User | Revision | Line number | New contents of line |
mbed714 |
0:d616ece2d859
|
1
|
/*****************************************************************************
|
mbed714 |
0:d616ece2d859
|
2
|
* auth.c - Network Authentication and Phase Control program file.
|
mbed714 |
0:d616ece2d859
|
3
|
*
|
mbed714 |
0:d616ece2d859
|
4
|
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
|
mbed714 |
0:d616ece2d859
|
5
|
* Copyright (c) 1997 by Global Election Systems Inc. All rights reserved.
|
mbed714 |
0:d616ece2d859
|
6
|
*
|
mbed714 |
0:d616ece2d859
|
7
|
* The authors hereby grant permission to use, copy, modify, distribute,
|
mbed714 |
0:d616ece2d859
|
8
|
* and license this software and its documentation for any purpose, provided
|
mbed714 |
0:d616ece2d859
|
9
|
* that existing copyright notices are retained in all copies and that this
|
mbed714 |
0:d616ece2d859
|
10
|
* notice and the following disclaimer are included verbatim in any
|
mbed714 |
0:d616ece2d859
|
11
|
* distributions. No written agreement, license, or royalty fee is required
|
mbed714 |
0:d616ece2d859
|
12
|
* for any of the authorized uses.
|
mbed714 |
0:d616ece2d859
|
13
|
*
|
mbed714 |
0:d616ece2d859
|
14
|
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
|
mbed714 |
0:d616ece2d859
|
15
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
mbed714 |
0:d616ece2d859
|
16
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
mbed714 |
0:d616ece2d859
|
17
|
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
mbed714 |
0:d616ece2d859
|
18
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
mbed714 |
0:d616ece2d859
|
19
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
mbed714 |
0:d616ece2d859
|
20
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
mbed714 |
0:d616ece2d859
|
21
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
mbed714 |
0:d616ece2d859
|
22
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
mbed714 |
0:d616ece2d859
|
23
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
mbed714 |
0:d616ece2d859
|
24
|
*
|
mbed714 |
0:d616ece2d859
|
25
|
******************************************************************************
|
mbed714 |
0:d616ece2d859
|
26
|
* REVISION HISTORY
|
mbed714 |
0:d616ece2d859
|
27
|
*
|
mbed714 |
0:d616ece2d859
|
28
|
* 03-01-01 Marc Boucher <marc@mbsi.ca>
|
mbed714 |
0:d616ece2d859
|
29
|
* Ported to lwIP.
|
mbed714 |
0:d616ece2d859
|
30
|
* 97-12-08 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
|
mbed714 |
0:d616ece2d859
|
31
|
* Ported from public pppd code.
|
mbed714 |
0:d616ece2d859
|
32
|
*****************************************************************************/
|
mbed714 |
0:d616ece2d859
|
33
|
/*
|
mbed714 |
0:d616ece2d859
|
34
|
* auth.c - PPP authentication and phase control.
|
mbed714 |
0:d616ece2d859
|
35
|
*
|
mbed714 |
0:d616ece2d859
|
36
|
* Copyright (c) 1993 The Australian National University.
|
mbed714 |
0:d616ece2d859
|
37
|
* All rights reserved.
|
mbed714 |
0:d616ece2d859
|
38
|
*
|
mbed714 |
0:d616ece2d859
|
39
|
* Redistribution and use in source and binary forms are permitted
|
mbed714 |
0:d616ece2d859
|
40
|
* provided that the above copyright notice and this paragraph are
|
mbed714 |
0:d616ece2d859
|
41
|
* duplicated in all such forms and that any documentation,
|
mbed714 |
0:d616ece2d859
|
42
|
* advertising materials, and other materials related to such
|
mbed714 |
0:d616ece2d859
|
43
|
* distribution and use acknowledge that the software was developed
|
mbed714 |
0:d616ece2d859
|
44
|
* by the Australian National University. The name of the University
|
mbed714 |
0:d616ece2d859
|
45
|
* may not be used to endorse or promote products derived from this
|
mbed714 |
0:d616ece2d859
|
46
|
* software without specific prior written permission.
|
mbed714 |
0:d616ece2d859
|
47
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
|
mbed714 |
0:d616ece2d859
|
48
|
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
mbed714 |
0:d616ece2d859
|
49
|
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
mbed714 |
0:d616ece2d859
|
50
|
*
|
mbed714 |
0:d616ece2d859
|
51
|
* Copyright (c) 1989 Carnegie Mellon University.
|
mbed714 |
0:d616ece2d859
|
52
|
* All rights reserved.
|
mbed714 |
0:d616ece2d859
|
53
|
*
|
mbed714 |
0:d616ece2d859
|
54
|
* Redistribution and use in source and binary forms are permitted
|
mbed714 |
0:d616ece2d859
|
55
|
* provided that the above copyright notice and this paragraph are
|
mbed714 |
0:d616ece2d859
|
56
|
* duplicated in all such forms and that any documentation,
|
mbed714 |
0:d616ece2d859
|
57
|
* advertising materials, and other materials related to such
|
mbed714 |
0:d616ece2d859
|
58
|
* distribution and use acknowledge that the software was developed
|
mbed714 |
0:d616ece2d859
|
59
|
* by Carnegie Mellon University. The name of the
|
mbed714 |
0:d616ece2d859
|
60
|
* University may not be used to endorse or promote products derived
|
mbed714 |
0:d616ece2d859
|
61
|
* from this software without specific prior written permission.
|
mbed714 |
0:d616ece2d859
|
62
|
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
|
mbed714 |
0:d616ece2d859
|
63
|
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
mbed714 |
0:d616ece2d859
|
64
|
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
mbed714 |
0:d616ece2d859
|
65
|
*/
|
mbed714 |
0:d616ece2d859
|
66
|
|
mbed714 |
0:d616ece2d859
|
67
|
#include "lwip/opt.h"
|
mbed714 |
0:d616ece2d859
|
68
|
|
mbed714 |
0:d616ece2d859
|
69
|
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
|
mbed714 |
0:d616ece2d859
|
70
|
|
mbed714 |
0:d616ece2d859
|
71
|
#include "ppp.h"
|
mbed714 |
0:d616ece2d859
|
72
|
#include "pppdebug.h"
|
mbed714 |
0:d616ece2d859
|
73
|
|
mbed714 |
0:d616ece2d859
|
74
|
#include "fsm.h"
|
mbed714 |
0:d616ece2d859
|
75
|
#include "lcp.h"
|
mbed714 |
0:d616ece2d859
|
76
|
#include "pap.h"
|
mbed714 |
0:d616ece2d859
|
77
|
#include "chap.h"
|
mbed714 |
0:d616ece2d859
|
78
|
#include "auth.h"
|
mbed714 |
0:d616ece2d859
|
79
|
#include "ipcp.h"
|
mbed714 |
0:d616ece2d859
|
80
|
|
mbed714 |
0:d616ece2d859
|
81
|
#if CBCP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
82
|
#include "cbcp.h"
|
mbed714 |
0:d616ece2d859
|
83
|
#endif /* CBCP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
84
|
|
mbed714 |
0:d616ece2d859
|
85
|
#include "lwip/inet.h"
|
mbed714 |
0:d616ece2d859
|
86
|
|
mbed714 |
0:d616ece2d859
|
87
|
#include <string.h>
|
mbed714 |
0:d616ece2d859
|
88
|
|
mbed714 |
0:d616ece2d859
|
89
|
#if 0 /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
90
|
/* Bits in scan_authfile return value */
|
mbed714 |
0:d616ece2d859
|
91
|
#define NONWILD_SERVER 1
|
mbed714 |
0:d616ece2d859
|
92
|
#define NONWILD_CLIENT 2
|
mbed714 |
0:d616ece2d859
|
93
|
|
mbed714 |
0:d616ece2d859
|
94
|
#define ISWILD(word) (word[0] == '*' && word[1] == 0)
|
mbed714 |
0:d616ece2d859
|
95
|
#endif /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
96
|
|
mbed714 |
0:d616ece2d859
|
97
|
#if PAP_SUPPORT || CHAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
98
|
/* The name by which the peer authenticated itself to us. */
|
mbed714 |
0:d616ece2d859
|
99
|
static char peer_authname[MAXNAMELEN];
|
mbed714 |
0:d616ece2d859
|
100
|
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
101
|
|
mbed714 |
0:d616ece2d859
|
102
|
/* Records which authentication operations haven't completed yet. */
|
mbed714 |
0:d616ece2d859
|
103
|
static int auth_pending[NUM_PPP];
|
mbed714 |
0:d616ece2d859
|
104
|
|
mbed714 |
0:d616ece2d859
|
105
|
/* Set if we have successfully called plogin() */
|
mbed714 |
0:d616ece2d859
|
106
|
static int logged_in;
|
mbed714 |
0:d616ece2d859
|
107
|
|
mbed714 |
0:d616ece2d859
|
108
|
/* Set if we have run the /etc/ppp/auth-up script. */
|
mbed714 |
0:d616ece2d859
|
109
|
static int did_authup; /* @todo, we don't need this in lwip*/
|
mbed714 |
0:d616ece2d859
|
110
|
|
mbed714 |
0:d616ece2d859
|
111
|
/* List of addresses which the peer may use. */
|
mbed714 |
0:d616ece2d859
|
112
|
static struct wordlist *addresses[NUM_PPP];
|
mbed714 |
0:d616ece2d859
|
113
|
|
mbed714 |
0:d616ece2d859
|
114
|
#if 0 /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
115
|
/* Wordlist giving addresses which the peer may use
|
mbed714 |
0:d616ece2d859
|
116
|
without authenticating itself. */
|
mbed714 |
0:d616ece2d859
|
117
|
static struct wordlist *noauth_addrs;
|
mbed714 |
0:d616ece2d859
|
118
|
|
mbed714 |
0:d616ece2d859
|
119
|
/* Extra options to apply, from the secrets file entry for the peer. */
|
mbed714 |
0:d616ece2d859
|
120
|
static struct wordlist *extra_options;
|
mbed714 |
0:d616ece2d859
|
121
|
#endif /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
122
|
|
mbed714 |
0:d616ece2d859
|
123
|
/* Number of network protocols which we have opened. */
|
mbed714 |
0:d616ece2d859
|
124
|
static int num_np_open;
|
mbed714 |
0:d616ece2d859
|
125
|
|
mbed714 |
0:d616ece2d859
|
126
|
/* Number of network protocols which have come up. */
|
mbed714 |
0:d616ece2d859
|
127
|
static int num_np_up;
|
mbed714 |
0:d616ece2d859
|
128
|
|
mbed714 |
0:d616ece2d859
|
129
|
#if PAP_SUPPORT || CHAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
130
|
/* Set if we got the contents of passwd[] from the pap-secrets file. */
|
mbed714 |
0:d616ece2d859
|
131
|
static int passwd_from_file;
|
mbed714 |
0:d616ece2d859
|
132
|
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
133
|
|
mbed714 |
0:d616ece2d859
|
134
|
#if 0 /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
135
|
/* Set if we require authentication only because we have a default route. */
|
mbed714 |
0:d616ece2d859
|
136
|
static bool default_auth;
|
mbed714 |
0:d616ece2d859
|
137
|
|
mbed714 |
0:d616ece2d859
|
138
|
/* Hook to enable a plugin to control the idle time limit */
|
mbed714 |
0:d616ece2d859
|
139
|
int (*idle_time_hook) __P((struct ppp_idle *)) = NULL;
|
mbed714 |
0:d616ece2d859
|
140
|
|
mbed714 |
0:d616ece2d859
|
141
|
/* Hook for a plugin to say whether we can possibly authenticate any peer */
|
mbed714 |
0:d616ece2d859
|
142
|
int (*pap_check_hook) __P((void)) = NULL;
|
mbed714 |
0:d616ece2d859
|
143
|
|
mbed714 |
0:d616ece2d859
|
144
|
/* Hook for a plugin to check the PAP user and password */
|
mbed714 |
0:d616ece2d859
|
145
|
int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp,
|
mbed714 |
0:d616ece2d859
|
146
|
struct wordlist **paddrs,
|
mbed714 |
0:d616ece2d859
|
147
|
struct wordlist **popts)) = NULL;
|
mbed714 |
0:d616ece2d859
|
148
|
|
mbed714 |
0:d616ece2d859
|
149
|
/* Hook for a plugin to know about the PAP user logout */
|
mbed714 |
0:d616ece2d859
|
150
|
void (*pap_logout_hook) __P((void)) = NULL;
|
mbed714 |
0:d616ece2d859
|
151
|
|
mbed714 |
0:d616ece2d859
|
152
|
/* Hook for a plugin to get the PAP password for authenticating us */
|
mbed714 |
0:d616ece2d859
|
153
|
int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL;
|
mbed714 |
0:d616ece2d859
|
154
|
|
mbed714 |
0:d616ece2d859
|
155
|
/*
|
mbed714 |
0:d616ece2d859
|
156
|
* This is used to ensure that we don't start an auth-up/down
|
mbed714 |
0:d616ece2d859
|
157
|
* script while one is already running.
|
mbed714 |
0:d616ece2d859
|
158
|
*/
|
mbed714 |
0:d616ece2d859
|
159
|
enum script_state {
|
mbed714 |
0:d616ece2d859
|
160
|
s_down,
|
mbed714 |
0:d616ece2d859
|
161
|
s_up
|
mbed714 |
0:d616ece2d859
|
162
|
};
|
mbed714 |
0:d616ece2d859
|
163
|
|
mbed714 |
0:d616ece2d859
|
164
|
static enum script_state auth_state = s_down;
|
mbed714 |
0:d616ece2d859
|
165
|
static enum script_state auth_script_state = s_down;
|
mbed714 |
0:d616ece2d859
|
166
|
static pid_t auth_script_pid = 0;
|
mbed714 |
0:d616ece2d859
|
167
|
|
mbed714 |
0:d616ece2d859
|
168
|
/*
|
mbed714 |
0:d616ece2d859
|
169
|
* Option variables.
