	965
hendrikvincent	0:05ccbd4f84f1	966	/* The new lines are here align the file when
hendrikvincent	0:05ccbd4f84f1	967	* compared against the pppd 2.3.11 code */
hendrikvincent	0:05ccbd4f84f1	968
hendrikvincent	0:05ccbd4f84f1	969
hendrikvincent	0:05ccbd4f84f1	970
hendrikvincent	0:05ccbd4f84f1	971
hendrikvincent	0:05ccbd4f84f1	972
hendrikvincent	0:05ccbd4f84f1	973
hendrikvincent	0:05ccbd4f84f1	974
hendrikvincent	0:05ccbd4f84f1	975
hendrikvincent	0:05ccbd4f84f1	976
hendrikvincent	0:05ccbd4f84f1	977
hendrikvincent	0:05ccbd4f84f1	978
hendrikvincent	0:05ccbd4f84f1	979
hendrikvincent	0:05ccbd4f84f1	980
hendrikvincent	0:05ccbd4f84f1	981
hendrikvincent	0:05ccbd4f84f1	982
hendrikvincent	0:05ccbd4f84f1	983
hendrikvincent	0:05ccbd4f84f1	984	/* XXX Fail until we decide that we want to support logins. */
hendrikvincent	0:05ccbd4f84f1	985	return (UPAP_AUTHNAK);
hendrikvincent	0:05ccbd4f84f1	986	}
hendrikvincent	0:05ccbd4f84f1	987	#endif
hendrikvincent	0:05ccbd4f84f1	988
hendrikvincent	0:05ccbd4f84f1	989
hendrikvincent	0:05ccbd4f84f1	990
hendrikvincent	0:05ccbd4f84f1	991	/*
hendrikvincent	0:05ccbd4f84f1	992	* plogout - Logout the user.
hendrikvincent	0:05ccbd4f84f1	993	*/
hendrikvincent	0:05ccbd4f84f1	994	static void
hendrikvincent	0:05ccbd4f84f1	995	plogout(void)
hendrikvincent	0:05ccbd4f84f1	996	{
hendrikvincent	0:05ccbd4f84f1	997	logged_in = 0;
hendrikvincent	0:05ccbd4f84f1	998	}
hendrikvincent	0:05ccbd4f84f1	999
hendrikvincent	0:05ccbd4f84f1	1000	/*
hendrikvincent	0:05ccbd4f84f1	1001	* null_login - Check if a username of "" and a password of "" are
hendrikvincent	0:05ccbd4f84f1	1002	* acceptable, and iff so, set the list of acceptable IP addresses
hendrikvincent	0:05ccbd4f84f1	1003	* and return 1.
hendrikvincent	0:05ccbd4f84f1	1004	*/
hendrikvincent	0:05ccbd4f84f1	1005	static int
hendrikvincent	0:05ccbd4f84f1	1006	null_login(int unit)
hendrikvincent	0:05ccbd4f84f1	1007	{
hendrikvincent	0:05ccbd4f84f1	1008	LWIP_UNUSED_ARG(unit);
hendrikvincent	0:05ccbd4f84f1	1009	/* XXX Fail until we decide that we want to support logins. */
hendrikvincent	0:05ccbd4f84f1	1010	return 0;
hendrikvincent	0:05ccbd4f84f1	1011	}
hendrikvincent	0:05ccbd4f84f1	1012
hendrikvincent	0:05ccbd4f84f1	1013
hendrikvincent	0:05ccbd4f84f1	1014	/*
hendrikvincent	0:05ccbd4f84f1	1015	* get_pap_passwd - get a password for authenticating ourselves with
hendrikvincent	0:05ccbd4f84f1	1016	* our peer using PAP. Returns 1 on success, 0 if no suitable password
hendrikvincent	0:05ccbd4f84f1	1017	* could be found.
