1/* 2 * PPP Secret Key Module 3 * 4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp) 5 * 6 * Copyright (C) 1994, Internet Initiative Japan, Inc. All rights reserverd. 7 * 8 * Redistribution and use in source and binary forms are permitted 9 * provided that the above copyright notice and this paragraph are 10 * duplicated in all such forms and that any documentation, 11 * advertising materials, and other materials related to such 12 * distribution and use acknowledge that the software was developed 13 * by the Internet Initiative Japan, Inc. The name of the 14 * IIJ may not be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 19 *
| 1/* 2 * PPP Secret Key Module 3 * 4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp) 5 * 6 * Copyright (C) 1994, Internet Initiative Japan, Inc. All rights reserverd. 7 * 8 * Redistribution and use in source and binary forms are permitted 9 * provided that the above copyright notice and this paragraph are 10 * duplicated in all such forms and that any documentation, 11 * advertising materials, and other materials related to such 12 * distribution and use acknowledge that the software was developed 13 * by the Internet Initiative Japan, Inc. The name of the 14 * IIJ may not be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 19 *
|
20 * $Id: auth.c,v 1.36 1999/02/01 13:42:24 brian Exp $
| 20 * $Id: auth.c,v 1.37 1999/02/02 09:35:17 brian Exp $
|
21 * 22 * TODO: 23 * o Implement check against with registered IP addresses. 24 */ 25#include <sys/param.h> 26#include <netinet/in.h> 27#include <netinet/in_systm.h> 28#include <netinet/ip.h> 29#include <sys/un.h> 30 31#include <pwd.h> 32#include <stdio.h> 33#include <string.h> 34#include <termios.h> 35#include <unistd.h> 36 37#include "mbuf.h" 38#include "defs.h" 39#include "log.h" 40#include "timer.h" 41#include "fsm.h" 42#include "iplist.h" 43#include "throughput.h" 44#include "slcompress.h" 45#include "lqr.h" 46#include "hdlc.h" 47#include "ipcp.h" 48#include "auth.h" 49#include "systems.h" 50#include "lcp.h" 51#include "ccp.h" 52#include "link.h" 53#include "descriptor.h" 54#include "chat.h" 55#include "lcpproto.h" 56#include "filter.h" 57#include "mp.h" 58#ifndef NORADIUS 59#include "radius.h" 60#endif 61#include "cbcp.h" 62#include "chap.h" 63#include "async.h" 64#include "physical.h" 65#include "datalink.h" 66#include "bundle.h" 67 68const char * 69Auth2Nam(u_short auth) 70{ 71 switch (auth) { 72 case PROTO_PAP: 73 return "PAP"; 74 case PROTO_CHAP: 75 return "CHAP"; 76 case 0: 77 return "none"; 78 } 79 return "unknown"; 80} 81 82static int 83auth_CheckPasswd(const char *name, const char *data, const char *key) 84{ 85 if (!strcmp(data, "*")) { 86 /* Then look up the real password database */ 87 struct passwd *pw; 88 int result; 89 90 result = (pw = getpwnam(name)) && 91 !strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd); 92 endpwent(); 93 return result; 94 } 95 96 return !strcmp(data, key); 97} 98 99int 100auth_SetPhoneList(const char *name, char *phone, int phonelen) 101{ 102 FILE *fp; 103 int n; 104 char *vector[6]; 105 char buff[LINE_LEN]; 106 107 fp = OpenSecret(SECRETFILE); 108 if (fp != NULL) { 109 while (fgets(buff, sizeof buff, fp)) { 110 if (buff[0] == '#') 111 continue; 112 