|
mbed714 |
0:d616ece2d859
|
170
|
* lwip: some of these are present in the ppp_settings structure
|
mbed714 |
0:d616ece2d859
|
171
|
*/
|
mbed714 |
0:d616ece2d859
|
172
|
bool uselogin = 0; /* Use /etc/passwd for checking PAP */
|
mbed714 |
0:d616ece2d859
|
173
|
bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */
|
mbed714 |
0:d616ece2d859
|
174
|
bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */
|
mbed714 |
0:d616ece2d859
|
175
|
bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */
|
mbed714 |
0:d616ece2d859
|
176
|
bool usehostname = 0; /* Use hostname for our_name */
|
mbed714 |
0:d616ece2d859
|
177
|
bool auth_required = 0; /* Always require authentication from peer */
|
mbed714 |
0:d616ece2d859
|
178
|
bool allow_any_ip = 0; /* Allow peer to use any IP address */
|
mbed714 |
0:d616ece2d859
|
179
|
bool explicit_remote = 0; /* User specified explicit remote name */
|
mbed714 |
0:d616ece2d859
|
180
|
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
|
mbed714 |
0:d616ece2d859
|
181
|
|
mbed714 |
0:d616ece2d859
|
182
|
#endif /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
183
|
|
mbed714 |
0:d616ece2d859
|
184
|
/* Bits in auth_pending[] */
|
mbed714 |
0:d616ece2d859
|
185
|
#define PAP_WITHPEER 1
|
mbed714 |
0:d616ece2d859
|
186
|
#define PAP_PEER 2
|
mbed714 |
0:d616ece2d859
|
187
|
#define CHAP_WITHPEER 4
|
mbed714 |
0:d616ece2d859
|
188
|
#define CHAP_PEER 8
|
mbed714 |
0:d616ece2d859
|
189
|
|
mbed714 |
0:d616ece2d859
|
190
|
/* @todo, move this somewhere */
|
mbed714 |
0:d616ece2d859
|
191
|
/* Used for storing a sequence of words. Usually malloced. */
|
mbed714 |
0:d616ece2d859
|
192
|
struct wordlist {
|
mbed714 |
0:d616ece2d859
|
193
|
struct wordlist *next;
|
mbed714 |
0:d616ece2d859
|
194
|
char word[1];
|
mbed714 |
0:d616ece2d859
|
195
|
};
|
mbed714 |
0:d616ece2d859
|
196
|
|
mbed714 |
0:d616ece2d859
|
197
|
|
mbed714 |
0:d616ece2d859
|
198
|
extern char *crypt (const char *, const char *);
|
mbed714 |
0:d616ece2d859
|
199
|
|
mbed714 |
0:d616ece2d859
|
200
|
/* Prototypes for procedures local to this file. */
|
mbed714 |
0:d616ece2d859
|
201
|
|
mbed714 |
0:d616ece2d859
|
202
|
static void network_phase (int);
|
mbed714 |
0:d616ece2d859
|
203
|
static void check_idle (void *);
|
mbed714 |
0:d616ece2d859
|
204
|
static void connect_time_expired (void *);
|
mbed714 |
0:d616ece2d859
|
205
|
#if 0
|
mbed714 |
0:d616ece2d859
|
206
|
static int plogin (char *, char *, char **, int *);
|
mbed714 |
0:d616ece2d859
|
207
|
#endif
|
mbed714 |
0:d616ece2d859
|
208
|
static void plogout (void);
|
mbed714 |
0:d616ece2d859
|
209
|
static int null_login (int);
|
mbed714 |
0:d616ece2d859
|
210
|
static int get_pap_passwd (int, char *, char *);
|
mbed714 |
0:d616ece2d859
|
211
|
static int have_pap_secret (void);
|
mbed714 |
0:d616ece2d859
|
212
|
static int have_chap_secret (char *, char *, u32_t);
|
mbed714 |
0:d616ece2d859
|
213
|
static int ip_addr_check (u32_t, struct wordlist *);
|
mbed714 |
0:d616ece2d859
|
214
|
|
mbed714 |
0:d616ece2d859
|
215
|
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
216
|
static int scan_authfile (FILE *, char *, char *, char *,
|
mbed714 |
0:d616ece2d859
|
217
|
struct wordlist **, struct wordlist **,
|
mbed714 |
0:d616ece2d859
|
218
|
char *);
|
mbed714 |
0:d616ece2d859
|
219
|
static void free_wordlist (struct wordlist *);
|
mbed714 |
0:d616ece2d859
|
220
|
static void auth_script (char *);
|
mbed714 |
0:d616ece2d859
|
221
|
static void auth_script_done (void *);
|
mbed714 |
0:d616ece2d859
|
222
|
static void set_allowed_addrs (int unit, struct wordlist *addrs);
|
mbed714 |
0:d616ece2d859
|
223
|
static int some_ip_ok (struct wordlist *);
|
mbed714 |
0:d616ece2d859
|
224
|
static int setupapfile (char **);
|
mbed714 |
0:d616ece2d859
|
225
|
static int privgroup (char **);
|
mbed714 |
0:d616ece2d859
|
226
|
static int set_noauth_addr (char **);
|
mbed714 |
0:d616ece2d859
|
227
|
static void check_access (FILE *, char *);
|
mbed714 |
0:d616ece2d859
|
228
|
#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
229
|
|
mbed714 |
0:d616ece2d859
|
230
|
#if 0 /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
231
|
/*
|
mbed714 |
0:d616ece2d859
|
232
|
* Authentication-related options.
|
mbed714 |
0:d616ece2d859
|
233
|
*/
|
mbed714 |
0:d616ece2d859
|
234
|
option_t auth_options[] = {
|
mbed714 |
0:d616ece2d859
|
235
|
{ "require-pap", o_bool, &lcp_wantoptions[0].neg_upap,
|
mbed714 |
0:d616ece2d859
|
236
|
"Require PAP authentication from peer", 1, &auth_required },
|
mbed714 |
0:d616ece2d859
|
237
|
{ "+pap", o_bool, &lcp_wantoptions[0].neg_upap,
|
mbed714 |
0:d616ece2d859
|
238
|
"Require PAP authentication from peer", 1, &auth_required },
|
mbed714 |
0:d616ece2d859
|
239
|
{ "refuse-pap", o_bool, &refuse_pap,
|
mbed714 |
0:d616ece2d859
|
240
|
"Don't agree to auth to peer with PAP", 1 },
|
mbed714 |
0:d616ece2d859
|
241
|
{ "-pap", o_bool, &refuse_pap,
|
mbed714 |
0:d616ece2d859
|
242
|
"Don't allow PAP authentication with peer", 1 },
|
mbed714 |
0:d616ece2d859
|
243
|
{ "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
|
mbed714 |
0:d616ece2d859
|
244
|
"Require CHAP authentication from peer", 1, &auth_required },
|
mbed714 |
0:d616ece2d859
|
245
|
{ "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
|
mbed714 |
0:d616ece2d859
|
246
|
"Require CHAP authentication from peer", 1, &auth_required },
|
mbed714 |
0:d616ece2d859
|
247
|
{ "refuse-chap", o_bool, &refuse_chap,
|
mbed714 |
0:d616ece2d859
|
248
|
"Don't agree to auth to peer with CHAP", 1 },
|
mbed714 |
0:d616ece2d859
|
249
|
{ "-chap", o_bool, &refuse_chap,
|
mbed714 |
0:d616ece2d859
|
250
|
"Don't allow CHAP authentication with peer", 1 },
|
mbed714 |
0:d616ece2d859
|
251
|
{ "name", o_string, our_name,
|
mbed714 |
0:d616ece2d859
|
252
|
"Set local name for authentication",
|
mbed714 |
0:d616ece2d859
|
253
|
OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN },
|
mbed714 |
0:d616ece2d859
|
254
|
{ "user", o_string, user,
|
mbed714 |
0:d616ece2d859
|
255
|
"Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN },
|
mbed714 |
0:d616ece2d859
|
256
|
{ "usehostname", o_bool, &usehostname,
|
mbed714 |
0:d616ece2d859
|
257
|
"Must use hostname for authentication", 1 },
|
mbed714 |
0:d616ece2d859
|
258
|
{ "remotename", o_string, remote_name,
|
mbed714 |
0:d616ece2d859
|
259
|
"Set remote name for authentication", OPT_STATIC,
|
mbed714 |
0:d616ece2d859
|
260
|
&explicit_remote, MAXNAMELEN },
|
mbed714 |
0:d616ece2d859
|
261
|
{ "auth", o_bool, &auth_required,
|
mbed714 |
0:d616ece2d859
|
262
|
"Require authentication from peer", 1 },
|
mbed714 |
0:d616ece2d859
|
263
|
{ "noauth", o_bool, &auth_required,
|
mbed714 |
0:d616ece2d859
|
264
|
"Don't require peer to authenticate", OPT_PRIV, &allow_any_ip },
|
mbed714 |
0:d616ece2d859
|
265
|
{ "login", o_bool, &uselogin,
|
mbed714 |
0:d616ece2d859
|
266
|
"Use system password database for PAP", 1 },
|
mbed714 |
0:d616ece2d859
|
267
|
{ "papcrypt", o_bool, &cryptpap,
|
mbed714 |
0:d616ece2d859
|
268
|
"PAP passwords are encrypted", 1 },
|
mbed714 |
0:d616ece2d859
|
269
|
{ "+ua", o_special, (void *)setupapfile,
|
mbed714 |
0:d616ece2d859
|
270
|
"Get PAP user and password from file" },
|
mbed714 |
0:d616ece2d859
|
271
|
{ "password", o_string, passwd,
|
mbed714 |
0:d616ece2d859
|
272
|
"Password for authenticating us to the peer", OPT_STATIC,
|
mbed714 |
0:d616ece2d859
|
273
|
NULL, MAXSECRETLEN },
|
mbed714 |
0:d616ece2d859
|
274
|
{ "privgroup", o_special, (void *)privgroup,
|
mbed714 |
0:d616ece2d859
|
275
|
"Allow group members to use privileged options", OPT_PRIV },
|
mbed714 |
0:d616ece2d859
|
276
|
{ "allow-ip", o_special, (void *)set_noauth_addr,
|
mbed714 |
0:d616ece2d859
|
277
|
"Set IP address(es) which can be used without authentication",
|
mbed714 |
0:d616ece2d859
|
278
|
OPT_PRIV },
|
mbed714 |
0:d616ece2d859
|
279
|
{ NULL }
|
mbed714 |
0:d616ece2d859
|
280
|
};
|
mbed714 |
0:d616ece2d859
|
281
|
#endif /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
282
|
#if 0 /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
283
|
/*
|
mbed714 |
0:d616ece2d859
|
284
|
* setupapfile - specifies UPAP info for authenticating with peer.
|
mbed714 |
0:d616ece2d859
|
285
|
*/
|
mbed714 |
0:d616ece2d859
|
286
|
static int
|
mbed714 |
0:d616ece2d859
|
287
|
setupapfile(char **argv)
|
mbed714 |
0:d616ece2d859
|
288
|
{
|
mbed714 |
0:d616ece2d859
|
289
|
FILE * ufile;
|
mbed714 |
0:d616ece2d859
|
290
|
int l;
|
mbed714 |
0:d616ece2d859
|
291
|
|
mbed714 |
0:d616ece2d859
|
292
|
lcp_allowoptions[0].neg_upap = 1;
|
mbed714 |
0:d616ece2d859
|
293
|
|
mbed714 |
0:d616ece2d859
|
294
|
/* open user info file */
|
mbed714 |
0:d616ece2d859
|
295
|
seteuid(getuid());
|
mbed714 |
0:d616ece2d859
|
296
|
ufile = fopen(*argv, "r");
|
mbed714 |
0:d616ece2d859
|
297
|
seteuid(0);
|
mbed714 |
0:d616ece2d859
|
298
|
if (ufile == NULL) {
|
mbed714 |
0:d616ece2d859
|
299
|
option_error("unable to open user login data file %s", *argv);
|
mbed714 |
0:d616ece2d859
|
300
|
return 0;
|
mbed714 |
0:d616ece2d859
|
301
|
}
|
mbed714 |
0:d616ece2d859
|
302
|
check_access(ufile, *argv);
|
mbed714 |
0:d616ece2d859
|
303
|
|
mbed714 |
0:d616ece2d859
|
304
|
/* get username */
|
mbed714 |
0:d616ece2d859
|
305
|
if (fgets(user, MAXNAMELEN - 1, ufile) == NULL
|
mbed714 |
0:d616ece2d859
|
306
|
|| fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){
|
mbed714 |
0:d616ece2d859
|
307
|
option_error("unable to read user login data file %s", *argv);
|
mbed714 |
0:d616ece2d859
|
308
|
return 0;
|
mbed714 |
0:d616ece2d859
|
309
|
}
|
mbed714 |
0:d616ece2d859
|
310
|
fclose(ufile);
|
mbed714 |
0:d616ece2d859
|
311
|
|
mbed714 |
0:d616ece2d859
|
312
|
/* get rid of newlines */
|
mbed714 |
0:d616ece2d859
|
313
|
l = strlen(user);
|
mbed714 |
0:d616ece2d859
|
314
|
if (l > 0 && user[l-1] == '\n')
|
mbed714 |
0:d616ece2d859
|
315
|
user[l-1] = 0;
|
mbed714 |
0:d616ece2d859
|
316
|
l = strlen(passwd);
|
mbed714 |
0:d616ece2d859
|
317
|
if (l > 0 && passwd[l-1] == '\n')
|
mbed714 |
0:d616ece2d859
|
318
|
passwd[l-1] = 0;
|
mbed714 |
0:d616ece2d859
|
319
|
|
mbed714 |
0:d616ece2d859
|
320
|
return (1);
|
mbed714 |
0:d616ece2d859
|
321
|
}
|
mbed714 |
0:d616ece2d859
|
322
|
#endif /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
323
|
|
mbed714 |
0:d616ece2d859
|
324
|
#if 0 /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
325
|
/*
|
mbed714 |
0:d616ece2d859
|
326
|
* privgroup - allow members of the group to have privileged access.