hendrikvincent	0:05ccbd4f84f1	1018	*/
hendrikvincent	0:05ccbd4f84f1	1019	static int
hendrikvincent	0:05ccbd4f84f1	1020	get_pap_passwd(int unit, char user, char passwd)
hendrikvincent	0:05ccbd4f84f1	1021	{
hendrikvincent	0:05ccbd4f84f1	1022	LWIP_UNUSED_ARG(unit);
hendrikvincent	0:05ccbd4f84f1	1023	/* normally we would reject PAP if no password is provided,
hendrikvincent	0:05ccbd4f84f1	1024	but this causes problems with some providers (like CHT in Taiwan)
hendrikvincent	0:05ccbd4f84f1	1025	who incorrectly request PAP and expect a bogus/empty password, so
hendrikvincent	0:05ccbd4f84f1	1026	always provide a default user/passwd of "none"/"none"
hendrikvincent	0:05ccbd4f84f1	1027
hendrikvincent	0:05ccbd4f84f1	1028	@todo: This should be configured by the user, instead of being hardcoded here!
hendrikvincent	0:05ccbd4f84f1	1029	*/
hendrikvincent	0:05ccbd4f84f1	1030	if(user) {
hendrikvincent	0:05ccbd4f84f1	1031	strcpy(user, "none");
hendrikvincent	0:05ccbd4f84f1	1032	}
hendrikvincent	0:05ccbd4f84f1	1033	if(passwd) {
hendrikvincent	0:05ccbd4f84f1	1034	strcpy(passwd, "none");
hendrikvincent	0:05ccbd4f84f1	1035	}
hendrikvincent	0:05ccbd4f84f1	1036	return 1;
hendrikvincent	0:05ccbd4f84f1	1037	}
hendrikvincent	0:05ccbd4f84f1	1038
hendrikvincent	0:05ccbd4f84f1	1039	/*
hendrikvincent	0:05ccbd4f84f1	1040	* have_pap_secret - check whether we have a PAP file with any
hendrikvincent	0:05ccbd4f84f1	1041	* secrets that we could possibly use for authenticating the peer.
hendrikvincent	0:05ccbd4f84f1	1042	*/
hendrikvincent	0:05ccbd4f84f1	1043	static int
hendrikvincent	0:05ccbd4f84f1	1044	have_pap_secret(void)
hendrikvincent	0:05ccbd4f84f1	1045	{
hendrikvincent	0:05ccbd4f84f1	1046	/* XXX Fail until we set up our passwords. */
hendrikvincent	0:05ccbd4f84f1	1047	return 0;
hendrikvincent	0:05ccbd4f84f1	1048	}
hendrikvincent	0:05ccbd4f84f1	1049
hendrikvincent	0:05ccbd4f84f1	1050	/*
hendrikvincent	0:05ccbd4f84f1	1051	* have_chap_secret - check whether we have a CHAP file with a
hendrikvincent	0:05ccbd4f84f1	1052	* secret that we could possibly use for authenticating `client'
hendrikvincent	0:05ccbd4f84f1	1053	* on `server'. Either can be the null string, meaning we don't
hendrikvincent	0:05ccbd4f84f1	1054	* know the identity yet.
hendrikvincent	0:05ccbd4f84f1	1055	*/
hendrikvincent	0:05ccbd4f84f1	1056	static int
hendrikvincent	0:05ccbd4f84f1	1057	have_chap_secret(char client, char server, u32_t remote)
hendrikvincent	0:05ccbd4f84f1	1058	{
hendrikvincent	0:05ccbd4f84f1	1059	LWIP_UNUSED_ARG(client);
hendrikvincent	0:05ccbd4f84f1	1060	LWIP_UNUSED_ARG(server);
hendrikvincent	0:05ccbd4f84f1	1061	LWIP_UNUSED_ARG(remote);
hendrikvincent	0:05ccbd4f84f1	1062
hendrikvincent	0:05ccbd4f84f1	1063	/* XXX Fail until we set up our passwords. */
hendrikvincent	0:05ccbd4f84f1	1064	return 0;
hendrikvincent	0:05ccbd4f84f1	1065	}
hendrikvincent	0:05ccbd4f84f1	1066	#if CHAP_SUPPORT
hendrikvincent	0:05ccbd4f84f1	1067
hendrikvincent	0:05ccbd4f84f1	1068	/*
hendrikvincent	0:05ccbd4f84f1	1069	* get_secret - open the CHAP secret file and return the secret
hendrikvincent	0:05ccbd4f84f1	1070	* for authenticating the given client on the given server.