buff[strlen(buff) - 1] = '\0'; 113 memset(vector, '\0', sizeof vector); 114 n = MakeArgs(buff, vector, VECSIZE(vector)); 115 if (n < 5) 116 continue; 117 if (strcmp(vector[0], name) == 0) { 118 CloseSecret(fp); 119 if (*vector[4] == '\0') 120 return 0; 121 strncpy(phone, vector[4], phonelen - 1); 122 phone[phonelen - 1] = '\0'; 123 return 1; /* Valid */ 124 } 125 } 126 CloseSecret(fp); 127 } 128 *phone = '\0'; 129 return 0; 130} 131 132int 133auth_Select(struct bundle *bundle, const char *name) 134{ 135 FILE *fp; 136 int n; 137 char *vector[5]; 138 char buff[LINE_LEN]; 139 140 if (*name == '\0') { 141 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); 142 return 1; 143 } 144 145#ifndef NORADIUS 146 if (bundle->radius.valid && bundle->radius.ip.s_addr != INADDR_NONE) { 147 /* We've got a radius IP - it overrides everything */ 148 if (!ipcp_UseHisIPaddr(bundle, bundle->radius.ip)) 149 return 0; 150 ipcp_Setup(&bundle->ncp.ipcp, bundle->radius.mask.s_addr); 151 /* Continue with ppp.secret in case we've got a new label */ 152 } 153#endif 154 155 fp = OpenSecret(SECRETFILE); 156 if (fp != NULL) { 157 while (fgets(buff, sizeof buff, fp)) { 158 if (buff[0] == '#') 159 continue; 160 buff[strlen(buff) - 1] = '\0'; 161 memset(vector, '\0', sizeof vector); 162 n = MakeArgs(buff, vector, VECSIZE(vector)); 163 if (n < 2) 164 continue; 165 if (strcmp(vector[0], name) == 0) { 166 CloseSecret(fp); 167#ifndef NORADIUS 168 if (!bundle->radius.valid || bundle->radius.ip.s_addr == INADDR_NONE) { 169#endif 170 if (n > 2 && *vector[2] && strcmp(vector[2], "*") && 171 !ipcp_UseHisaddr(bundle, vector[2], 1)) 172 return 0; 173 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); 174#ifndef NORADIUS 175 } 176#endif 177 if (n > 3 && *vector[3] && strcmp(vector[3], "*")) 178 bundle_SetLabel(bundle, vector[3]); 179 return 1; /* Valid */ 180 } 181 } 182 CloseSecret(fp); 183 } 184 185#ifndef NOPASSWDAUTH 186 /* Let 'em in anyway - they must have been in the passwd file */ 187 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); 188 return 1; 189#else 190#ifndef NORADIUS 191 if (bundle->radius.valid) 192 return 1; 193#endif 194 195 /* Disappeared from ppp.secret ??? */ 196 return 0; 197#endif 198} 199 200int 201auth_Validate(struct bundle *bundle, const char *name, 202 const char *key, struct physical *physical) 203{ 204 /* Used by PAP routines */ 205 206 FILE *fp; 207 int n; 208 char *vector[5]; 209 char buff[LINE_LEN]; 210
| 21 * 22 * TODO: 23 * o Implement check against with registered IP addresses. 24 */ 25#include <sys/param.h> 26#include <netinet/in.h> 27#include <netinet/in_systm.h> 28#include <netinet/ip.h> 29#include <sys/un.h> 30 31#include <pwd.h> 32#include <stdio.h> 33#include <string.h> 34#include <termios.h> 35#include <unistd.h> 36 37#include "mbuf.h" 38#include "defs.h" 39#include "log.h" 40#include "timer.h" 41#include "fsm.h" 42#include "iplist.h" 43#include "throughput.h" 44#include "slcompress.h" 45#include "lqr.h" 46#include "hdlc.h" 47#include "ipcp.h" 48#include "auth.h" 49#include "systems.h" 50#include "lcp.h" 51#include "ccp.h" 52#include "link.h" 53#include "descriptor.h" 54#include "chat.h" 55#include "lcpproto.h" 56#include "filter.h" 57#include "mp.h" 58#ifndef NORADIUS 59#include "radius.h" 60#endif 61#include "cbcp.h" 62#include "chap.h" 63#include "async.h" 64#include "physical.h" 65#include "datalink.h" 66#include "bundle.h" 67 68const char * 69Auth2Nam(u_short auth) 70{ 71 switch (auth) { 72 case PROTO_PAP: 73 return "PAP"; 74 case PROTO_CHAP: 75 return "CHAP"; 76 case 0: 77 return "none"; 78 } 79 return "unknown"; 80} 81 82static int 83auth_CheckPasswd(const char *name, const char *data, const char *key) 84{ 85 if (!strcmp(data, "*")) { 86 /* Then look up the real password database */ 87 struct passwd *pw; 88 int result; 89 90 result = (pw = getpwnam(name)) && 91 !strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd); 92 endpwent(); 93 return result; 94 } 95 96 return !strcmp(data, key); 97} 98 99int 100auth_SetPhoneList(const char *name, char *phone, int phonelen) 101{ 102 FILE *fp; 103 int n; 104 char *vector[6]; 105 char buff[LINE_LEN]; 106 107 fp = OpenSecret(SECRETFILE); 108 if (fp != NULL) { 109 while (fgets(buff, sizeof buff, fp)) { 110 if (buff[0] == '#') 111 continue; 112 buff[strlen(buff) - 1] = '\0'; 113 memset(vector, '\0', sizeof vector); 114 n = MakeArgs(buff, vector, VECSIZE(vector)); 115 if (n < 5) 116 continue; 117 if (strcmp(vector[0], name) == 0) { 118 CloseSecret(fp); 119 if (*vector[4] == '\0') 120 return 0; 121 strncpy(phone, vector[4], phonelen - 1); 122 phone[phonelen - 1] = '\0'; 123 return 1; /* Valid */ 124 } 125 } 126 CloseSecret(fp); 127 } 128 *phone = '\0'; 129 return 0; 130} 131 132int 133auth_Select(struct bundle *bundle, const char *name) 134{ 135 FILE *fp; 136 int n; 137 char *vector[5]; 138 char buff[LINE_LEN]; 139 140 if (*name == '\0') { 141 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); 142 return 1; 143 } 144 145#ifndef NORADIUS 146 if (bundle->radius.valid && bundle->radius.ip.s_addr != INADDR_NONE) { 147 /* We've got a radius IP - it overrides everything */ 148 if (!ipcp_UseHisIPaddr(bundle, bundle->radius.ip)) 149 return 0; 150 ipcp_Setup(&bundle->ncp.ipcp, bundle->radius.mask.s_addr); 151 /* Continue with ppp.secret in case we've got a new label */ 152 } 153#endif 154 155 fp = OpenSecret(SECRETFILE); 156 if (fp != NULL) { 157 while (fgets(buff, sizeof buff, fp)) { 158 if (buff[0] == '#') 159 continue; 160 buff[strlen(buff) - 1] = '\0'; 161 memset(vector, '\0', sizeof vector); 162 n = MakeArgs(buff, vector, VECSIZE(vector)); 163 if (n < 2) 164 continue; 165 if (strcmp(vector[0], name) == 0) { 166 CloseSecret(fp); 167#ifndef NORADIUS 168 if (!bundle->radius.valid || bundle->radius.ip.s_addr == INADDR_NONE) { 169#endif 170 if (n > 2 && *vector[2] && strcmp(vector[2], "*") && 171 !ipcp_UseHisaddr(bundle, vector[2], 1)) 172 return 0; 173 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); 174#ifndef NORADIUS 175 } 176#endif 177 if (n > 3 && *vector[3] && strcmp(vector[3], "*")) 178 bundle_SetLabel(bundle, vector[3]); 179 return 1; /* Valid */ 180 } 181 } 182 CloseSecret(fp); 183 } 184 185#ifndef NOPASSWDAUTH 186 /* Let 'em in anyway - they must have been in the passwd file */ 187 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE); 188 return 1; 189#else 190#ifndef NORADIUS 191 if (bundle->radius.valid) 192 return 1; 193#endif 194 195 /* Disappeared from ppp.secret ??? */ 196 return 0; 197#endif 198} 199 200int 201auth_Validate(struct bundle *bundle, const char *name, 202 const char *key, struct physical *physical) 203{ 204 /* Used by PAP routines */ 205 206 FILE *fp; 207 int n; 208 char *vector[5]; 209 char buff[LINE_LEN]; 210