|
mbed714 |
0:d616ece2d859
|
327
|
*/
|
mbed714 |
0:d616ece2d859
|
328
|
static int
|
mbed714 |
0:d616ece2d859
|
329
|
privgroup(char **argv)
|
mbed714 |
0:d616ece2d859
|
330
|
{
|
mbed714 |
0:d616ece2d859
|
331
|
struct group *g;
|
mbed714 |
0:d616ece2d859
|
332
|
int i;
|
mbed714 |
0:d616ece2d859
|
333
|
|
mbed714 |
0:d616ece2d859
|
334
|
g = getgrnam(*argv);
|
mbed714 |
0:d616ece2d859
|
335
|
if (g == 0) {
|
mbed714 |
0:d616ece2d859
|
336
|
option_error("group %s is unknown", *argv);
|
mbed714 |
0:d616ece2d859
|
337
|
return 0;
|
mbed714 |
0:d616ece2d859
|
338
|
}
|
mbed714 |
0:d616ece2d859
|
339
|
for (i = 0; i < ngroups; ++i) {
|
mbed714 |
0:d616ece2d859
|
340
|
if (groups[i] == g->gr_gid) {
|
mbed714 |
0:d616ece2d859
|
341
|
privileged = 1;
|
mbed714 |
0:d616ece2d859
|
342
|
break;
|
mbed714 |
0:d616ece2d859
|
343
|
}
|
mbed714 |
0:d616ece2d859
|
344
|
}
|
mbed714 |
0:d616ece2d859
|
345
|
return 1;
|
mbed714 |
0:d616ece2d859
|
346
|
}
|
mbed714 |
0:d616ece2d859
|
347
|
#endif
|
mbed714 |
0:d616ece2d859
|
348
|
|
mbed714 |
0:d616ece2d859
|
349
|
#if 0 /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
350
|
/*
|
mbed714 |
0:d616ece2d859
|
351
|
* set_noauth_addr - set address(es) that can be used without authentication.
|
mbed714 |
0:d616ece2d859
|
352
|
* Equivalent to specifying an entry like `"" * "" addr' in pap-secrets.
|
mbed714 |
0:d616ece2d859
|
353
|
*/
|
mbed714 |
0:d616ece2d859
|
354
|
static int
|
mbed714 |
0:d616ece2d859
|
355
|
set_noauth_addr(char **argv)
|
mbed714 |
0:d616ece2d859
|
356
|
{
|
mbed714 |
0:d616ece2d859
|
357
|
char *addr = *argv;
|
mbed714 |
0:d616ece2d859
|
358
|
int l = strlen(addr);
|
mbed714 |
0:d616ece2d859
|
359
|
struct wordlist *wp;
|
mbed714 |
0:d616ece2d859
|
360
|
|
mbed714 |
0:d616ece2d859
|
361
|
wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l + 1);
|
mbed714 |
0:d616ece2d859
|
362
|
if (wp == NULL)
|
mbed714 |
0:d616ece2d859
|
363
|
novm("allow-ip argument");
|
mbed714 |
0:d616ece2d859
|
364
|
wp->word = (char *) (wp + 1);
|
mbed714 |
0:d616ece2d859
|
365
|
wp->next = noauth_addrs;
|
mbed714 |
0:d616ece2d859
|
366
|
BCOPY(addr, wp->word, l);
|
mbed714 |
0:d616ece2d859
|
367
|
noauth_addrs = wp;
|
mbed714 |
0:d616ece2d859
|
368
|
return 1;
|
mbed714 |
0:d616ece2d859
|
369
|
}
|
mbed714 |
0:d616ece2d859
|
370
|
#endif /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
371
|
|
mbed714 |
0:d616ece2d859
|
372
|
/*
|
mbed714 |
0:d616ece2d859
|
373
|
* An Open on LCP has requested a change from Dead to Establish phase.
|
mbed714 |
0:d616ece2d859
|
374
|
* Do what's necessary to bring the physical layer up.
|
mbed714 |
0:d616ece2d859
|
375
|
*/
|
mbed714 |
0:d616ece2d859
|
376
|
void
|
mbed714 |
0:d616ece2d859
|
377
|
link_required(int unit)
|
mbed714 |
0:d616ece2d859
|
378
|
{
|
mbed714 |
0:d616ece2d859
|
379
|
LWIP_UNUSED_ARG(unit);
|
mbed714 |
0:d616ece2d859
|
380
|
|
mbed714 |
0:d616ece2d859
|
381
|
AUTHDEBUG(LOG_INFO, ("link_required: %d\n", unit));
|
mbed714 |
0:d616ece2d859
|
382
|
}
|
mbed714 |
0:d616ece2d859
|
383
|
|
mbed714 |
0:d616ece2d859
|
384
|
/*
|
mbed714 |
0:d616ece2d859
|
385
|
* LCP has terminated the link; go to the Dead phase and take the
|
mbed714 |
0:d616ece2d859
|
386
|
* physical layer down.
|
mbed714 |
0:d616ece2d859
|
387
|
*/
|
mbed714 |
0:d616ece2d859
|
388
|
void
|
mbed714 |
0:d616ece2d859
|
389
|
link_terminated(int unit)
|
mbed714 |
0:d616ece2d859
|
390
|
{
|
mbed714 |
0:d616ece2d859
|
391
|
AUTHDEBUG(LOG_INFO, ("link_terminated: %d\n", unit));
|
mbed714 |
0:d616ece2d859
|
392
|
if (lcp_phase[unit] == PHASE_DEAD) {
|
mbed714 |
0:d616ece2d859
|
393
|
return;
|
mbed714 |
0:d616ece2d859
|
394
|
}
|
mbed714 |
0:d616ece2d859
|
395
|
if (logged_in) {
|
mbed714 |
0:d616ece2d859
|
396
|
plogout();
|
mbed714 |
0:d616ece2d859
|
397
|
}
|
mbed714 |
0:d616ece2d859
|
398
|
lcp_phase[unit] = PHASE_DEAD;
|
mbed714 |
0:d616ece2d859
|
399
|
AUTHDEBUG(LOG_NOTICE, ("Connection terminated.\n"));
|
mbed714 |
0:d616ece2d859
|
400
|
pppLinkTerminated(unit);
|
mbed714 |
0:d616ece2d859
|
401
|
}
|
mbed714 |
0:d616ece2d859
|
402
|
|
mbed714 |
0:d616ece2d859
|
403
|
/*
|
mbed714 |
0:d616ece2d859
|
404
|
* LCP has gone down; it will either die or try to re-establish.
|
mbed714 |
0:d616ece2d859
|
405
|
*/
|
mbed714 |
0:d616ece2d859
|
406
|
void
|
mbed714 |
0:d616ece2d859
|
407
|
link_down(int unit)
|
mbed714 |
0:d616ece2d859
|
408
|
{
|
mbed714 |
0:d616ece2d859
|
409
|
int i;
|
mbed714 |
0:d616ece2d859
|
410
|
struct protent *protp;
|
mbed714 |
0:d616ece2d859
|
411
|
|
mbed714 |
0:d616ece2d859
|
412
|
AUTHDEBUG(LOG_INFO, ("link_down: %d\n", unit));
|
mbed714 |
0:d616ece2d859
|
413
|
|
mbed714 |
0:d616ece2d859
|
414
|
if (did_authup) {
|
mbed714 |
0:d616ece2d859
|
415
|
/* XXX Do link down processing. */
|
mbed714 |
0:d616ece2d859
|
416
|
did_authup = 0;
|
mbed714 |
0:d616ece2d859
|
417
|
}
|
mbed714 |
0:d616ece2d859
|
418
|
for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
|
mbed714 |
0:d616ece2d859
|
419
|
if (!protp->enabled_flag) {
|
mbed714 |
0:d616ece2d859
|
420
|
continue;
|
mbed714 |
0:d616ece2d859
|
421
|
}
|
mbed714 |
0:d616ece2d859
|
422
|
if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) {
|
mbed714 |
0:d616ece2d859
|
423
|
(*protp->lowerdown)(unit);
|
mbed714 |
0:d616ece2d859
|
424
|
}
|
mbed714 |
0:d616ece2d859
|
425
|
if (protp->protocol < 0xC000 && protp->close != NULL) {
|
mbed714 |
0:d616ece2d859
|
426
|
(*protp->close)(unit, "LCP down");
|
mbed714 |
0:d616ece2d859
|
427
|
}
|
mbed714 |
0:d616ece2d859
|
428
|
}
|
mbed714 |
0:d616ece2d859
|
429
|
num_np_open = 0; /* number of network protocols we have opened */
|
mbed714 |
0:d616ece2d859
|
430
|
num_np_up = 0; /* Number of network protocols which have come up */
|
mbed714 |
0:d616ece2d859
|
431
|
|
mbed714 |
0:d616ece2d859
|
432
|
if (lcp_phase[unit] != PHASE_DEAD) {
|
mbed714 |
0:d616ece2d859
|
433
|
lcp_phase[unit] = PHASE_TERMINATE;
|
mbed714 |
0:d616ece2d859
|
434
|
}
|
mbed714 |
0:d616ece2d859
|
435
|
pppLinkDown(unit);
|
mbed714 |
0:d616ece2d859
|
436
|
}
|
mbed714 |
0:d616ece2d859
|
437
|
|
mbed714 |
0:d616ece2d859
|
438
|
/*
|
mbed714 |
0:d616ece2d859
|
439
|
* The link is established.
|
mbed714 |
0:d616ece2d859
|
440
|
* Proceed to the Dead, Authenticate or Network phase as appropriate.
|
mbed714 |
0:d616ece2d859
|
441
|
*/
|
mbed714 |
0:d616ece2d859
|
442
|
void
|
mbed714 |
0:d616ece2d859
|
443
|
link_established(int unit)
|
mbed714 |
0:d616ece2d859
|
444
|
{
|
mbed714 |
0:d616ece2d859
|
445
|
int auth;
|
mbed714 |
0:d616ece2d859
|
446
|
int i;
|
mbed714 |
0:d616ece2d859
|
447
|
struct protent *protp;
|
mbed714 |
0:d616ece2d859
|
448
|
lcp_options *wo = &lcp_wantoptions[unit];
|
mbed714 |
0:d616ece2d859
|
449
|
lcp_options *go = &lcp_gotoptions[unit];
|
mbed714 |
0:d616ece2d859
|
450
|
#if PAP_SUPPORT || CHAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
451
|
lcp_options *ho = &lcp_hisoptions[unit];
|
mbed714 |
0:d616ece2d859
|
452
|
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
453
|
|
mbed714 |
0:d616ece2d859
|
454
|
AUTHDEBUG(LOG_INFO, ("link_established: unit %d; Lowering up all protocols...\n", unit));
|
mbed714 |
0:d616ece2d859
|
455
|
/*
|
mbed714 |
0:d616ece2d859
|
456
|
* Tell higher-level protocols that LCP is up.
|
mbed714 |
0:d616ece2d859
|
457
|
*/
|
mbed714 |
0:d616ece2d859
|
458
|
for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
|
mbed714 |
0:d616ece2d859
|
459
|
if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL) {
|
mbed714 |
0:d616ece2d859
|
460
|
(*protp->lowerup)(unit);
|
mbed714 |
0:d616ece2d859
|
461
|
}
|
mbed714 |
0:d616ece2d859
|
462
|
}
|
mbed714 |
0:d616ece2d859
|
463
|
if (ppp_settings.auth_required && !(go->neg_chap || go->neg_upap)) {
|
mbed714 |
0:d616ece2d859
|
464
|
/*
|
mbed714 |
0:d616ece2d859
|
465
|
* We wanted the peer to authenticate itself, and it refused:
|
mbed714 |
0:d616ece2d859
|
466
|
* treat it as though it authenticated with PAP using a username
|
mbed714 |
0:d616ece2d859
|
467
|
* of "" and a password of "". If that's not OK, boot it out.
|
mbed714 |
0:d616ece2d859
|
468
|
*/
|
mbed714 |
0:d616ece2d859
|
469
|
if (!wo->neg_upap || !null_login(unit)) {
|
mbed714 |
0:d616ece2d859
|
470
|
AUTHDEBUG(LOG_WARNING, ("peer refused to authenticate\n"));
|
mbed714 |
0:d616ece2d859
|
471
|
lcp_close(unit, "peer refused to authenticate");
|
mbed714 |
0:d616ece2d859
|
472
|
return;
|
mbed714 |
0:d616ece2d859
|
473
|
}
|
mbed714 |
0:d616ece2d859
|
474
|
}
|
mbed714 |
0:d616ece2d859
|
475
|
|
mbed714 |
0:d616ece2d859
|
476
|
lcp_phase[unit] = PHASE_AUTHENTICATE;
|
mbed714 |
0:d616ece2d859
|
477
|
auth = 0;
|
mbed714 |
0:d616ece2d859
|
478
|
#if CHAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
479
|
if (go->neg_chap) {
|
mbed714 |
0:d616ece2d859
|
480
|
ChapAuthPeer(unit, ppp_settings.our_name, go->chap_mdtype);
|
mbed714 |
0:d616ece2d859
|
481
|
auth |= CHAP_PEER;
|
mbed714 |
0:d616ece2d859
|
482
|
}
|
mbed714 |
0:d616ece2d859
|
483
|
#endif /* CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
484
|
#if PAP_SUPPORT && CHAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
485
|
else
|
mbed714 |
0:d616ece2d859
|
486
|
#endif /* PAP_SUPPORT && CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
487
|
#if PAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
488
|
if (go->neg_upap) {
|
mbed714 |
0:d616ece2d859
|
489
|
upap_authpeer(unit);
|
mbed714 |
0:d616ece2d859
|
490
|
auth |= PAP_PEER;
|
mbed714 |
0:d616ece2d859
|
491
|
}
|
mbed714 |
0:d616ece2d859
|
492
|
#endif /* PAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
493
|
#if CHAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
494
|
if (ho->neg_chap) {
|
mbed714 |
0:d616ece2d859
|
495
|
ChapAuthWithPeer(unit, ppp_settings.user, ho->chap_mdtype);
|
mbed714 |
0:d616ece2d859
|
496
|
auth |= CHAP_WITHPEER;
|
mbed714 |
0:d616ece2d859
|
497
|
}
|
mbed714 |
0:d616ece2d859
|
498
|
#endif /* CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
499
|
#if PAP_SUPPORT && CHAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
500
|
else
|
mbed714 |
0:d616ece2d859
|
501
|
#endif /* PAP_SUPPORT && CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
502
|
#if PAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
503
|
if (ho->neg_upap) {
|
mbed714 |
0:d616ece2d859
|
504
|
if (ppp_settings.passwd[0] == 0) {
|
mbed714 |
0:d616ece2d859
|
505
|
passwd_from_file = 1;
|
mbed714 |
0:d616ece2d859
|
506
|
if (!get_pap_passwd(unit, ppp_settings.user, ppp_settings.passwd)) {
|
mbed714 |
0:d616ece2d859
|
507
|
AUTHDEBUG(LOG_ERR, ("No secret found for PAP login\n"));
|
mbed714 |
0:d616ece2d859
|
508
|
}
|
mbed714 |
0:d616ece2d859
|
509
|
}
|
mbed714 |
0:d616ece2d859
|
510
|
upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd);
|
mbed714 |
0:d616ece2d859
|
511
|
auth |= PAP_WITHPEER;
|
mbed714 |
0:d616ece2d859
|
512
|
}
|
mbed714 |
0:d616ece2d859
|
513
|
#endif /* PAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
514
|
auth_pending[unit] = auth;
|
mbed714 |
0:d616ece2d859
|
515
|
|
mbed714 |
0:d616ece2d859
|
516
|
if (!auth) {
|
mbed714 |
0:d616ece2d859
|
517
|
network_phase(unit);
|
mbed714 |
0:d616ece2d859
|
518
|
}
|
mbed714 |
0:d616ece2d859
|
519
|
}
|
mbed714 |
0:d616ece2d859
|
520
|
|
mbed714 |
0:d616ece2d859
|
521
|
/*
|
mbed714 |
0:d616ece2d859
|
522
|
* Proceed to the network phase.