hendrikvincent	0:05ccbd4f84f1	1071	* (We could be either client or server).
hendrikvincent	0:05ccbd4f84f1	1072	*/
hendrikvincent	0:05ccbd4f84f1	1073	int
hendrikvincent	0:05ccbd4f84f1	1074	get_secret(int unit, char client, char server, char secret, int secret_len, int save_addrs)
hendrikvincent	0:05ccbd4f84f1	1075	{
hendrikvincent	0:05ccbd4f84f1	1076	#if 1
hendrikvincent	0:05ccbd4f84f1	1077	int len;
hendrikvincent	0:05ccbd4f84f1	1078	struct wordlist *addrs;
hendrikvincent	0:05ccbd4f84f1	1079
hendrikvincent	0:05ccbd4f84f1	1080	LWIP_UNUSED_ARG(unit);
hendrikvincent	0:05ccbd4f84f1	1081	LWIP_UNUSED_ARG(server);
hendrikvincent	0:05ccbd4f84f1	1082	LWIP_UNUSED_ARG(save_addrs);
hendrikvincent	0:05ccbd4f84f1	1083
hendrikvincent	0:05ccbd4f84f1	1084	addrs = NULL;
hendrikvincent	0:05ccbd4f84f1	1085
hendrikvincent	0:05ccbd4f84f1	1086	if(!client \|\| !client[0] \|\| strcmp(client, ppp_settings.user)) {
hendrikvincent	0:05ccbd4f84f1	1087	return 0;
hendrikvincent	0:05ccbd4f84f1	1088	}
hendrikvincent	0:05ccbd4f84f1	1089
hendrikvincent	0:05ccbd4f84f1	1090	len = (int)strlen(ppp_settings.passwd);
hendrikvincent	0:05ccbd4f84f1	1091	if (len > MAXSECRETLEN) {
hendrikvincent	0:05ccbd4f84f1	1092	AUTHDEBUG(LOG_ERR, ("Secret for %s on %s is too long\n", client, server));
hendrikvincent	0:05ccbd4f84f1	1093	len = MAXSECRETLEN;
hendrikvincent	0:05ccbd4f84f1	1094	}
hendrikvincent	0:05ccbd4f84f1	1095
hendrikvincent	0:05ccbd4f84f1	1096	BCOPY(ppp_settings.passwd, secret, len);
hendrikvincent	0:05ccbd4f84f1	1097	*secret_len = len;
hendrikvincent	0:05ccbd4f84f1	1098
hendrikvincent	0:05ccbd4f84f1	1099	return 1;
hendrikvincent	0:05ccbd4f84f1	1100	#else
hendrikvincent	0:05ccbd4f84f1	1101	int ret = 0, len;
hendrikvincent	0:05ccbd4f84f1	1102	struct wordlist *addrs;
hendrikvincent	0:05ccbd4f84f1	1103	char secbuf[MAXWORDLEN];
hendrikvincent	0:05ccbd4f84f1	1104
hendrikvincent	0:05ccbd4f84f1	1105	addrs = NULL;
hendrikvincent	0:05ccbd4f84f1	1106	secbuf[0] = 0;
hendrikvincent	0:05ccbd4f84f1	1107
hendrikvincent	0:05ccbd4f84f1	1108	/* XXX Find secret. */
hendrikvincent	0:05ccbd4f84f1	1109	if (ret < 0) {
hendrikvincent	0:05ccbd4f84f1	1110	return 0;
hendrikvincent	0:05ccbd4f84f1	1111	}
hendrikvincent	0:05ccbd4f84f1	1112
hendrikvincent	0:05ccbd4f84f1	1113	if (save_addrs) {
hendrikvincent	0:05ccbd4f84f1	1114	set_allowed_addrs(unit, addrs);
hendrikvincent	0:05ccbd4f84f1	1115	}
hendrikvincent	0:05ccbd4f84f1	1116