|
211#ifndef NORADIUS 212 if (*bundle->radius.cfg.file) 213 return radius_Authenticate(&bundle->radius, bundle, name, key, NULL); 214#endif 215
| |
216 fp = OpenSecret(SECRETFILE); 217 if (fp != NULL) { 218 while (fgets(buff, sizeof buff, fp)) { 219 if (buff[0] == '#') 220 continue; 221 buff[strlen(buff) - 1] = 0; 222 memset(vector, '\0', sizeof vector); 223 n = MakeArgs(buff, vector, VECSIZE(vector)); 224 if (n < 2) 225 continue; 226 if (strcmp(vector[0], name) == 0) { 227 CloseSecret(fp); 228 return auth_CheckPasswd(name, vector[1], key); 229 } 230 } 231 CloseSecret(fp); 232 } 233 234#ifndef NOPASSWDAUTH 235 if (Enabled(bundle, OPT_PASSWDAUTH)) 236 return auth_CheckPasswd(name, "*", key); 237#endif 238 239 return 0; /* Invalid */ 240} 241 242char * 243auth_GetSecret(struct bundle *bundle, const char *name, int len, 244 struct physical *physical) 245{ 246 /* Used by CHAP routines */ 247 248 FILE *fp; 249 int n; 250 char *vector[5]; 251 static char buff[LINE_LEN]; 252 253 fp = OpenSecret(SECRETFILE); 254 if (fp == NULL) 255 return (NULL); 256 257 while (fgets(buff, sizeof buff, fp)) { 258 if (buff[0] == '#') 259 continue; 260 buff[strlen(buff) - 1] = 0; 261 memset(vector, '\0', sizeof vector); 262 n = MakeArgs(buff, vector, VECSIZE(vector)); 263 if (n < 2) 264 continue; 265 if (strlen(vector[0]) == len && strncmp(vector[0], name, len) == 0) { 266 CloseSecret(fp); 267 return vector[1]; 268 } 269 } 270 CloseSecret(fp); 271 return (NULL); /* Invalid */ 272} 273 274static void 275AuthTimeout(void *vauthp) 276{ 277 struct authinfo *authp = (struct authinfo *)vauthp; 278 279 timer_Stop(&authp->authtimer); 280 if (--authp->retry > 0) {
| 211 fp = OpenSecret(SECRETFILE); 212 if (fp != NULL) { 213 while (fgets(buff, sizeof buff, fp)) { 214 if (buff[0] == '#') 215 continue; 216 buff[strlen(buff) - 1] = 0; 217 memset(vector, '\0', sizeof vector); 218 n = MakeArgs(buff, vector, VECSIZE(vector)); 219 if (n < 2) 220 continue; 221 if (strcmp(vector[0], name) == 0) { 222 CloseSecret(fp); 223 return auth_CheckPasswd(name, vector[1], key); 224 } 225 } 226 CloseSecret(fp); 227 } 228 229#ifndef NOPASSWDAUTH 230 if (Enabled(bundle, OPT_PASSWDAUTH)) 231 return auth_CheckPasswd(name, "*", key); 232#endif 233 234 return 0; /* Invalid */ 235} 236 237char * 238auth_GetSecret(struct bundle *bundle, const char *name, int len, 239 struct physical *physical) 240{ 241 /* Used by CHAP routines */ 242 243 FILE *fp; 244 int n; 245 char *vector[5]; 246 static char buff[LINE_LEN]; 247 248 fp = OpenSecret(SECRETFILE); 249 if (fp == NULL) 250 return (NULL); 251 252 while (fgets(buff, sizeof buff, fp)) { 253 if (buff[0] == '#') 254 continue; 255 buff[strlen(buff) - 1] = 0; 256 memset(vector, '\0', sizeof vector); 257 n = MakeArgs(buff, vector, VECSIZE(vector)); 258 if (n < 2) 259 continue; 260 if (strlen(vector[0]) == len && strncmp(vector[0], name, len) == 0) { 261 CloseSecret(fp); 262 return vector[1]; 263 } 264 } 265 CloseSecret(fp); 266 return (NULL); /* Invalid */ 267} 268 269static void 270AuthTimeout(void *vauthp) 271{ 272 struct authinfo *authp = (struct authinfo *)vauthp; 273 274 timer_Stop(&authp->authtimer); 275 if (--authp->retry > 0) {