|
mbed714 |
0:d616ece2d859
|
523
|
*/
|
mbed714 |
0:d616ece2d859
|
524
|
static void
|
mbed714 |
0:d616ece2d859
|
525
|
network_phase(int unit)
|
mbed714 |
0:d616ece2d859
|
526
|
{
|
mbed714 |
0:d616ece2d859
|
527
|
int i;
|
mbed714 |
0:d616ece2d859
|
528
|
struct protent *protp;
|
mbed714 |
0:d616ece2d859
|
529
|
lcp_options *go = &lcp_gotoptions[unit];
|
mbed714 |
0:d616ece2d859
|
530
|
|
mbed714 |
0:d616ece2d859
|
531
|
/*
|
mbed714 |
0:d616ece2d859
|
532
|
* If the peer had to authenticate, run the auth-up script now.
|
mbed714 |
0:d616ece2d859
|
533
|
*/
|
mbed714 |
0:d616ece2d859
|
534
|
if ((go->neg_chap || go->neg_upap) && !did_authup) {
|
mbed714 |
0:d616ece2d859
|
535
|
/* XXX Do setup for peer authentication. */
|
mbed714 |
0:d616ece2d859
|
536
|
did_authup = 1;
|
mbed714 |
0:d616ece2d859
|
537
|
}
|
mbed714 |
0:d616ece2d859
|
538
|
|
mbed714 |
0:d616ece2d859
|
539
|
#if CBCP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
540
|
/*
|
mbed714 |
0:d616ece2d859
|
541
|
* If we negotiated callback, do it now.
|
mbed714 |
0:d616ece2d859
|
542
|
*/
|
mbed714 |
0:d616ece2d859
|
543
|
if (go->neg_cbcp) {
|
mbed714 |
0:d616ece2d859
|
544
|
lcp_phase[unit] = PHASE_CALLBACK;
|
mbed714 |
0:d616ece2d859
|
545
|
(*cbcp_protent.open)(unit);
|
mbed714 |
0:d616ece2d859
|
546
|
return;
|
mbed714 |
0:d616ece2d859
|
547
|
}
|
mbed714 |
0:d616ece2d859
|
548
|
#endif /* CBCP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
549
|
|
mbed714 |
0:d616ece2d859
|
550
|
lcp_phase[unit] = PHASE_NETWORK;
|
mbed714 |
0:d616ece2d859
|
551
|
for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
|
mbed714 |
0:d616ece2d859
|
552
|
if (protp->protocol < 0xC000 && protp->enabled_flag && protp->open != NULL) {
|
mbed714 |
0:d616ece2d859
|
553
|
(*protp->open)(unit);
|
mbed714 |
0:d616ece2d859
|
554
|
if (protp->protocol != PPP_CCP) {
|
mbed714 |
0:d616ece2d859
|
555
|
++num_np_open;
|
mbed714 |
0:d616ece2d859
|
556
|
}
|
mbed714 |
0:d616ece2d859
|
557
|
}
|
mbed714 |
0:d616ece2d859
|
558
|
}
|
mbed714 |
0:d616ece2d859
|
559
|
|
mbed714 |
0:d616ece2d859
|
560
|
if (num_np_open == 0) {
|
mbed714 |
0:d616ece2d859
|
561
|
/* nothing to do */
|
mbed714 |
0:d616ece2d859
|
562
|
lcp_close(0, "No network protocols running");
|
mbed714 |
0:d616ece2d859
|
563
|
}
|
mbed714 |
0:d616ece2d859
|
564
|
}
|
mbed714 |
0:d616ece2d859
|
565
|
/* @todo: add void start_networks(void) here (pppd 2.3.11) */
|
mbed714 |
0:d616ece2d859
|
566
|
|
mbed714 |
0:d616ece2d859
|
567
|
/*
|
mbed714 |
0:d616ece2d859
|
568
|
* The peer has failed to authenticate himself using `protocol'.
|
mbed714 |
0:d616ece2d859
|
569
|
*/
|
mbed714 |
0:d616ece2d859
|
570
|
void
|
mbed714 |
0:d616ece2d859
|
571
|
auth_peer_fail(int unit, u16_t protocol)
|
mbed714 |
0:d616ece2d859
|
572
|
{
|
mbed714 |
0:d616ece2d859
|
573
|
LWIP_UNUSED_ARG(protocol);
|
mbed714 |
0:d616ece2d859
|
574
|
|
mbed714 |
0:d616ece2d859
|
575
|
AUTHDEBUG(LOG_INFO, ("auth_peer_fail: %d proto=%X\n", unit, protocol));
|
mbed714 |
0:d616ece2d859
|
576
|
/*
|
mbed714 |
0:d616ece2d859
|
577
|
* Authentication failure: take the link down
|
mbed714 |
0:d616ece2d859
|
578
|
*/
|
mbed714 |
0:d616ece2d859
|
579
|
lcp_close(unit, "Authentication failed");
|
mbed714 |
0:d616ece2d859
|
580
|
}
|
mbed714 |
0:d616ece2d859
|
581
|
|
mbed714 |
0:d616ece2d859
|
582
|
|
mbed714 |
0:d616ece2d859
|
583
|
#if PAP_SUPPORT || CHAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
584
|
/*
|
mbed714 |
0:d616ece2d859
|
585
|
* The peer has been successfully authenticated using `protocol'.
|
mbed714 |
0:d616ece2d859
|
586
|
*/
|
mbed714 |
0:d616ece2d859
|
587
|
void
|
mbed714 |
0:d616ece2d859
|
588
|
auth_peer_success(int unit, u16_t protocol, char *name, int namelen)
|
mbed714 |
0:d616ece2d859
|
589
|
{
|
mbed714 |
0:d616ece2d859
|
590
|
int pbit;
|
mbed714 |
0:d616ece2d859
|
591
|
|
mbed714 |
0:d616ece2d859
|
592
|
AUTHDEBUG(LOG_INFO, ("auth_peer_success: %d proto=%X\n", unit, protocol));
|
mbed714 |
0:d616ece2d859
|
593
|
switch (protocol) {
|
mbed714 |
0:d616ece2d859
|
594
|
case PPP_CHAP:
|
mbed714 |
0:d616ece2d859
|
595
|
pbit = CHAP_PEER;
|
mbed714 |
0:d616ece2d859
|
596
|
break;
|
mbed714 |
0:d616ece2d859
|
597
|
case PPP_PAP:
|
mbed714 |
0:d616ece2d859
|
598
|
pbit = PAP_PEER;
|
mbed714 |
0:d616ece2d859
|
599
|
break;
|
mbed714 |
0:d616ece2d859
|
600
|
default:
|
mbed714 |
0:d616ece2d859
|
601
|
AUTHDEBUG(LOG_WARNING, ("auth_peer_success: unknown protocol %x\n", protocol));
|
mbed714 |
0:d616ece2d859
|
602
|
return;
|
mbed714 |
0:d616ece2d859
|
603
|
}
|
mbed714 |
0:d616ece2d859
|
604
|
|
mbed714 |
0:d616ece2d859
|
605
|
/*
|
mbed714 |
0:d616ece2d859
|
606
|
* Save the authenticated name of the peer for later.
|
mbed714 |
0:d616ece2d859
|
607
|
*/
|
mbed714 |
0:d616ece2d859
|
608
|
if (namelen > (int)sizeof(peer_authname) - 1) {
|
mbed714 |
0:d616ece2d859
|
609
|
namelen = sizeof(peer_authname) - 1;
|
mbed714 |
0:d616ece2d859
|
610
|
}
|
mbed714 |
0:d616ece2d859
|
611
|
BCOPY(name, peer_authname, namelen);
|
mbed714 |
0:d616ece2d859
|
612
|
peer_authname[namelen] = 0;
|
mbed714 |
0:d616ece2d859
|
613
|
|
mbed714 |
0:d616ece2d859
|
614
|
/*
|
mbed714 |
0:d616ece2d859
|
615
|
* If there is no more authentication still to be done,
|
mbed714 |
0:d616ece2d859
|
616
|
* proceed to the network (or callback) phase.
|
mbed714 |
0:d616ece2d859
|
617
|
*/
|
mbed714 |
0:d616ece2d859
|
618
|
if ((auth_pending[unit] &= ~pbit) == 0) {
|
mbed714 |
0:d616ece2d859
|
619
|
network_phase(unit);
|
mbed714 |
0:d616ece2d859
|
620
|
}
|
mbed714 |
0:d616ece2d859
|
621
|
}
|
mbed714 |
0:d616ece2d859
|
622
|
|
mbed714 |
0:d616ece2d859
|
623
|
/*
|
mbed714 |
0:d616ece2d859
|
624
|
* We have failed to authenticate ourselves to the peer using `protocol'.
|
mbed714 |
0:d616ece2d859
|
625
|
*/
|
mbed714 |
0:d616ece2d859
|
626
|
void
|
mbed714 |
0:d616ece2d859
|
627
|
auth_withpeer_fail(int unit, u16_t protocol)
|
mbed714 |
0:d616ece2d859
|
628
|
{
|
mbed714 |
0:d616ece2d859
|
629
|
int errCode = PPPERR_AUTHFAIL;
|
mbed714 |
0:d616ece2d859
|
630
|
|
mbed714 |
0:d616ece2d859
|
631
|
LWIP_UNUSED_ARG(protocol);
|
mbed714 |
0:d616ece2d859
|
632
|
|
mbed714 |
0:d616ece2d859
|
633
|
AUTHDEBUG(LOG_INFO, ("auth_withpeer_fail: %d proto=%X\n", unit, protocol));
|
mbed714 |
0:d616ece2d859
|
634
|
if (passwd_from_file) {
|
mbed714 |
0:d616ece2d859
|
635
|
BZERO(ppp_settings.passwd, MAXSECRETLEN);
|
mbed714 |
0:d616ece2d859
|
636
|
}
|
mbed714 |
0:d616ece2d859
|
637
|
|
mbed714 |
0:d616ece2d859
|
638
|
/*
|
mbed714 |
0:d616ece2d859
|
639
|
* We've failed to authenticate ourselves to our peer.
|
mbed714 |
0:d616ece2d859
|
640
|
* He'll probably take the link down, and there's not much
|
mbed714 |
0:d616ece2d859
|
641
|
* we can do except wait for that.
|
mbed714 |
0:d616ece2d859
|
642
|
*/
|
mbed714 |
0:d616ece2d859
|
643
|
pppIOCtl(unit, PPPCTLS_ERRCODE, &errCode);
|
mbed714 |
0:d616ece2d859
|
644
|
lcp_close(unit, "Failed to authenticate ourselves to peer");
|
mbed714 |
0:d616ece2d859
|
645
|
}
|
mbed714 |
0:d616ece2d859
|
646
|
|
mbed714 |
0:d616ece2d859
|
647
|
/*
|
mbed714 |
0:d616ece2d859
|
648
|
* We have successfully authenticated ourselves with the peer using `protocol'.
|
mbed714 |
0:d616ece2d859
|
649
|
*/
|
mbed714 |
0:d616ece2d859
|
650
|
void
|
mbed714 |
0:d616ece2d859
|
651
|
auth_withpeer_success(int unit, u16_t protocol)
|
mbed714 |
0:d616ece2d859
|
652
|
{
|
mbed714 |
0:d616ece2d859
|
653
|
int pbit;
|
mbed714 |
0:d616ece2d859
|
654
|
|
mbed714 |
0:d616ece2d859
|
655
|
AUTHDEBUG(LOG_INFO, ("auth_withpeer_success: %d proto=%X\n", unit, protocol));
|
mbed714 |
0:d616ece2d859
|
656
|
switch (protocol) {
|
mbed714 |
0:d616ece2d859
|
657
|
case PPP_CHAP:
|
mbed714 |
0:d616ece2d859
|
658
|
pbit = CHAP_WITHPEER;
|
mbed714 |
0:d616ece2d859
|
659
|
break;
|
mbed714 |
0:d616ece2d859
|
660
|
case PPP_PAP:
|
mbed714 |
0:d616ece2d859
|
661
|
if (passwd_from_file) {
|
mbed714 |
0:d616ece2d859
|
662
|
BZERO(ppp_settings.passwd, MAXSECRETLEN);
|
mbed714 |
0:d616ece2d859
|
663
|
}
|
mbed714 |
0:d616ece2d859
|
664
|
pbit = PAP_WITHPEER;
|
mbed714 |
0:d616ece2d859
|
665
|
break;
|
mbed714 |
0:d616ece2d859
|
666
|
default:
|
mbed714 |
0:d616ece2d859
|
667
|
AUTHDEBUG(LOG_WARNING, ("auth_peer_success: unknown protocol %x\n", protocol));
|
mbed714 |
0:d616ece2d859
|
668
|
pbit = 0;
|
mbed714 |
0:d616ece2d859
|
669
|
}
|
mbed714 |
0:d616ece2d859
|
670
|
|
mbed714 |
0:d616ece2d859
|
671
|
/*
|
mbed714 |
0:d616ece2d859
|
672
|
* If there is no more authentication still being done,
|
mbed714 |
0:d616ece2d859
|
673
|
* proceed to the network (or callback) phase.