hendrikvincent	0:05ccbd4f84f1	1117	len = strlen(secbuf);
hendrikvincent	0:05ccbd4f84f1	1118	if (len > MAXSECRETLEN) {
hendrikvincent	0:05ccbd4f84f1	1119	AUTHDEBUG(LOG_ERR, ("Secret for %s on %s is too long\n", client, server));
hendrikvincent	0:05ccbd4f84f1	1120	len = MAXSECRETLEN;
hendrikvincent	0:05ccbd4f84f1	1121	}
hendrikvincent	0:05ccbd4f84f1	1122
hendrikvincent	0:05ccbd4f84f1	1123	BCOPY(secbuf, secret, len);
hendrikvincent	0:05ccbd4f84f1	1124	BZERO(secbuf, sizeof(secbuf));
hendrikvincent	0:05ccbd4f84f1	1125	*secret_len = len;
hendrikvincent	0:05ccbd4f84f1	1126
hendrikvincent	0:05ccbd4f84f1	1127	return 1;
hendrikvincent	0:05ccbd4f84f1	1128	#endif
hendrikvincent	0:05ccbd4f84f1	1129	}
hendrikvincent	0:05ccbd4f84f1	1130	#endif /* CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	1131
hendrikvincent	0:05ccbd4f84f1	1132
hendrikvincent	0:05ccbd4f84f1	1133	#if 0 /* PAP_SUPPORT \|\| CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	1134	/*
hendrikvincent	0:05ccbd4f84f1	1135	* set_allowed_addrs() - set the list of allowed addresses.
hendrikvincent	0:05ccbd4f84f1	1136	*/
hendrikvincent	0:05ccbd4f84f1	1137	static void
hendrikvincent	0:05ccbd4f84f1	1138	set_allowed_addrs(int unit, struct wordlist *addrs)
hendrikvincent	0:05ccbd4f84f1	1139	{
hendrikvincent	0:05ccbd4f84f1	1140	if (addresses[unit] != NULL) {
hendrikvincent	0:05ccbd4f84f1	1141	free_wordlist(addresses[unit]);
hendrikvincent	0:05ccbd4f84f1	1142	}
hendrikvincent	0:05ccbd4f84f1	1143	addresses[unit] = addrs;
hendrikvincent	0:05ccbd4f84f1	1144
hendrikvincent	0:05ccbd4f84f1	1145	#if 0
hendrikvincent	0:05ccbd4f84f1	1146	/*
hendrikvincent	0:05ccbd4f84f1	1147	* If there's only one authorized address we might as well
hendrikvincent	0:05ccbd4f84f1	1148	* ask our peer for that one right away
hendrikvincent	0:05ccbd4f84f1	1149	*/
hendrikvincent	0:05ccbd4f84f1	1150	if (addrs != NULL && addrs->next == NULL) {
hendrikvincent	0:05ccbd4f84f1	1151	char *p = addrs->word;
hendrikvincent	0:05ccbd4f84f1	1152	struct ipcp_options *wo = &ipcp_wantoptions[unit];
hendrikvincent	0:05ccbd4f84f1	1153	u32_t a;
hendrikvincent	0:05ccbd4f84f1	1154	struct hostent *hp;
hendrikvincent	0:05ccbd4f84f1	1155
hendrikvincent	0:05ccbd4f84f1	1156	if (wo->hisaddr == 0 && p != '!' && p != '-' && strchr(p, '/') == NULL) {
hendrikvincent	0:05ccbd4f84f1	1157	hp = gethostbyname(p);
hendrikvincent	0:05ccbd4f84f1	1158	if (hp != NULL && hp->h_addrtype == AF_INET) {