|
| 276 authp->id++; 277 (*authp->fn.req)(authp);
|
281 timer_Start(&authp->authtimer);
| 278 timer_Start(&authp->authtimer);
|
282 (*authp->ChallengeFunc)(authp, ++authp->id, authp->physical);
| |
283 } else { 284 log_Printf(LogPHASE, "Auth: No response from server\n"); 285 datalink_AuthNotOk(authp->physical->dl); 286 } 287} 288 289void
| 279 } else { 280 log_Printf(LogPHASE, "Auth: No response from server\n"); 281 datalink_AuthNotOk(authp->physical->dl); 282 } 283} 284 285void
|
290auth_Init(struct authinfo *authinfo)
| 286auth_Init(struct authinfo *authp, struct physical *p, auth_func req, 287 auth_func success, auth_func failure)
|
291{
| 288{
|
292 memset(authinfo, '\0', sizeof(struct authinfo)); 293 authinfo->cfg.fsmretry = DEF_FSMRETRY;
| 289 memset(authp, '\0', sizeof(struct authinfo)); 290 authp->cfg.fsmretry = DEF_FSMRETRY; 291 authp->fn.req = req; 292 authp->fn.success = success; 293 authp->fn.failure = failure; 294 authp->physical = p;
|
294} 295 296void
| 295} 296 297void
|
297auth_StartChallenge(struct authinfo *authp, struct physical *physical, 298 void (*chal)(struct authinfo *, int, struct physical *))
| 298auth_StartReq(struct authinfo *authp)
|
299{
| 299{
|
300 authp->ChallengeFunc = chal; 301 authp->physical = physical;
| |
302 timer_Stop(&authp->authtimer); 303 authp->authtimer.func = AuthTimeout; 304 authp->authtimer.name = "auth"; 305 authp->authtimer.load = authp->cfg.fsmretry * SECTICKS;
| 300 timer_Stop(&authp->authtimer); 301 authp->authtimer.func = AuthTimeout; 302 authp->authtimer.name = "auth"; 303 authp->authtimer.load = authp->cfg.fsmretry * SECTICKS;
|
306 authp->authtimer.arg = (void *) authp;
| 304 authp->authtimer.arg = (void *)authp;
|
307 authp->retry = 3; 308 authp->id = 1;
| 305 authp->retry = 3; 306 authp->id = 1;
|
309 (*authp->ChallengeFunc)(authp, authp->id, physical);
| 307 (*authp->fn.req)(authp);
|
310 timer_Start(&authp->authtimer); 311} 312 313void 314auth_StopTimer(struct authinfo *authp) 315{ 316 timer_Stop(&authp->authtimer);
| 308 timer_Start(&authp->authtimer); 309} 310 311void 312auth_StopTimer(struct authinfo *authp) 313{ 314 timer_Stop(&authp->authtimer);
|
317 authp->physical = NULL;
| |
318}
| 315}
|
| 316 317struct mbuf * 318auth_ReadHeader(struct authinfo *authp, struct mbuf *bp) 319{ 320 int len; 321 322 len = mbuf_Length(bp); 323 if (len >= sizeof authp->in.hdr) { 324 bp = mbuf_Read(bp, (u_char *)&authp->in.hdr, sizeof authp->in.hdr); 325 if (len >= ntohs(authp->in.hdr.length)) 326 return bp; 327 } 328 329 mbuf_Free(bp); 330 return NULL; 331} 332 333struct mbuf * 334auth_ReadName(struct authinfo *authp, struct mbuf *bp, int len) 335{ 336 if (len > sizeof authp->in.name - 1) 337 log_Printf(LogERROR, "auth_ReadName: Name too long (%d) !\n", len); 338 else { 339 int mlen = mbuf_Length(bp); 340 341 if (len > mlen) 342 log_Printf(LogERROR, "auth_ReadName: Short packet !\n"); 343 else { 344 bp = mbuf_Read(bp, (u_char *)authp->in.name, len); 345 authp->in.name[len] = '\0'; 346 return bp; 347 } 348 } 349 350 *authp->in.name = '\0'; 351 mbuf_Free(bp); 352 return NULL; 353}
|
| |