|
mbed714 |
0:d616ece2d859
|
674
|
*/
|
mbed714 |
0:d616ece2d859
|
675
|
if ((auth_pending[unit] &= ~pbit) == 0) {
|
mbed714 |
0:d616ece2d859
|
676
|
network_phase(unit);
|
mbed714 |
0:d616ece2d859
|
677
|
}
|
mbed714 |
0:d616ece2d859
|
678
|
}
|
mbed714 |
0:d616ece2d859
|
679
|
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
680
|
|
mbed714 |
0:d616ece2d859
|
681
|
|
mbed714 |
0:d616ece2d859
|
682
|
/*
|
mbed714 |
0:d616ece2d859
|
683
|
* np_up - a network protocol has come up.
|
mbed714 |
0:d616ece2d859
|
684
|
*/
|
mbed714 |
0:d616ece2d859
|
685
|
void
|
mbed714 |
0:d616ece2d859
|
686
|
np_up(int unit, u16_t proto)
|
mbed714 |
0:d616ece2d859
|
687
|
{
|
mbed714 |
0:d616ece2d859
|
688
|
LWIP_UNUSED_ARG(unit);
|
mbed714 |
0:d616ece2d859
|
689
|
LWIP_UNUSED_ARG(proto);
|
mbed714 |
0:d616ece2d859
|
690
|
|
mbed714 |
0:d616ece2d859
|
691
|
AUTHDEBUG(LOG_INFO, ("np_up: %d proto=%X\n", unit, proto));
|
mbed714 |
0:d616ece2d859
|
692
|
if (num_np_up == 0) {
|
mbed714 |
0:d616ece2d859
|
693
|
AUTHDEBUG(LOG_INFO, ("np_up: maxconnect=%d idle_time_limit=%d\n",ppp_settings.maxconnect,ppp_settings.idle_time_limit));
|
mbed714 |
0:d616ece2d859
|
694
|
/*
|
mbed714 |
0:d616ece2d859
|
695
|
* At this point we consider that the link has come up successfully.
|
mbed714 |
0:d616ece2d859
|
696
|
*/
|
mbed714 |
0:d616ece2d859
|
697
|
if (ppp_settings.idle_time_limit > 0) {
|
mbed714 |
0:d616ece2d859
|
698
|
TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit);
|
mbed714 |
0:d616ece2d859
|
699
|
}
|
mbed714 |
0:d616ece2d859
|
700
|
|
mbed714 |
0:d616ece2d859
|
701
|
/*
|
mbed714 |
0:d616ece2d859
|
702
|
* Set a timeout to close the connection once the maximum
|
mbed714 |
0:d616ece2d859
|
703
|
* connect time has expired.
|
mbed714 |
0:d616ece2d859
|
704
|
*/
|
mbed714 |
0:d616ece2d859
|
705
|
if (ppp_settings.maxconnect > 0) {
|
mbed714 |
0:d616ece2d859
|
706
|
TIMEOUT(connect_time_expired, 0, ppp_settings.maxconnect);
|
mbed714 |
0:d616ece2d859
|
707
|
}
|
mbed714 |
0:d616ece2d859
|
708
|
}
|
mbed714 |
0:d616ece2d859
|
709
|
++num_np_up;
|
mbed714 |
0:d616ece2d859
|
710
|
}
|
mbed714 |
0:d616ece2d859
|
711
|
|
mbed714 |
0:d616ece2d859
|
712
|
/*
|
mbed714 |
0:d616ece2d859
|
713
|
* np_down - a network protocol has gone down.
|
mbed714 |
0:d616ece2d859
|
714
|
*/
|
mbed714 |
0:d616ece2d859
|
715
|
void
|
mbed714 |
0:d616ece2d859
|
716
|
np_down(int unit, u16_t proto)
|
mbed714 |
0:d616ece2d859
|
717
|
{
|
mbed714 |
0:d616ece2d859
|
718
|
LWIP_UNUSED_ARG(unit);
|
mbed714 |
0:d616ece2d859
|
719
|
LWIP_UNUSED_ARG(proto);
|
mbed714 |
0:d616ece2d859
|
720
|
|
mbed714 |
0:d616ece2d859
|
721
|
AUTHDEBUG(LOG_INFO, ("np_down: %d proto=%X\n", unit, proto));
|
mbed714 |
0:d616ece2d859
|
722
|
if (--num_np_up == 0 && ppp_settings.idle_time_limit > 0) {
|
mbed714 |
0:d616ece2d859
|
723
|
UNTIMEOUT(check_idle, NULL);
|
mbed714 |
0:d616ece2d859
|
724
|
}
|
mbed714 |
0:d616ece2d859
|
725
|
}
|
mbed714 |
0:d616ece2d859
|
726
|
|
mbed714 |
0:d616ece2d859
|
727
|
/*
|
mbed714 |
0:d616ece2d859
|
728
|
* np_finished - a network protocol has finished using the link.
|
mbed714 |
0:d616ece2d859
|
729
|
*/
|
mbed714 |
0:d616ece2d859
|
730
|
void
|
mbed714 |
0:d616ece2d859
|
731
|
np_finished(int unit, u16_t proto)
|
mbed714 |
0:d616ece2d859
|
732
|
{
|
mbed714 |
0:d616ece2d859
|
733
|
LWIP_UNUSED_ARG(unit);
|
mbed714 |
0:d616ece2d859
|
734
|
LWIP_UNUSED_ARG(proto);
|
mbed714 |
0:d616ece2d859
|
735
|
|
mbed714 |
0:d616ece2d859
|
736
|
AUTHDEBUG(LOG_INFO, ("np_finished: %d proto=%X\n", unit, proto));
|
mbed714 |
0:d616ece2d859
|
737
|
if (--num_np_open <= 0) {
|
mbed714 |
0:d616ece2d859
|
738
|
/* no further use for the link: shut up shop. */
|
mbed714 |
0:d616ece2d859
|
739
|
lcp_close(0, "No network protocols running");
|
mbed714 |
0:d616ece2d859
|
740
|
}
|
mbed714 |
0:d616ece2d859
|
741
|
}
|
mbed714 |
0:d616ece2d859
|
742
|
|
mbed714 |
0:d616ece2d859
|
743
|
/*
|
mbed714 |
0:d616ece2d859
|
744
|
* check_idle - check whether the link has been idle for long
|
mbed714 |
0:d616ece2d859
|
745
|
* enough that we can shut it down.
|
mbed714 |
0:d616ece2d859
|
746
|
*/
|
mbed714 |
0:d616ece2d859
|
747
|
static void
|
mbed714 |
0:d616ece2d859
|
748
|
check_idle(void *arg)
|
mbed714 |
0:d616ece2d859
|
749
|
{
|
mbed714 |
0:d616ece2d859
|
750
|
struct ppp_idle idle;
|
mbed714 |
0:d616ece2d859
|
751
|
u_short itime;
|
mbed714 |
0:d616ece2d859
|
752
|
|
mbed714 |
0:d616ece2d859
|
753
|
LWIP_UNUSED_ARG(arg);
|
mbed714 |
0:d616ece2d859
|
754
|
if (!get_idle_time(0, &idle)) {
|
mbed714 |
0:d616ece2d859
|
755
|
return;
|
mbed714 |
0:d616ece2d859
|
756
|
}
|
mbed714 |
0:d616ece2d859
|
757
|
itime = LWIP_MIN(idle.xmit_idle, idle.recv_idle);
|
mbed714 |
0:d616ece2d859
|
758
|
if (itime >= ppp_settings.idle_time_limit) {
|
mbed714 |
0:d616ece2d859
|
759
|
/* link is idle: shut it down. */
|
mbed714 |
0:d616ece2d859
|
760
|
AUTHDEBUG(LOG_INFO, ("Terminating connection due to lack of activity.\n"));
|
mbed714 |
0:d616ece2d859
|
761
|
lcp_close(0, "Link inactive");
|
mbed714 |
0:d616ece2d859
|
762
|
} else {
|
mbed714 |
0:d616ece2d859
|
763
|
TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit - itime);
|
mbed714 |
0:d616ece2d859
|
764
|
}
|
mbed714 |
0:d616ece2d859
|
765
|
}
|
mbed714 |
0:d616ece2d859
|
766
|
|
mbed714 |
0:d616ece2d859
|
767
|
/*
|
mbed714 |
0:d616ece2d859
|
768
|
* connect_time_expired - log a message and close the connection.
|
mbed714 |
0:d616ece2d859
|
769
|
*/
|
mbed714 |
0:d616ece2d859
|
770
|
static void
|
mbed714 |
0:d616ece2d859
|
771
|
connect_time_expired(void *arg)
|
mbed714 |
0:d616ece2d859
|
772
|
{
|
mbed714 |
0:d616ece2d859
|
773
|
LWIP_UNUSED_ARG(arg);
|
mbed714 |
0:d616ece2d859
|
774
|
|
mbed714 |
0:d616ece2d859
|
775
|
AUTHDEBUG(LOG_INFO, ("Connect time expired\n"));
|
mbed714 |
0:d616ece2d859
|
776
|
lcp_close(0, "Connect time expired"); /* Close connection */
|
mbed714 |
0:d616ece2d859
|
777
|
}
|
mbed714 |
0:d616ece2d859
|
778
|
|
mbed714 |
0:d616ece2d859
|
779
|
#if 0 /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
780
|
/*
|
mbed714 |
0:d616ece2d859
|
781
|
* auth_check_options - called to check authentication options.
|
mbed714 |
0:d616ece2d859
|
782
|
*/
|
mbed714 |
0:d616ece2d859
|
783
|
void
|
mbed714 |
0:d616ece2d859
|
784
|
auth_check_options(void)
|
mbed714 |
0:d616ece2d859
|
785
|
{
|
mbed714 |
0:d616ece2d859
|
786
|
lcp_options *wo = &lcp_wantoptions[0];
|
mbed714 |
0:d616ece2d859
|
787
|
int can_auth;
|
mbed714 |
0:d616ece2d859
|
788
|
ipcp_options *ipwo = &ipcp_wantoptions[0];
|
mbed714 |
0:d616ece2d859
|
789
|
u32_t remote;
|
mbed714 |
0:d616ece2d859
|
790
|
|
mbed714 |
0:d616ece2d859
|
791
|
/* Default our_name to hostname, and user to our_name */
|
mbed714 |
0:d616ece2d859
|
792
|
if (ppp_settings.our_name[0] == 0 || ppp_settings.usehostname) {
|
mbed714 |
0:d616ece2d859
|
793
|
strcpy(ppp_settings.our_name, ppp_settings.hostname);
|
mbed714 |
0:d616ece2d859
|
794
|
}
|
mbed714 |
0:d616ece2d859
|
795
|
|
mbed714 |
0:d616ece2d859
|
796
|
if (ppp_settings.user[0] == 0) {
|
mbed714 |
0:d616ece2d859
|
797
|
strcpy(ppp_settings.user, ppp_settings.our_name);
|
mbed714 |
0:d616ece2d859
|
798
|
}
|
mbed714 |
0:d616ece2d859
|
799
|
|
mbed714 |
0:d616ece2d859
|
800
|
/* If authentication is required, ask peer for CHAP or PAP. */
|
mbed714 |
0:d616ece2d859
|
801
|
if (ppp_settings.auth_required && !wo->neg_chap && !wo->neg_upap) {
|
mbed714 |
0:d616ece2d859
|
802
|
wo->neg_chap = 1;
|
mbed714 |
0:d616ece2d859
|
803
|
wo->neg_upap = 1;
|
mbed714 |
0:d616ece2d859
|
804
|
}
|
mbed714 |
0:d616ece2d859
|
805
|
|
mbed714 |
0:d616ece2d859
|
806
|
/*
|
mbed714 |
0:d616ece2d859
|
807
|
* Check whether we have appropriate secrets to use
|
mbed714 |
0:d616ece2d859
|
808
|
* to authenticate the peer.
|
mbed714 |
0:d616ece2d859
|
809
|
*/
|
mbed714 |
0:d616ece2d859
|
810
|
can_auth = wo->neg_upap && have_pap_secret();
|
mbed714 |
0:d616ece2d859
|
811
|
if (!can_auth && wo->neg_chap) {
|
mbed714 |
0:d616ece2d859
|
812
|
remote = ipwo->accept_remote? 0: ipwo->hisaddr;
|
mbed714 |
0:d616ece2d859
|
813
|
can_auth = have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote);
|
mbed714 |
0:d616ece2d859
|
814
|
}
|
mbed714 |
0:d616ece2d859
|
815
|
|
mbed714 |
0:d616ece2d859
|
816
|
if (ppp_settings.auth_required && !can_auth) {
|
mbed714 |
0:d616ece2d859
|
817
|
ppp_panic("No auth secret");
|
mbed714 |
0:d616ece2d859
|
818
|
}
|
mbed714 |
0:d616ece2d859
|
819
|
}
|
mbed714 |
0:d616ece2d859
|
820
|
#endif /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
821
|
|
mbed714 |
0:d616ece2d859
|
822
|
/*
|
mbed714 |
0:d616ece2d859
|
823
|
* auth_reset - called when LCP is starting negotiations to recheck
|
mbed714 |
0:d616ece2d859
|
824
|
* authentication options, i.e. whether we have appropriate secrets
|
mbed714 |
0:d616ece2d859
|
825
|
* to use for authenticating ourselves and/or the peer.