hendrikvincent	0:05ccbd4f84f1	1159	a = (u32_t )hp->h_addr;
hendrikvincent	0:05ccbd4f84f1	1160	} else {
hendrikvincent	0:05ccbd4f84f1	1161	a = inet_addr(p);
hendrikvincent	0:05ccbd4f84f1	1162	}
hendrikvincent	0:05ccbd4f84f1	1163	if (a != (u32_t) -1) {
hendrikvincent	0:05ccbd4f84f1	1164	wo->hisaddr = a;
hendrikvincent	0:05ccbd4f84f1	1165	}
hendrikvincent	0:05ccbd4f84f1	1166	}
hendrikvincent	0:05ccbd4f84f1	1167	}
hendrikvincent	0:05ccbd4f84f1	1168	#endif
hendrikvincent	0:05ccbd4f84f1	1169	}
hendrikvincent	0:05ccbd4f84f1	1170	#endif /* 0 / / PAP_SUPPORT \|\| CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	1171
hendrikvincent	0:05ccbd4f84f1	1172	/*
hendrikvincent	0:05ccbd4f84f1	1173	* auth_ip_addr - check whether the peer is authorized to use
hendrikvincent	0:05ccbd4f84f1	1174	* a given IP address. Returns 1 if authorized, 0 otherwise.
hendrikvincent	0:05ccbd4f84f1	1175	*/
hendrikvincent	0:05ccbd4f84f1	1176	int
hendrikvincent	0:05ccbd4f84f1	1177	auth_ip_addr(int unit, u32_t addr)
hendrikvincent	0:05ccbd4f84f1	1178	{
hendrikvincent	0:05ccbd4f84f1	1179	return ip_addr_check(addr, addresses[unit]);
hendrikvincent	0:05ccbd4f84f1	1180	}
hendrikvincent	0:05ccbd4f84f1	1181
hendrikvincent	0:05ccbd4f84f1	1182	static int /* @todo: integrate this funtion into auth_ip_addr()*/
hendrikvincent	0:05ccbd4f84f1	1183	ip_addr_check(u32_t addr, struct wordlist *addrs)
hendrikvincent	0:05ccbd4f84f1	1184	{
hendrikvincent	0:05ccbd4f84f1	1185	/* don't allow loopback or multicast address */
hendrikvincent	0:05ccbd4f84f1	1186	if (bad_ip_adrs(addr)) {
hendrikvincent	0:05ccbd4f84f1	1187	return 0;
hendrikvincent	0:05ccbd4f84f1	1188	}
hendrikvincent	0:05ccbd4f84f1	1189
hendrikvincent	0:05ccbd4f84f1	1190	if (addrs == NULL) {
hendrikvincent	0:05ccbd4f84f1	1191	return !ppp_settings.auth_required; /* no addresses authorized */
hendrikvincent	0:05ccbd4f84f1	1192	}
hendrikvincent	0:05ccbd4f84f1	1193
hendrikvincent	0:05ccbd4f84f1	1194	/* XXX All other addresses allowed. */
hendrikvincent	0:05ccbd4f84f1	1195	return 1;
hendrikvincent	0:05ccbd4f84f1	1196	}
hendrikvincent	0:05ccbd4f84f1	1197
hendrikvincent	0:05ccbd4f84f1	1198	/*
hendrikvincent	0:05ccbd4f84f1	1199	* bad_ip_adrs - return 1 if the IP address is one we don't want
hendrikvincent	0:05ccbd4f84f1	1200	* to use, such as an address in the loopback net or a multicast address.
hendrikvincent	0:05ccbd4f84f1	1201	* addr is in network byte order.
hendrikvincent	0:05ccbd4f84f1	1202	*/
hendrikvincent	0:05ccbd4f84f1	1203	int
hendrikvincent	0:05ccbd4f84f1	1204	bad_ip_adrs(u32_t addr)
hendrikvincent	0:05ccbd4f84f1	1205	{
hendrikvincent	0:05ccbd4f84f1	1206	addr = ntohl(addr);
hendrikvincent	0:05ccbd4f84f1	1207	return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
hendrikvincent	0:05ccbd4f84f1	1208	\|\| IN_MULTICAST(addr) \|\| IN_BADCLASS(addr);
hendrikvincent	0:05ccbd4f84f1	1209	}
hendrikvincent	0:05ccbd4f84f1	1210
hendrikvincent	0:05ccbd4f84f1	1211	#if 0 /* UNUSED / / PAP_SUPPORT \|\| CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	1212	/*
hendrikvincent	0:05ccbd4f84f1	1213	* some_ip_ok - check a wordlist to see if it authorizes any
hendrikvincent	0:05ccbd4f84f1	1214	* IP address(es).
hendrikvincent	0:05ccbd4f84f1	1215	*/
hendrikvincent	0:05ccbd4f84f1	1216	static int
hendrikvincent	0:05ccbd4f84f1	1217	some_ip_ok(struct wordlist *addrs)
hendrikvincent	0:05ccbd4f84f1	1218	{
hendrikvincent	0:05ccbd4f84f1	1219	for (; addrs != 0; addrs = addrs->next) {
hendrikvincent	0:05ccbd4f84f1	1220	if (addrs->word[0] == '-')
hendrikvincent	0:05ccbd4f84f1	1221	break;
hendrikvincent	0:05ccbd4f84f1	1222	if (addrs->word[0] != '!')
hendrikvincent	0:05ccbd4f84f1	1223	return 1; /* some IP address is allowed */
hendrikvincent	0:05ccbd4f84f1	1224	}
hendrikvincent	0:05ccbd4f84f1	1225	return 0;
hendrikvincent	0:05ccbd4f84f1	1226	}
hendrikvincent	0:05ccbd4f84f1	1227
hendrikvincent	0:05ccbd4f84f1	1228	/*
hendrikvincent	0:05ccbd4f84f1	1229	* check_access - complain if a secret file has too-liberal permissions.
hendrikvincent	0:05ccbd4f84f1	1230	*/
hendrikvincent	0:05ccbd4f84f1	1231	static void
hendrikvincent	0:05ccbd4f84f1	1232	check_access(FILE f, char filename)
hendrikvincent	0:05ccbd4f84f1	1233	{
hendrikvincent	0:05ccbd4f84f1	1234	struct stat sbuf;
hendrikvincent	0:05ccbd4f84f1	1235
hendrikvincent	0:05ccbd4f84f1	1236	if (fstat(fileno(f), &sbuf) < 0) {
hendrikvincent	0:05ccbd4f84f1	1237	warn("cannot stat secret file %s: %m", filename);
hendrikvincent	0:05ccbd4f84f1	1238	} else if ((sbuf.st_mode & (S_IRWXG \| S_IRWXO)) != 0) {
hendrikvincent	0:05ccbd4f84f1	1239	warn("Warning - secret file %s has world and/or group access",
hendrikvincent	0:05ccbd4f84f1	1240	filename);
hendrikvincent	0:05ccbd4f84f1	1241	}
hendrikvincent	0:05ccbd4f84f1	1242	}
hendrikvincent	0:05ccbd4f84f1	1243
hendrikvincent	0:05ccbd4f84f1	1244
hendrikvincent	0:05ccbd4f84f1	1245	/*
hendrikvincent	0:05ccbd4f84f1	1246	* scan_authfile - Scan an authorization file for a secret suitable
hendrikvincent	0:05ccbd4f84f1	1247	* for authenticating `client' on `server'. The return value is -1
hendrikvincent	0:05ccbd4f84f1	1248	* if no secret is found, otherwise >= 0. The return value has
hendrikvincent	0:05ccbd4f84f1	1249	* NONWILD_CLIENT set if the secret didn't have "*" for the client, and
hendrikvincent	0:05ccbd4f84f1	1250	* NONWILD_SERVER set if the secret didn't have "*" for the server.