|
mbed714 |
0:d616ece2d859
|
826
|
*/
|
mbed714 |
0:d616ece2d859
|
827
|
void
|
mbed714 |
0:d616ece2d859
|
828
|
auth_reset(int unit)
|
mbed714 |
0:d616ece2d859
|
829
|
{
|
mbed714 |
0:d616ece2d859
|
830
|
lcp_options *go = &lcp_gotoptions[unit];
|
mbed714 |
0:d616ece2d859
|
831
|
lcp_options *ao = &lcp_allowoptions[0];
|
mbed714 |
0:d616ece2d859
|
832
|
ipcp_options *ipwo = &ipcp_wantoptions[0];
|
mbed714 |
0:d616ece2d859
|
833
|
u32_t remote;
|
mbed714 |
0:d616ece2d859
|
834
|
|
mbed714 |
0:d616ece2d859
|
835
|
AUTHDEBUG(LOG_INFO, ("auth_reset: %d\n", unit));
|
mbed714 |
0:d616ece2d859
|
836
|
ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(unit, NULL, NULL));
|
mbed714 |
0:d616ece2d859
|
837
|
ao->neg_chap = !ppp_settings.refuse_chap && ppp_settings.passwd[0] != 0 /*have_chap_secret(ppp_settings.user, ppp_settings.remote_name, (u32_t)0)*/;
|
mbed714 |
0:d616ece2d859
|
838
|
|
mbed714 |
0:d616ece2d859
|
839
|
if (go->neg_upap && !have_pap_secret()) {
|
mbed714 |
0:d616ece2d859
|
840
|
go->neg_upap = 0;
|
mbed714 |
0:d616ece2d859
|
841
|
}
|
mbed714 |
0:d616ece2d859
|
842
|
if (go->neg_chap) {
|
mbed714 |
0:d616ece2d859
|
843
|
remote = ipwo->accept_remote? 0: ipwo->hisaddr;
|
mbed714 |
0:d616ece2d859
|
844
|
if (!have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote)) {
|
mbed714 |
0:d616ece2d859
|
845
|
go->neg_chap = 0;
|
mbed714 |
0:d616ece2d859
|
846
|
}
|
mbed714 |
0:d616ece2d859
|
847
|
}
|
mbed714 |
0:d616ece2d859
|
848
|
}
|
mbed714 |
0:d616ece2d859
|
849
|
|
mbed714 |
0:d616ece2d859
|
850
|
#if PAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
851
|
/*
|
mbed714 |
0:d616ece2d859
|
852
|
* check_passwd - Check the user name and passwd against the PAP secrets
|
mbed714 |
0:d616ece2d859
|
853
|
* file. If requested, also check against the system password database,
|
mbed714 |
0:d616ece2d859
|
854
|
* and login the user if OK.
|
mbed714 |
0:d616ece2d859
|
855
|
*
|
mbed714 |
0:d616ece2d859
|
856
|
* returns:
|
mbed714 |
0:d616ece2d859
|
857
|
* UPAP_AUTHNAK: Authentication failed.
|
mbed714 |
0:d616ece2d859
|
858
|
* UPAP_AUTHACK: Authentication succeeded.
|
mbed714 |
0:d616ece2d859
|
859
|
* In either case, msg points to an appropriate message.
|
mbed714 |
0:d616ece2d859
|
860
|
*/
|
mbed714 |
0:d616ece2d859
|
861
|
u_char
|
mbed714 |
0:d616ece2d859
|
862
|
check_passwd( int unit, char *auser, int userlen, char *apasswd, int passwdlen, char **msg, int *msglen)
|
mbed714 |
0:d616ece2d859
|
863
|
{
|
mbed714 |
0:d616ece2d859
|
864
|
#if 1 /* XXX Assume all entries OK. */
|
mbed714 |
0:d616ece2d859
|
865
|
LWIP_UNUSED_ARG(unit);
|
mbed714 |
0:d616ece2d859
|
866
|
LWIP_UNUSED_ARG(auser);
|
mbed714 |
0:d616ece2d859
|
867
|
LWIP_UNUSED_ARG(userlen);
|
mbed714 |
0:d616ece2d859
|
868
|
LWIP_UNUSED_ARG(apasswd);
|
mbed714 |
0:d616ece2d859
|
869
|
LWIP_UNUSED_ARG(passwdlen);
|
mbed714 |
0:d616ece2d859
|
870
|
LWIP_UNUSED_ARG(msglen);
|
mbed714 |
0:d616ece2d859
|
871
|
*msg = (char *) 0;
|
mbed714 |
0:d616ece2d859
|
872
|
return UPAP_AUTHACK; /* XXX Assume all entries OK. */
|
mbed714 |
0:d616ece2d859
|
873
|
#else
|
mbed714 |
0:d616ece2d859
|
874
|
u_char ret = 0;
|
mbed714 |
0:d616ece2d859
|
875
|
struct wordlist *addrs = NULL;
|
mbed714 |
0:d616ece2d859
|
876
|
char passwd[256], user[256];
|
mbed714 |
0:d616ece2d859
|
877
|
char secret[MAXWORDLEN];
|
mbed714 |
0:d616ece2d859
|
878
|
static u_short attempts = 0;
|
mbed714 |
0:d616ece2d859
|
879
|
|
mbed714 |
0:d616ece2d859
|
880
|
/*
|
mbed714 |
0:d616ece2d859
|
881
|
* Make copies of apasswd and auser, then null-terminate them.
|
mbed714 |
0:d616ece2d859
|
882
|
*/
|
mbed714 |
0:d616ece2d859
|
883
|
BCOPY(apasswd, passwd, passwdlen);
|
mbed714 |
0:d616ece2d859
|
884
|
passwd[passwdlen] = '\0';
|
mbed714 |
0:d616ece2d859
|
885
|
BCOPY(auser, user, userlen);
|
mbed714 |
0:d616ece2d859
|
886
|
user[userlen] = '\0';
|
mbed714 |
0:d616ece2d859
|
887
|
*msg = (char *) 0;
|
mbed714 |
0:d616ece2d859
|
888
|
|
mbed714 |
0:d616ece2d859
|
889
|
/* XXX Validate user name and password. */
|
mbed714 |
0:d616ece2d859
|
890
|
ret = UPAP_AUTHACK; /* XXX Assume all entries OK. */
|
mbed714 |
0:d616ece2d859
|
891
|
|
mbed714 |
0:d616ece2d859
|
892
|
if (ret == UPAP_AUTHNAK) {
|
mbed714 |
0:d616ece2d859
|
893
|
if (*msg == (char *) 0) {
|
mbed714 |
0:d616ece2d859
|
894
|
*msg = "Login incorrect";
|
mbed714 |
0:d616ece2d859
|
895
|
}
|
mbed714 |
0:d616ece2d859
|
896
|
*msglen = strlen(*msg);
|
mbed714 |
0:d616ece2d859
|
897
|
/*
|
mbed714 |
0:d616ece2d859
|
898
|
* Frustrate passwd stealer programs.
|
mbed714 |
0:d616ece2d859
|
899
|
* Allow 10 tries, but start backing off after 3 (stolen from login).
|
mbed714 |
0:d616ece2d859
|
900
|
* On 10'th, drop the connection.
|
mbed714 |
0:d616ece2d859
|
901
|
*/
|
mbed714 |
0:d616ece2d859
|
902
|
if (attempts++ >= 10) {
|
mbed714 |
0:d616ece2d859
|
903
|
AUTHDEBUG(LOG_WARNING, ("%d LOGIN FAILURES BY %s\n", attempts, user));
|
mbed714 |
0:d616ece2d859
|
904
|
/*ppp_panic("Excess Bad Logins");*/
|
mbed714 |
0:d616ece2d859
|
905
|
}
|
mbed714 |
0:d616ece2d859
|
906
|
if (attempts > 3) {
|
mbed714 |
0:d616ece2d859
|
907
|
/* @todo: this was sleep(), i.e. seconds, not milliseconds
|
mbed714 |
0:d616ece2d859
|
908
|
* I don't think we really need this in lwIP - we would block tcpip_thread!
|
mbed714 |
0:d616ece2d859
|
909
|
*/
|
mbed714 |
0:d616ece2d859
|
910
|
/*sys_msleep((attempts - 3) * 5);*/
|
mbed714 |
0:d616ece2d859
|
911
|
}
|
mbed714 |
0:d616ece2d859
|
912
|
if (addrs != NULL) {
|
mbed714 |
0:d616ece2d859
|
913
|
free_wordlist(addrs);
|
mbed714 |
0:d616ece2d859
|
914
|
}
|
mbed714 |
0:d616ece2d859
|
915
|
} else {
|
mbed714 |
0:d616ece2d859
|
916
|
attempts = 0; /* Reset count */
|
mbed714 |
0:d616ece2d859
|
917
|
if (*msg == (char *) 0) {
|
mbed714 |
0:d616ece2d859
|
918
|
*msg = "Login ok";
|
mbed714 |
0:d616ece2d859
|
919
|
}
|
mbed714 |
0:d616ece2d859
|
920
|
*msglen = strlen(*msg);
|
mbed714 |
0:d616ece2d859
|
921
|
set_allowed_addrs(unit, addrs);
|
mbed714 |
0:d616ece2d859
|
922
|
}
|
mbed714 |
0:d616ece2d859
|
923
|
|
mbed714 |
0:d616ece2d859
|
924
|
BZERO(passwd, sizeof(passwd));
|
mbed714 |
0:d616ece2d859
|
925
|
BZERO(secret, sizeof(secret));
|
mbed714 |
0:d616ece2d859
|
926
|
|
mbed714 |
0:d616ece2d859
|
927
|
return ret;
|
mbed714 |
0:d616ece2d859
|
928
|
#endif
|
mbed714 |
0:d616ece2d859
|
929
|
}
|
mbed714 |
0:d616ece2d859
|
930
|
#endif /* PAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
931
|
|
mbed714 |
0:d616ece2d859
|
932
|
#if 0 /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
933
|
/*
|
mbed714 |
0:d616ece2d859
|
934
|
* This function is needed for PAM.
|
mbed714 |
0:d616ece2d859
|
935
|
*/
|
mbed714 |
0:d616ece2d859
|
936
|
|
mbed714 |
0:d616ece2d859
|
937
|
#ifdef USE_PAM
|
mbed714 |
0:d616ece2d859
|
938
|
|
mbed714 |
0:d616ece2d859
|
939
|
/* lwip does not support PAM*/
|
mbed714 |
0:d616ece2d859
|
940
|
|
mbed714 |
0:d616ece2d859
|
941
|
#endif /* USE_PAM */
|
mbed714 |
0:d616ece2d859
|
942
|
|
mbed714 |
0:d616ece2d859
|
943
|
#endif /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
944
|
|
mbed714 |
0:d616ece2d859
|
945
|
|
mbed714 |
0:d616ece2d859
|
946
|
#if 0 /* UNUSED */
|
mbed714 |
0:d616ece2d859
|
947
|
/*
|
mbed714 |
0:d616ece2d859
|
948
|
* plogin - Check the user name and password against the system
|
mbed714 |
0:d616ece2d859
|
949
|
* password database, and login the user if OK.
|
mbed714 |
0:d616ece2d859
|
950
|
*
|
mbed714 |
0:d616ece2d859
|
951
|
* returns:
|
mbed714 |
0:d616ece2d859
|
952
|
* UPAP_AUTHNAK: Login failed.
|
mbed714 |
0:d616ece2d859
|
953
|
* UPAP_AUTHACK: Login succeeded.
|
mbed714 |
0:d616ece2d859
|
954
|
* In either case, msg points to an appropriate message.
|
mbed714 |
0:d616ece2d859
|
955
|
*/
|
mbed714 |
0:d616ece2d859
|
956
|
static int
|
mbed714 |
0:d616ece2d859
|
957
|
plogin(char *user, char *passwd, char **msg, int *msglen)
|
mbed714 |
0:d616ece2d859
|
958
|
{
|
mbed714 |
0:d616ece2d859
|
959
|
|
mbed714 |
0:d616ece2d859
|
960
|
LWIP_UNUSED_ARG(user);
|
mbed714 |
0:d616ece2d859
|
961
|
LWIP_UNUSED_ARG(passwd);
|
mbed714 |
0:d616ece2d859
|
962
|
LWIP_UNUSED_ARG(msg);
|
mbed714 |
0:d616ece2d859
|
963
|
LWIP_UNUSED_ARG(msglen);
|
mbed714 |
0:d616ece2d859
|
964
|
|
mbed714 |
0:d616ece2d859
|
965
|
|
mbed714 |
0:d616ece2d859
|
966
|
/* The new lines are here align the file when
|
mbed714 |
0:d616ece2d859
|
967
|
* compared against the pppd 2.3.11 code */
|
mbed714 |
0:d616ece2d859
|
968
|
|
mbed714 |
0:d616ece2d859
|
969
|
|
mbed714 |
0:d616ece2d859
|
970
|
|
mbed714 |
0:d616ece2d859
|
971
|
|
mbed714 |
0:d616ece2d859
|
972
|
|
mbed714 |
0:d616ece2d859
|
973
|
|
mbed714 |
0:d616ece2d859
|
974
|
|
mbed714 |
0:d616ece2d859
|
975
|
|
mbed714 |
0:d616ece2d859
|
976
|
|
mbed714 |
0:d616ece2d859
|
977
|
|
mbed714 |
0:d616ece2d859
|
978
|
|
mbed714 |
0:d616ece2d859
|
979
|
|
mbed714 |
0:d616ece2d859
|
980
|
|
mbed714 |
0:d616ece2d859
|
981
|
|
mbed714 |
0:d616ece2d859
|
982
|
|
mbed714 |
0:d616ece2d859
|
983
|
|
mbed714 |
0:d616ece2d859
|
984
|
/* XXX Fail until we decide that we want to support logins. */
|
mbed714 |
0:d616ece2d859
|
985
|
return (UPAP_AUTHNAK);
|
mbed714 |
0:d616ece2d859
|
986
|
}
|
mbed714 |
0:d616ece2d859
|
987
|
#endif
|
mbed714 |
0:d616ece2d859
|
988
|
|
mbed714 |
0:d616ece2d859
|
989
|
|
mbed714 |
0:d616ece2d859
|
990
|
|
mbed714 |
0:d616ece2d859
|
991
|
/*
|
mbed714 |
0:d616ece2d859
|
992
|
* plogout - Logout the user.
|
mbed714 |
0:d616ece2d859
|
993
|
*/
|
mbed714 |
0:d616ece2d859
|
994
|
static void
|
mbed714 |
0:d616ece2d859
|
995
|
plogout(void)
|
mbed714 |
0:d616ece2d859
|
996
|
{
|
mbed714 |
0:d616ece2d859
|
997
|
logged_in = 0;
|
mbed714 |
0:d616ece2d859
|
998
|
}
|
mbed714 |
0:d616ece2d859
|
999
|
|
mbed714 |
0:d616ece2d859
|
1000
|
/*
|
mbed714 |
0:d616ece2d859
|
1001
|
* null_login - Check if a username of "" and a password of "" are
|
mbed714 |
0:d616ece2d859
|
1002
|
* acceptable, and iff so, set the list of acceptable IP addresses
|
mbed714 |
0:d616ece2d859
|
1003
|
* and return 1.
|
mbed714 |
0:d616ece2d859
|
1004
|
*/
|
mbed714 |
0:d616ece2d859
|
1005
|
static int
|
mbed714 |
0:d616ece2d859
|
1006
|
null_login(int unit)
|
mbed714 |
0:d616ece2d859
|
1007
|
{
|
mbed714 |
0:d616ece2d859
|
1008
|
LWIP_UNUSED_ARG(unit);
|
mbed714 |
0:d616ece2d859
|
1009
|
/* XXX Fail until we decide that we want to support logins. */
|
mbed714 |
0:d616ece2d859
|
1010
|
return 0;
|
mbed714 |
0:d616ece2d859
|
1011
|
}
|
mbed714 |
0:d616ece2d859
|
1012
|
|
mbed714 |
0:d616ece2d859
|
1013
|
|
mbed714 |
0:d616ece2d859
|
1014
|
/*
|
mbed714 |
0:d616ece2d859
|
1015
|
* get_pap_passwd - get a password for authenticating ourselves with
|
mbed714 |
0:d616ece2d859
|
1016
|
* our peer using PAP. Returns 1 on success, 0 if no suitable password
|
mbed714 |
0:d616ece2d859
|
1017
|
* could be found.
|
mbed714 |
0:d616ece2d859
|
1018
|
*/
|
mbed714 |
0:d616ece2d859
|
1019
|
static int
|
mbed714 |
0:d616ece2d859
|
1020
|
get_pap_passwd(int unit, char *user, char *passwd)
|
mbed714 |
0:d616ece2d859
|
1021
|
{
|
mbed714 |
0:d616ece2d859
|
1022
|
LWIP_UNUSED_ARG(unit);
|
mbed714 |
0:d616ece2d859
|
1023
|
/* normally we would reject PAP if no password is provided,
|
mbed714 |
0:d616ece2d859
|
1024
|
but this causes problems with some providers (like CHT in Taiwan)
|
mbed714 |
0:d616ece2d859
|
1025
|
who incorrectly request PAP and expect a bogus/empty password, so
|
mbed714 |
0:d616ece2d859
|
1026
|
always provide a default user/passwd of "none"/"none"
|
mbed714 |
0:d616ece2d859
|
1027
|
|
mbed714 |
0:d616ece2d859
|
1028
|
@todo: This should be configured by the user, instead of being hardcoded here!
|
mbed714 |
0:d616ece2d859
|
1029
|
*/
|
mbed714 |
0:d616ece2d859
|
1030
|
if(user) {
|
mbed714 |
0:d616ece2d859
|
1031
|
strcpy(user, "none");
|
mbed714 |
0:d616ece2d859
|
1032
|
}
|
mbed714 |
0:d616ece2d859
|
1033
|
if(passwd) {
|
mbed714 |
0:d616ece2d859
|
1034
|
strcpy(passwd, "none");
|
mbed714 |
0:d616ece2d859
|
1035
|
}
|
mbed714 |
0:d616ece2d859
|
1036
|
return 1;
|
mbed714 |
0:d616ece2d859
|
1037
|
}
|
mbed714 |
0:d616ece2d859
|
1038
|
|
mbed714 |
0:d616ece2d859
|
1039
|
/*
|
mbed714 |
0:d616ece2d859
|
1040
|
* have_pap_secret - check whether we have a PAP file with any
|
mbed714 |
0:d616ece2d859
|
1041
|
* secrets that we could possibly use for authenticating the peer.
|
mbed714 |
0:d616ece2d859
|
1042
|
*/
|
mbed714 |
0:d616ece2d859
|
1043
|
static int
|
mbed714 |
0:d616ece2d859
|
1044
|
have_pap_secret(void)
|
mbed714 |
0:d616ece2d859
|
1045
|
{
|
mbed714 |
0:d616ece2d859
|
1046
|
/* XXX Fail until we set up our passwords. */
|
mbed714 |
0:d616ece2d859
|
1047
|
return 0;
|
mbed714 |
0:d616ece2d859
|
1048
|
}
|
mbed714 |
0:d616ece2d859
|
1049
|
|
mbed714 |
0:d616ece2d859
|
1050
|
/*
|
mbed714 |
0:d616ece2d859
|
1051
|
* have_chap_secret - check whether we have a CHAP file with a
|
mbed714 |
0:d616ece2d859
|
1052
|
* secret that we could possibly use for authenticating `client'
|
mbed714 |
0:d616ece2d859
|
1053
|
* on `server'. Either can be the null string, meaning we don't
|
mbed714 |
0:d616ece2d859
|
1054
|
* know the identity yet.
|
mbed714 |
0:d616ece2d859
|
1055
|
*/
|
mbed714 |
0:d616ece2d859
|
1056
|
static int
|
mbed714 |
0:d616ece2d859
|
1057
|
have_chap_secret(char *client, char *server, u32_t remote)
|
mbed714 |
0:d616ece2d859
|
1058
|
{
|
mbed714 |
0:d616ece2d859
|
1059
|
LWIP_UNUSED_ARG(client);
|
mbed714 |
0:d616ece2d859
|
1060
|
LWIP_UNUSED_ARG(server);
|
mbed714 |
0:d616ece2d859
|
1061
|
LWIP_UNUSED_ARG(remote);
|
mbed714 |
0:d616ece2d859
|
1062
|
|
mbed714 |
0:d616ece2d859
|
1063
|
/* XXX Fail until we set up our passwords. */
|
mbed714 |
0:d616ece2d859
|
1064
|
return 0;
|
mbed714 |
0:d616ece2d859
|
1065
|
}
|
mbed714 |
0:d616ece2d859
|
1066
|
#if CHAP_SUPPORT
|
mbed714 |
0:d616ece2d859
|
1067
|
|
mbed714 |
0:d616ece2d859
|
1068
|
/*
|
mbed714 |
0:d616ece2d859
|
1069
|
* get_secret - open the CHAP secret file and return the secret
|
mbed714 |
0:d616ece2d859
|
1070
|
* for authenticating the given client on the given server.
|
mbed714 |
0:d616ece2d859
|
1071
|
* (We could be either client or server).
|
mbed714 |
0:d616ece2d859
|
1072
|
*/
|
mbed714 |
0:d616ece2d859
|
1073
|
int
|
mbed714 |
0:d616ece2d859
|
1074
|
get_secret(int unit, char *client, char *server, char *secret, int *secret_len, int save_addrs)
|
mbed714 |
0:d616ece2d859
|
1075
|
{
|
mbed714 |
0:d616ece2d859
|
1076
|
#if 1
|
mbed714 |
0:d616ece2d859
|
1077
|
int len;
|
mbed714 |
0:d616ece2d859
|
1078
|
struct wordlist *addrs;
|
mbed714 |
0:d616ece2d859
|
1079
|
|
mbed714 |
0:d616ece2d859
|
1080
|
LWIP_UNUSED_ARG(unit);
|
mbed714 |
0:d616ece2d859
|
1081
|
LWIP_UNUSED_ARG(server);
|
mbed714 |
0:d616ece2d859
|
1082
|
LWIP_UNUSED_ARG(save_addrs);
|
mbed714 |
0:d616ece2d859
|
1083
|
|
mbed714 |
0:d616ece2d859
|
1084
|
addrs = NULL;
|
mbed714 |
0:d616ece2d859
|
1085
|
|
mbed714 |
0:d616ece2d859
|
1086
|
if(!client || !client[0] || strcmp(client, ppp_settings.user)) {
|
mbed714 |
0:d616ece2d859
|
1087
|
return 0;
|
mbed714 |
0:d616ece2d859
|
1088
|
}
|
mbed714 |
0:d616ece2d859
|
1089
|
|
mbed714 |
0:d616ece2d859
|
1090
|
len = (int)strlen(ppp_settings.passwd);
|
mbed714 |
0:d616ece2d859
|
1091
|
if (len > MAXSECRETLEN) {
|
mbed714 |
0:d616ece2d859
|
1092
|
AUTHDEBUG(LOG_ERR, ("Secret for %s on %s is too long\n", client, server));
|
mbed714 |
0:d616ece2d859
|
1093
|
len = MAXSECRETLEN;
|
mbed714 |
0:d616ece2d859
|
1094
|
}
|
mbed714 |
0:d616ece2d859
|
1095
|
|
mbed714 |
0:d616ece2d859
|
1096
|
BCOPY(ppp_settings.passwd, secret, len);
|
mbed714 |
0:d616ece2d859
|
1097
|
*secret_len = len;
|
mbed714 |
0:d616ece2d859
|
1098
|
|
mbed714 |
0:d616ece2d859
|
1099
|
return 1;
|
mbed714 |
0:d616ece2d859
|
1100
|
#else
|
mbed714 |
0:d616ece2d859
|
1101
|
int ret = 0, len;
|
mbed714 |
0:d616ece2d859
|
1102
|
struct wordlist *addrs;
|
mbed714 |
0:d616ece2d859
|
1103
|
char secbuf[MAXWORDLEN];
|
mbed714 |
0:d616ece2d859
|
1104
|
|
mbed714 |
0:d616ece2d859
|
1105
|
addrs = NULL;
|
mbed714 |
0:d616ece2d859
|
1106
|
secbuf[0] = 0;
|
mbed714 |
0:d616ece2d859
|
1107
|
|
mbed714 |
0:d616ece2d859
|
1108
|
/* XXX Find secret. */
|
mbed714 |
0:d616ece2d859
|
1109
|
if (ret < 0) {
|
mbed714 |
0:d616ece2d859
|
1110
|
return 0;
|
mbed714 |
0:d616ece2d859
|
1111
|
}
|
mbed714 |
0:d616ece2d859
|
1112
|
|
mbed714 |
0:d616ece2d859
|
1113
|
if (save_addrs) {
|
mbed714 |
0:d616ece2d859
|
1114
|
set_allowed_addrs(unit, addrs);
|
mbed714 |
0:d616ece2d859
|
1115
|
}
|
mbed714 |
0:d616ece2d859
|
1116
|
|
mbed714 |
0:d616ece2d859
|
1117
|
len = strlen(secbuf);
|
mbed714 |
0:d616ece2d859
|
1118
|
if (len > MAXSECRETLEN) {
|
mbed714 |
0:d616ece2d859
|
1119
|
AUTHDEBUG(LOG_ERR, ("Secret for %s on %s is too long\n", client, server));
|
mbed714 |
0:d616ece2d859
|
1120
|
len = MAXSECRETLEN;
|
mbed714 |
0:d616ece2d859
|
1121
|
}
|
mbed714 |
0:d616ece2d859
|
1122
|
|
mbed714 |
0:d616ece2d859
|
1123
|
BCOPY(secbuf, secret, len);
|
mbed714 |
0:d616ece2d859
|
1124
|
BZERO(secbuf, sizeof(secbuf));
|
mbed714 |
0:d616ece2d859
|
1125
|
*secret_len = len;
|
mbed714 |
0:d616ece2d859
|
1126
|
|
mbed714 |
0:d616ece2d859
|
1127
|
return 1;
|
mbed714 |
0:d616ece2d859
|
1128
|
#endif
|
mbed714 |
0:d616ece2d859
|
1129
|
}
|
mbed714 |
0:d616ece2d859
|
1130
|
#endif /* CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
1131
|
|
mbed714 |
0:d616ece2d859
|
1132
|
|
mbed714 |
0:d616ece2d859
|
1133
|
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
1134
|
/*
|
mbed714 |
0:d616ece2d859
|
1135
|
* set_allowed_addrs() - set the list of allowed addresses.
|
mbed714 |
0:d616ece2d859
|
1136
|
*/
|
mbed714 |
0:d616ece2d859
|
1137
|
static void
|
mbed714 |
0:d616ece2d859
|
1138
|
set_allowed_addrs(int unit, struct wordlist *addrs)
|
mbed714 |
0:d616ece2d859
|
1139
|
{
|
mbed714 |
0:d616ece2d859
|
1140
|
if (addresses[unit] != NULL) {
|
mbed714 |
0:d616ece2d859
|
1141
|
free_wordlist(addresses[unit]);
|
mbed714 |
0:d616ece2d859
|
1142
|
}
|
mbed714 |
0:d616ece2d859
|
1143
|
addresses[unit] = addrs;
|
mbed714 |
0:d616ece2d859
|
1144
|
|
mbed714 |
0:d616ece2d859
|
1145
|
#if 0
|
mbed714 |
0:d616ece2d859
|
1146
|
/*
|
mbed714 |
0:d616ece2d859
|
1147
|
* If there's only one authorized address we might as well
|
mbed714 |
0:d616ece2d859
|
1148
|
* ask our peer for that one right away
|
mbed714 |
0:d616ece2d859
|
1149
|
*/
|
mbed714 |
0:d616ece2d859
|
1150
|
if (addrs != NULL && addrs->next == NULL) {
|
mbed714 |
0:d616ece2d859
|
1151
|
char *p = addrs->word;
|
mbed714 |
0:d616ece2d859
|
1152
|
struct ipcp_options *wo = &ipcp_wantoptions[unit];
|
mbed714 |
0:d616ece2d859
|
1153
|
u32_t a;
|
mbed714 |
0:d616ece2d859
|
1154
|
struct hostent *hp;
|
mbed714 |
0:d616ece2d859
|
1155
|
|
mbed714 |
0:d616ece2d859
|
1156
|
if (wo->hisaddr == 0 && *p != '!' && *p != '-' && strchr(p, '/') == NULL) {
|
mbed714 |
0:d616ece2d859
|
1157
|
hp = gethostbyname(p);
|
mbed714 |
0:d616ece2d859
|
1158
|
if (hp != NULL && hp->h_addrtype == AF_INET) {
|
mbed714 |
0:d616ece2d859
|
1159
|
a = *(u32_t *)hp->h_addr;
|
mbed714 |
0:d616ece2d859
|
1160
|
} else {
|
mbed714 |
0:d616ece2d859
|
1161
|
a = inet_addr(p);
|
mbed714 |
0:d616ece2d859
|
1162
|
}
|
mbed714 |
0:d616ece2d859
|
1163
|
if (a != (u32_t) -1) {
|
mbed714 |
0:d616ece2d859
|
1164
|
wo->hisaddr = a;
|
mbed714 |
0:d616ece2d859
|
1165
|
}
|
mbed714 |
0:d616ece2d859
|
1166
|
}
|
mbed714 |
0:d616ece2d859
|
1167
|
}
|
mbed714 |
0:d616ece2d859
|
1168
|
#endif
|
mbed714 |
0:d616ece2d859
|
1169
|
}
|
mbed714 |
0:d616ece2d859
|
1170
|
#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
1171
|
|
mbed714 |
0:d616ece2d859
|
1172
|
/*
|
mbed714 |
0:d616ece2d859
|
1173
|
* auth_ip_addr - check whether the peer is authorized to use
|
mbed714 |
0:d616ece2d859
|
1174
|
* a given IP address. Returns 1 if authorized, 0 otherwise.
|
mbed714 |
0:d616ece2d859
|
1175
|
*/
|
mbed714 |
0:d616ece2d859
|
1176
|
int
|
mbed714 |
0:d616ece2d859
|
1177
|
auth_ip_addr(int unit, u32_t addr)
|
mbed714 |
0:d616ece2d859
|
1178
|
{
|
mbed714 |
0:d616ece2d859
|
1179
|
return ip_addr_check(addr, addresses[unit]);
|
mbed714 |
0:d616ece2d859
|
1180
|
}
|
mbed714 |
0:d616ece2d859
|
1181
|
|
mbed714 |
0:d616ece2d859
|
1182
|
static int /* @todo: integrate this funtion into auth_ip_addr()*/
|
mbed714 |
0:d616ece2d859
|
1183
|
ip_addr_check(u32_t addr, struct wordlist *addrs)
|
mbed714 |
0:d616ece2d859
|
1184
|
{
|
mbed714 |
0:d616ece2d859
|
1185
|
/* don't allow loopback or multicast address */
|
mbed714 |
0:d616ece2d859
|
1186
|
if (bad_ip_adrs(addr)) {
|
mbed714 |
0:d616ece2d859
|
1187
|
return 0;
|
mbed714 |
0:d616ece2d859
|
1188
|
}
|
mbed714 |
0:d616ece2d859
|
1189
|
|
mbed714 |
0:d616ece2d859
|
1190
|
if (addrs == NULL) {
|
mbed714 |
0:d616ece2d859
|
1191
|
return !ppp_settings.auth_required; /* no addresses authorized */
|
mbed714 |
0:d616ece2d859
|
1192
|
}
|
mbed714 |
0:d616ece2d859
|
1193
|
|
mbed714 |
0:d616ece2d859
|
1194
|
/* XXX All other addresses allowed. */
|
mbed714 |
0:d616ece2d859
|
1195
|
return 1;
|
mbed714 |
0:d616ece2d859
|
1196
|
}
|
mbed714 |
0:d616ece2d859
|
1197
|
|
mbed714 |
0:d616ece2d859
|
1198
|
/*
|
mbed714 |
0:d616ece2d859
|
1199
|
* bad_ip_adrs - return 1 if the IP address is one we don't want
|
mbed714 |
0:d616ece2d859
|
1200
|
* to use, such as an address in the loopback net or a multicast address.
|
mbed714 |
0:d616ece2d859
|
1201
|
* addr is in network byte order.
|
mbed714 |
0:d616ece2d859
|
1202
|
*/
|
mbed714 |
0:d616ece2d859
|
1203
|
int
|
mbed714 |
0:d616ece2d859
|
1204
|
bad_ip_adrs(u32_t addr)
|
mbed714 |
0:d616ece2d859
|
1205
|
{
|
mbed714 |
0:d616ece2d859
|
1206
|
addr = ntohl(addr);
|
mbed714 |
0:d616ece2d859
|
1207
|
return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
|
mbed714 |
0:d616ece2d859
|
1208
|
|| IN_MULTICAST(addr) || IN_BADCLASS(addr);
|
mbed714 |
0:d616ece2d859
|
1209
|
}
|
mbed714 |
0:d616ece2d859
|
1210
|
|
mbed714 |
0:d616ece2d859
|
1211
|
#if 0 /* UNUSED */ /* PAP_SUPPORT || CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
1212
|
/*
|
mbed714 |
0:d616ece2d859
|
1213
|
* some_ip_ok - check a wordlist to see if it authorizes any
|
mbed714 |
0:d616ece2d859
|
1214
|
* IP address(es).
|
mbed714 |
0:d616ece2d859
|
1215
|
*/
|
mbed714 |
0:d616ece2d859
|
1216
|
static int
|
mbed714 |
0:d616ece2d859
|
1217
|
some_ip_ok(struct wordlist *addrs)
|
mbed714 |
0:d616ece2d859
|
1218
|
{
|
mbed714 |
0:d616ece2d859
|
1219
|
for (; addrs != 0; addrs = addrs->next) {
|
mbed714 |
0:d616ece2d859
|
1220
|
if (addrs->word[0] == '-')
|
mbed714 |
0:d616ece2d859
|
1221
|
break;
|
mbed714 |
0:d616ece2d859
|
1222
|
if (addrs->word[0] != '!')
|
mbed714 |
0:d616ece2d859
|
1223
|
return 1; /* some IP address is allowed */
|
mbed714 |
0:d616ece2d859
|
1224
|
}
|
mbed714 |
0:d616ece2d859
|
1225
|
return 0;
|
mbed714 |
0:d616ece2d859
|
1226
|
}
|
mbed714 |
0:d616ece2d859
|
1227
|
|
mbed714 |
0:d616ece2d859
|
1228
|
/*
|
mbed714 |
0:d616ece2d859
|
1229
|
* check_access - complain if a secret file has too-liberal permissions.
|
mbed714 |
0:d616ece2d859
|
1230
|
*/
|
mbed714 |
0:d616ece2d859
|
1231
|
static void
|
mbed714 |
0:d616ece2d859
|
1232
|
check_access(FILE *f, char *filename)
|
mbed714 |
0:d616ece2d859
|
1233
|
{
|
mbed714 |
0:d616ece2d859
|
1234
|
struct stat sbuf;
|
mbed714 |
0:d616ece2d859
|
1235
|
|
mbed714 |
0:d616ece2d859
|
1236
|
if (fstat(fileno(f), &sbuf) < 0) {
|
mbed714 |
0:d616ece2d859
|
1237
|
warn("cannot stat secret file %s: %m", filename);
|
mbed714 |
0:d616ece2d859
|
1238
|
} else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
|
mbed714 |
0:d616ece2d859
|
1239
|
warn("Warning - secret file %s has world and/or group access",
|
mbed714 |
0:d616ece2d859
|
1240
|
filename);
|
mbed714 |
0:d616ece2d859
|
1241
|
}
|
mbed714 |
0:d616ece2d859
|
1242
|
}
|
mbed714 |
0:d616ece2d859
|
1243
|
|
mbed714 |
0:d616ece2d859
|
1244
|
|
mbed714 |
0:d616ece2d859
|
1245
|
/*
|
mbed714 |
0:d616ece2d859
|
1246
|
* scan_authfile - Scan an authorization file for a secret suitable
|
mbed714 |
0:d616ece2d859
|
1247
|
* for authenticating `client' on `server'. The return value is -1
|
mbed714 |
0:d616ece2d859
|
1248
|
* if no secret is found, otherwise >= 0. The return value has
|
mbed714 |
0:d616ece2d859
|
1249
|
* NONWILD_CLIENT set if the secret didn't have "*" for the client, and
|
mbed714 |
0:d616ece2d859
|
1250
|
* NONWILD_SERVER set if the secret didn't have "*" for the server.
|
mbed714 |
0:d616ece2d859
|
1251
|
* Any following words on the line up to a "--" (i.e. address authorization
|
mbed714 |
0:d616ece2d859
|
1252
|
* info) are placed in a wordlist and returned in *addrs. Any
|
mbed714 |
0:d616ece2d859
|
1253
|
* following words (extra options) are placed in a wordlist and
|
mbed714 |
0:d616ece2d859
|
1254
|
* returned in *opts.
|
mbed714 |
0:d616ece2d859
|
1255
|
* We assume secret is NULL or points to MAXWORDLEN bytes of space.
|
mbed714 |
0:d616ece2d859
|
1256
|
*/
|
mbed714 |
0:d616ece2d859
|
1257
|
static int
|
mbed714 |
0:d616ece2d859
|
1258
|
scan_authfile(FILE *f, char *client, char *server, char *secret, struct wordlist **addrs, struct wordlist **opts, char *filename)
|
mbed714 |
0:d616ece2d859
|
1259
|
{
|
mbed714 |
0:d616ece2d859
|
1260
|
/* We do not (currently) need this in lwip */
|
mbed714 |
0:d616ece2d859
|
1261
|
return 0; /* dummy */
|
mbed714 |
0:d616ece2d859
|
1262
|
}
|
mbed714 |
0:d616ece2d859
|
1263
|
/*
|
mbed714 |
0:d616ece2d859
|
1264
|
* free_wordlist - release memory allocated for a wordlist.
|
mbed714 |
0:d616ece2d859
|
1265
|
*/
|
mbed714 |
0:d616ece2d859
|
1266
|
static void
|
mbed714 |
0:d616ece2d859
|
1267
|
free_wordlist(struct wordlist *wp)
|
mbed714 |
0:d616ece2d859
|
1268
|
{
|
mbed714 |
0:d616ece2d859
|
1269
|
struct wordlist *next;
|
mbed714 |
0:d616ece2d859
|
1270
|
|
mbed714 |
0:d616ece2d859
|
1271
|
while (wp != NULL) {
|
mbed714 |
0:d616ece2d859
|
1272
|
next = wp->next;
|
mbed714 |
0:d616ece2d859
|
1273
|
free(wp);
|
mbed714 |
0:d616ece2d859
|
1274
|
wp = next;
|
mbed714 |
0:d616ece2d859
|
1275
|
}
|
mbed714 |
0:d616ece2d859
|
1276
|
}
|
mbed714 |
0:d616ece2d859
|
1277
|
|
mbed714 |
0:d616ece2d859
|
1278
|
/*
|
mbed714 |
0:d616ece2d859
|
1279
|
* auth_script_done - called when the auth-up or auth-down script
|
mbed714 |
0:d616ece2d859
|
1280
|
* has finished.
|
mbed714 |
0:d616ece2d859
|
1281
|
*/
|
mbed714 |
0:d616ece2d859
|
1282
|
static void
|
mbed714 |
0:d616ece2d859
|
1283
|
auth_script_done(void *arg)
|
mbed714 |
0:d616ece2d859
|
1284
|
{
|
mbed714 |
0:d616ece2d859
|
1285
|
auth_script_pid = 0;
|
mbed714 |
0:d616ece2d859
|
1286
|
switch (auth_script_state) {
|
mbed714 |
0:d616ece2d859
|
1287
|
case s_up:
|
mbed714 |
0:d616ece2d859
|
1288
|
if (auth_state == s_down) {
|
mbed714 |
0:d616ece2d859
|
1289
|
auth_script_state = s_down;
|
mbed714 |
0:d616ece2d859
|
1290
|
auth_script(_PATH_AUTHDOWN);
|
mbed714 |
0:d616ece2d859
|
1291
|
}
|
mbed714 |
0:d616ece2d859
|
1292
|
break;
|
mbed714 |
0:d616ece2d859
|
1293
|
case s_down:
|
mbed714 |
0:d616ece2d859
|
1294
|
if (auth_state == s_up) {
|
mbed714 |
0:d616ece2d859
|
1295
|
auth_script_state = s_up;
|
mbed714 |
0:d616ece2d859
|
1296
|
auth_script(_PATH_AUTHUP);
|
mbed714 |
0:d616ece2d859
|
1297
|
}
|
mbed714 |
0:d616ece2d859
|
1298
|
break;
|
mbed714 |
0:d616ece2d859
|
1299
|
}
|
mbed714 |
0:d616ece2d859
|
1300
|
}
|
mbed714 |
0:d616ece2d859
|
1301
|
|
mbed714 |
0:d616ece2d859
|
1302
|
/*
|
mbed714 |
0:d616ece2d859
|
1303
|
* auth_script - execute a script with arguments
|
mbed714 |
0:d616ece2d859
|
1304
|
* interface-name peer-name real-user tty speed
|
mbed714 |
0:d616ece2d859
|
1305
|
*/
|
mbed714 |
0:d616ece2d859
|
1306
|
static void
|
mbed714 |
0:d616ece2d859
|
1307
|
auth_script(char *script)
|
mbed714 |
0:d616ece2d859
|
1308
|
{
|
mbed714 |
0:d616ece2d859
|
1309
|
char strspeed[32];
|
mbed714 |
0:d616ece2d859
|
1310
|
struct passwd *pw;
|
mbed714 |
0:d616ece2d859
|
1311
|
char struid[32];
|
mbed714 |
0:d616ece2d859
|
1312
|
char *user_name;
|
mbed714 |
0:d616ece2d859
|
1313
|
char *argv[8];
|
mbed714 |
0:d616ece2d859
|
1314
|
|
mbed714 |
0:d616ece2d859
|
1315
|
if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL)
|
mbed714 |
0:d616ece2d859
|
1316
|
user_name = pw->pw_name;
|
mbed714 |
0:d616ece2d859
|
1317
|
else {
|
mbed714 |
0:d616ece2d859
|
1318
|
slprintf(struid, sizeof(struid), "%d", getuid());
|
mbed714 |
0:d616ece2d859
|
1319
|
user_name = struid;
|
mbed714 |
0:d616ece2d859
|
1320
|
}
|
mbed714 |
0:d616ece2d859
|
1321
|
slprintf(strspeed, sizeof(strspeed), "%d", baud_rate);
|
mbed714 |
0:d616ece2d859
|
1322
|
|
mbed714 |
0:d616ece2d859
|
1323
|
argv[0] = script;
|
mbed714 |
0:d616ece2d859
|
1324
|
argv[1] = ifname;
|
mbed714 |
0:d616ece2d859
|
1325
|
argv[2] = peer_authname;
|
mbed714 |
0:d616ece2d859
|
1326
|
argv[3] = user_name;
|
mbed714 |
0:d616ece2d859
|
1327
|
argv[4] = devnam;
|
mbed714 |
0:d616ece2d859
|
1328
|
argv[5] = strspeed;
|
mbed714 |
0:d616ece2d859
|
1329
|
argv[6] = NULL;
|
mbed714 |
0:d616ece2d859
|
1330
|
|
mbed714 |
0:d616ece2d859
|
1331
|
auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL);
|
mbed714 |
0:d616ece2d859
|
1332
|
}
|
mbed714 |
0:d616ece2d859
|
1333
|
#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
|
mbed714 |
0:d616ece2d859
|
1334
|
#endif /* PPP_SUPPORT */
|