hendrikvincent	0:05ccbd4f84f1	1251	* Any following words on the line up to a "--" (i.e. address authorization
hendrikvincent	0:05ccbd4f84f1	1252	* info) are placed in a wordlist and returned in *addrs. Any
hendrikvincent	0:05ccbd4f84f1	1253	* following words (extra options) are placed in a wordlist and
hendrikvincent	0:05ccbd4f84f1	1254	* returned in *opts.
hendrikvincent	0:05ccbd4f84f1	1255	* We assume secret is NULL or points to MAXWORDLEN bytes of space.
hendrikvincent	0:05ccbd4f84f1	1256	*/
hendrikvincent	0:05ccbd4f84f1	1257	static int
hendrikvincent	0:05ccbd4f84f1	1258	scan_authfile(FILE f, char client, char server, char secret, struct wordlist addrs, struct wordlist opts, char *filename)
hendrikvincent	0:05ccbd4f84f1	1259	{
hendrikvincent	0:05ccbd4f84f1	1260	/* We do not (currently) need this in lwip */
hendrikvincent	0:05ccbd4f84f1	1261	return 0; /* dummy */
hendrikvincent	0:05ccbd4f84f1	1262	}
hendrikvincent	0:05ccbd4f84f1	1263	/*
hendrikvincent	0:05ccbd4f84f1	1264	* free_wordlist - release memory allocated for a wordlist.
hendrikvincent	0:05ccbd4f84f1	1265	*/
hendrikvincent	0:05ccbd4f84f1	1266	static void
hendrikvincent	0:05ccbd4f84f1	1267	free_wordlist(struct wordlist *wp)
hendrikvincent	0:05ccbd4f84f1	1268	{
hendrikvincent	0:05ccbd4f84f1	1269	struct wordlist *next;
hendrikvincent	0:05ccbd4f84f1	1270
hendrikvincent	0:05ccbd4f84f1	1271	while (wp != NULL) {
hendrikvincent	0:05ccbd4f84f1	1272	next = wp->next;
hendrikvincent	0:05ccbd4f84f1	1273	free(wp);
hendrikvincent	0:05ccbd4f84f1	1274	wp = next;
hendrikvincent	0:05ccbd4f84f1	1275	}
hendrikvincent	0:05ccbd4f84f1	1276	}
hendrikvincent	0:05ccbd4f84f1	1277
hendrikvincent	0:05ccbd4f84f1	1278	/*
hendrikvincent	0:05ccbd4f84f1	1279	* auth_script_done - called when the auth-up or auth-down script
hendrikvincent	0:05ccbd4f84f1	1280	* has finished.
hendrikvincent	0:05ccbd4f84f1	1281	*/
hendrikvincent	0:05ccbd4f84f1	1282	static void
hendrikvincent	0:05ccbd4f84f1	1283	auth_script_done(void *arg)
hendrikvincent	0:05ccbd4f84f1	1284	{
hendrikvincent	0:05ccbd4f84f1	1285	auth_script_pid = 0;
hendrikvincent	0:05ccbd4f84f1	1286	switch (auth_script_state) {
hendrikvincent	0:05ccbd4f84f1	1287	case s_up:
hendrikvincent	0:05ccbd4f84f1	1288	if (auth_state == s_down) {
hendrikvincent	0:05ccbd4f84f1	1289	auth_script_state = s_down;
hendrikvincent	0:05ccbd4f84f1	1290	auth_script(_PATH_AUTHDOWN);
hendrikvincent	0:05ccbd4f84f1	1291	}
hendrikvincent	0:05ccbd4f84f1	1292	break;
hendrikvincent	0:05ccbd4f84f1	1293	case s_down:
hendrikvincent	0:05ccbd4f84f1	1294	if (auth_state == s_up) {
hendrikvincent	0:05ccbd4f84f1	1295	auth_script_state = s_up;
hendrikvincent	0:05ccbd4f84f1	1296	auth_script(_PATH_AUTHUP);
hendrikvincent	0:05ccbd4f84f1	1297	}
hendrikvincent	0:05ccbd4f84f1	1298	break;
hendrikvincent	0:05ccbd4f84f1	1299	}
hendrikvincent	0:05ccbd4f84f1	1300	}
hendrikvincent	0:05ccbd4f84f1	1301
hendrikvincent	0:05ccbd4f84f1	1302	/*
hendrikvincent	0:05ccbd4f84f1	1303	* auth_script - execute a script with arguments
hendrikvincent	0:05ccbd4f84f1	1304	* interface-name peer-name real-user tty speed
hendrikvincent	0:05ccbd4f84f1	1305	*/
hendrikvincent	0:05ccbd4f84f1	1306	static void
hendrikvincent	0:05ccbd4f84f1	1307	auth_script(char *script)
hendrikvincent	0:05ccbd4f84f1	1308	{
hendrikvincent	0:05ccbd4f84f1	1309	char strspeed[32];
hendrikvincent	0:05ccbd4f84f1	1310	struct passwd *pw;
hendrikvincent	0:05ccbd4f84f1	1311	char struid[32];
hendrikvincent	0:05ccbd4f84f1	1312	char *user_name;
hendrikvincent	0:05ccbd4f84f1	1313	char *argv[8];
hendrikvincent	0:05ccbd4f84f1	1314
hendrikvincent	0:05ccbd4f84f1	1315	if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL)
hendrikvincent	0:05ccbd4f84f1	1316	user_name = pw->pw_name;
hendrikvincent	0:05ccbd4f84f1	1317	else {
hendrikvincent	0:05ccbd4f84f1	1318	slprintf(struid, sizeof(struid), "%d", getuid());
hendrikvincent	0:05ccbd4f84f1	1319	user_name = struid;
hendrikvincent	0:05ccbd4f84f1	1320	}
hendrikvincent	0:05ccbd4f84f1	1321	slprintf(strspeed, sizeof(strspeed), "%d", baud_rate);
hendrikvincent	0:05ccbd4f84f1	1322
hendrikvincent	0:05ccbd4f84f1	1323	argv[0] = script;
hendrikvincent	0:05ccbd4f84f1	1324	argv[1] = ifname;
hendrikvincent	0:05ccbd4f84f1	1325	argv[2] = peer_authname;
hendrikvincent	0:05ccbd4f84f1	1326	argv[3] = user_name;
hendrikvincent	0:05ccbd4f84f1	1327	argv[4] = devnam;
hendrikvincent	0:05ccbd4f84f1	1328	argv[5] = strspeed;
hendrikvincent	0:05ccbd4f84f1	1329	argv[6] = NULL;
hendrikvincent	0:05ccbd4f84f1	1330
hendrikvincent	0:05ccbd4f84f1	1331	auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL);
hendrikvincent	0:05ccbd4f84f1	1332	}
hendrikvincent	0:05ccbd4f84f1	1333	#endif /* 0 / / PAP_SUPPORT \|\| CHAP_SUPPORT */
hendrikvincent	0:05ccbd4f84f1	1334	#endif /* PPP_SUPPORT */

Repository toolbox

Export to desktop IDE

Build repository

Repository details

Type:	Program
Mbed OS support:	Mbed 2 deprecated
Created:	02 Dec 2013
Imports:	2
Forks:	0
Commits:	1
Dependents:	0
Dependencies:	2
Followers:	1

NetServices/lwip/netif/ppp/auth.c@0:05ccbd4f84f1, 2013-12-02 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning