1/*
2 * PPP Secret Key Module
3 *
4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp)
5 *
6 * Copyright (C) 1994, Internet Initiative Japan, Inc. All rights reserverd.
7 *
8 * Redistribution and use in source and binary forms are permitted
9 * provided that the above copyright notice and this paragraph are
10 * duplicated in all such forms and that any documentation,
11 * advertising materials, and other materials related to such
12 * distribution and use acknowledge that the software was developed
13 * by the Internet Initiative Japan, Inc. The name of the
14 * IIJ may not be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
19 *
| 1/*
2 * PPP Secret Key Module
3 *
4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp)
5 *
6 * Copyright (C) 1994, Internet Initiative Japan, Inc. All rights reserverd.
7 *
8 * Redistribution and use in source and binary forms are permitted
9 * provided that the above copyright notice and this paragraph are
10 * duplicated in all such forms and that any documentation,
11 * advertising materials, and other materials related to such
12 * distribution and use acknowledge that the software was developed
13 * by the Internet Initiative Japan, Inc. The name of the
14 * IIJ may not be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
19 *
|
20 * $Id: auth.c,v 1.36 1999/02/01 13:42:24 brian Exp $
| 20 * $Id: auth.c,v 1.37 1999/02/02 09:35:17 brian Exp $
|
21 *
22 * TODO:
23 * o Implement check against with registered IP addresses.
24 */
25#include <sys/param.h>
26#include <netinet/in.h>
27#include <netinet/in_systm.h>
28#include <netinet/ip.h>
29#include <sys/un.h>
30
31#include <pwd.h>
32#include <stdio.h>
33#include <string.h>
34#include <termios.h>
35#include <unistd.h>
36
37#include "mbuf.h"
38#include "defs.h"
39#include "log.h"
40#include "timer.h"
41#include "fsm.h"
42#include "iplist.h"
43#include "throughput.h"
44#include "slcompress.h"
45#include "lqr.h"
46#include "hdlc.h"
47#include "ipcp.h"
48#include "auth.h"
49#include "systems.h"
50#include "lcp.h"
51#include "ccp.h"
52#include "link.h"
53#include "descriptor.h"
54#include "chat.h"
55#include "lcpproto.h"
56#include "filter.h"
57#include "mp.h"
58#ifndef NORADIUS
59#include "radius.h"
60#endif
61#include "cbcp.h"
62#include "chap.h"
63#include "async.h"
64#include "physical.h"
65#include "datalink.h"
66#include "bundle.h"
67
68const char *
69Auth2Nam(u_short auth)
70{
71 switch (auth) {
72 case PROTO_PAP:
73 return "PAP";
74 case PROTO_CHAP:
75 return "CHAP";
76 case 0:
77 return "none";
78 }
79 return "unknown";
80}
81
82static int
83auth_CheckPasswd(const char *name, const char *data, const char *key)
84{
85 if (!strcmp(data, "*")) {
86 /* Then look up the real password database */
87 struct passwd *pw;
88 int result;
89
90 result = (pw = getpwnam(name)) &&
91 !strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd);
92 endpwent();
93 return result;
94 }
95
96 return !strcmp(data, key);
97}
98
99int
100auth_SetPhoneList(const char *name, char *phone, int phonelen)
101{
102 FILE *fp;
103 int n;
104 char *vector[6];
105 char buff[LINE_LEN];
106
107 fp = OpenSecret(SECRETFILE);
108 if (fp != NULL) {
109 while (fgets(buff, sizeof buff, fp)) {
110 if (buff[0] == '#')
111 continue;
112 buff[strlen(buff) - 1] = '\0';
113 memset(vector, '\0', sizeof vector);
114 n = MakeArgs(buff, vector, VECSIZE(vector));
115 if (n < 5)
116 continue;
117 if (strcmp(vector[0], name) == 0) {
118 CloseSecret(fp);
119 if (*vector[4] == '\0')
120 return 0;
121 strncpy(phone, vector[4], phonelen - 1);
122 phone[phonelen - 1] = '\0';
123 return 1; /* Valid */
124 }
125 }
126 CloseSecret(fp);
127 }
128 *phone = '\0';
129 return 0;
130}
131
132int
133auth_Select(struct bundle *bundle, const char *name)
134{
135 FILE *fp;
136 int n;
137 char *vector[5];
138 char buff[LINE_LEN];
139
140 if (*name == '\0') {
141 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
142 return 1;
143 }
144
145#ifndef NORADIUS
146 if (bundle->radius.valid && bundle->radius.ip.s_addr != INADDR_NONE) {
147 /* We've got a radius IP - it overrides everything */
148 if (!ipcp_UseHisIPaddr(bundle, bundle->radius.ip))
149 return 0;
150 ipcp_Setup(&bundle->ncp.ipcp, bundle->radius.mask.s_addr);
151 /* Continue with ppp.secret in case we've got a new label */
152 }
153#endif
154
155 fp = OpenSecret(SECRETFILE);
156 if (fp != NULL) {
157 while (fgets(buff, sizeof buff, fp)) {
158 if (buff[0] == '#')
159 continue;
160 buff[strlen(buff) - 1] = '\0';
161 memset(vector, '\0', sizeof vector);
162 n = MakeArgs(buff, vector, VECSIZE(vector));
163 if (n < 2)
164 continue;
165 if (strcmp(vector[0], name) == 0) {
166 CloseSecret(fp);
167#ifndef NORADIUS
168 if (!bundle->radius.valid || bundle->radius.ip.s_addr == INADDR_NONE) {
169#endif
170 if (n > 2 && *vector[2] && strcmp(vector[2], "*") &&
171 !ipcp_UseHisaddr(bundle, vector[2], 1))
172 return 0;
173 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
174#ifndef NORADIUS
175 }
176#endif
177 if (n > 3 && *vector[3] && strcmp(vector[3], "*"))
178 bundle_SetLabel(bundle, vector[3]);
179 return 1; /* Valid */
180 }
181 }
182 CloseSecret(fp);
183 }
184
185#ifndef NOPASSWDAUTH
186 /* Let 'em in anyway - they must have been in the passwd file */
187 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
188 return 1;
189#else
190#ifndef NORADIUS
191 if (bundle->radius.valid)
192 return 1;
193#endif
194
195 /* Disappeared from ppp.secret ??? */
196 return 0;
197#endif
198}
199
200int
201auth_Validate(struct bundle *bundle, const char *name,
202 const char *key, struct physical *physical)
203{
204 /* Used by PAP routines */
205
206 FILE *fp;
207 int n;
208 char *vector[5];
209 char buff[LINE_LEN];
210
| 21 *
22 * TODO:
23 * o Implement check against with registered IP addresses.
24 */
25#include <sys/param.h>
26#include <netinet/in.h>
27#include <netinet/in_systm.h>
28#include <netinet/ip.h>
29#include <sys/un.h>
30
31#include <pwd.h>
32#include <stdio.h>
33#include <string.h>
34#include <termios.h>
35#include <unistd.h>
36
37#include "mbuf.h"
38#include "defs.h"
39#include "log.h"
40#include "timer.h"
41#include "fsm.h"
42#include "iplist.h"
43#include "throughput.h"
44#include "slcompress.h"
45#include "lqr.h"
46#include "hdlc.h"
47#include "ipcp.h"
48#include "auth.h"
49#include "systems.h"
50#include "lcp.h"
51#include "ccp.h"
52#include "link.h"
53#include "descriptor.h"
54#include "chat.h"
55#include "lcpproto.h"
56#include "filter.h"
57#include "mp.h"
58#ifndef NORADIUS
59#include "radius.h"
60#endif
61#include "cbcp.h"
62#include "chap.h"
63#include "async.h"
64#include "physical.h"
65#include "datalink.h"
66#include "bundle.h"
67
68const char *
69Auth2Nam(u_short auth)
70{
71 switch (auth) {
72 case PROTO_PAP:
73 return "PAP";
74 case PROTO_CHAP:
75 return "CHAP";
76 case 0:
77 return "none";
78 }
79 return "unknown";
80}
81
82static int
83auth_CheckPasswd(const char *name, const char *data, const char *key)
84{
85 if (!strcmp(data, "*")) {
86 /* Then look up the real password database */
87 struct passwd *pw;
88 int result;
89
90 result = (pw = getpwnam(name)) &&
91 !strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd);
92 endpwent();
93 return result;
94 }
95
96 return !strcmp(data, key);
97}
98
99int
100auth_SetPhoneList(const char *name, char *phone, int phonelen)
101{
102 FILE *fp;
103 int n;
104 char *vector[6];
105 char buff[LINE_LEN];
106
107 fp = OpenSecret(SECRETFILE);
108 if (fp != NULL) {
109 while (fgets(buff, sizeof buff, fp)) {
110 if (buff[0] == '#')
111 continue;
112 buff[strlen(buff) - 1] = '\0';
113 memset(vector, '\0', sizeof vector);
114 n = MakeArgs(buff, vector, VECSIZE(vector));
115 if (n < 5)
116 continue;
117 if (strcmp(vector[0], name) == 0) {
118 CloseSecret(fp);
119 if (*vector[4] == '\0')
120 return 0;
121 strncpy(phone, vector[4], phonelen - 1);
122 phone[phonelen - 1] = '\0';
123 return 1; /* Valid */
124 }
125 }
126 CloseSecret(fp);
127 }
128 *phone = '\0';
129 return 0;
130}
131
132int
133auth_Select(struct bundle *bundle, const char *name)
134{
135 FILE *fp;
136 int n;
137 char *vector[5];
138 char buff[LINE_LEN];
139
140 if (*name == '\0') {
141 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
142 return 1;
143 }
144
145#ifndef NORADIUS
146 if (bundle->radius.valid && bundle->radius.ip.s_addr != INADDR_NONE) {
147 /* We've got a radius IP - it overrides everything */
148 if (!ipcp_UseHisIPaddr(bundle, bundle->radius.ip))
149 return 0;
150 ipcp_Setup(&bundle->ncp.ipcp, bundle->radius.mask.s_addr);
151 /* Continue with ppp.secret in case we've got a new label */
152 }
153#endif
154
155 fp = OpenSecret(SECRETFILE);
156 if (fp != NULL) {
157 while (fgets(buff, sizeof buff, fp)) {
158 if (buff[0] == '#')
159 continue;
160 buff[strlen(buff) - 1] = '\0';
161 memset(vector, '\0', sizeof vector);
162 n = MakeArgs(buff, vector, VECSIZE(vector));
163 if (n < 2)
164 continue;
165 if (strcmp(vector[0], name) == 0) {
166 CloseSecret(fp);
167#ifndef NORADIUS
168 if (!bundle->radius.valid || bundle->radius.ip.s_addr == INADDR_NONE) {
169#endif
170 if (n > 2 && *vector[2] && strcmp(vector[2], "*") &&
171 !ipcp_UseHisaddr(bundle, vector[2], 1))
172 return 0;
173 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
174#ifndef NORADIUS
175 }
176#endif
177 if (n > 3 && *vector[3] && strcmp(vector[3], "*"))
178 bundle_SetLabel(bundle, vector[3]);
179 return 1; /* Valid */
180 }
181 }
182 CloseSecret(fp);
183 }
184
185#ifndef NOPASSWDAUTH
186 /* Let 'em in anyway - they must have been in the passwd file */
187 ipcp_Setup(&bundle->ncp.ipcp, INADDR_NONE);
188 return 1;
189#else
190#ifndef NORADIUS
191 if (bundle->radius.valid)
192 return 1;
193#endif
194
195 /* Disappeared from ppp.secret ??? */
196 return 0;
197#endif
198}
199
200int
201auth_Validate(struct bundle *bundle, const char *name,
202 const char *key, struct physical *physical)
203{
204 /* Used by PAP routines */
205
206 FILE *fp;
207 int n;
208 char *vector[5];
209 char buff[LINE_LEN];
210
|
211#ifndef NORADIUS
212 if (*bundle->radius.cfg.file)
213 return radius_Authenticate(&bundle->radius, bundle, name, key, NULL);
214#endif
215
| |
216 fp = OpenSecret(SECRETFILE);
217 if (fp != NULL) {
218 while (fgets(buff, sizeof buff, fp)) {
219 if (buff[0] == '#')
220 continue;
221 buff[strlen(buff) - 1] = 0;
222 memset(vector, '\0', sizeof vector);
223 n = MakeArgs(buff, vector, VECSIZE(vector));
224 if (n < 2)
225 continue;
226 if (strcmp(vector[0], name) == 0) {
227 CloseSecret(fp);
228 return auth_CheckPasswd(name, vector[1], key);
229 }
230 }
231 CloseSecret(fp);
232 }
233
234#ifndef NOPASSWDAUTH
235 if (Enabled(bundle, OPT_PASSWDAUTH))
236 return auth_CheckPasswd(name, "*", key);
237#endif
238
239 return 0; /* Invalid */
240}
241
242char *
243auth_GetSecret(struct bundle *bundle, const char *name, int len,
244 struct physical *physical)
245{
246 /* Used by CHAP routines */
247
248 FILE *fp;
249 int n;
250 char *vector[5];
251 static char buff[LINE_LEN];
252
253 fp = OpenSecret(SECRETFILE);
254 if (fp == NULL)
255 return (NULL);
256
257 while (fgets(buff, sizeof buff, fp)) {
258 if (buff[0] == '#')
259 continue;
260 buff[strlen(buff) - 1] = 0;
261 memset(vector, '\0', sizeof vector);
262 n = MakeArgs(buff, vector, VECSIZE(vector));
263 if (n < 2)
264 continue;
265 if (strlen(vector[0]) == len && strncmp(vector[0], name, len) == 0) {
266 CloseSecret(fp);
267 return vector[1];
268 }
269 }
270 CloseSecret(fp);
271 return (NULL); /* Invalid */
272}
273
274static void
275AuthTimeout(void *vauthp)
276{
277 struct authinfo *authp = (struct authinfo *)vauthp;
278
279 timer_Stop(&authp->authtimer);
280 if (--authp->retry > 0) {
| 211 fp = OpenSecret(SECRETFILE);
212 if (fp != NULL) {
213 while (fgets(buff, sizeof buff, fp)) {
214 if (buff[0] == '#')
215 continue;
216 buff[strlen(buff) - 1] = 0;
217 memset(vector, '\0', sizeof vector);
218 n = MakeArgs(buff, vector, VECSIZE(vector));
219 if (n < 2)
220 continue;
221 if (strcmp(vector[0], name) == 0) {
222 CloseSecret(fp);
223 return auth_CheckPasswd(name, vector[1], key);
224 }
225 }
226 CloseSecret(fp);
227 }
228
229#ifndef NOPASSWDAUTH
230 if (Enabled(bundle, OPT_PASSWDAUTH))
231 return auth_CheckPasswd(name, "*", key);
232#endif
233
234 return 0; /* Invalid */
235}
236
237char *
238auth_GetSecret(struct bundle *bundle, const char *name, int len,
239 struct physical *physical)
240{
241 /* Used by CHAP routines */
242
243 FILE *fp;
244 int n;
245 char *vector[5];
246 static char buff[LINE_LEN];
247
248 fp = OpenSecret(SECRETFILE);
249 if (fp == NULL)
250 return (NULL);
251
252 while (fgets(buff, sizeof buff, fp)) {
253 if (buff[0] == '#')
254 continue;
255 buff[strlen(buff) - 1] = 0;
256 memset(vector, '\0', sizeof vector);
257 n = MakeArgs(buff, vector, VECSIZE(vector));
258 if (n < 2)
259 continue;
260 if (strlen(vector[0]) == len && strncmp(vector[0], name, len) == 0) {
261 CloseSecret(fp);
262 return vector[1];
263 }
264 }
265 CloseSecret(fp);
266 return (NULL); /* Invalid */
267}
268
269static void
270AuthTimeout(void *vauthp)
271{
272 struct authinfo *authp = (struct authinfo *)vauthp;
273
274 timer_Stop(&authp->authtimer);
275 if (--authp->retry > 0) {
|
| 276 authp->id++;
277 (*authp->fn.req)(authp);
|
281 timer_Start(&authp->authtimer);
| 278 timer_Start(&authp->authtimer);
|
282 (*authp->ChallengeFunc)(authp, ++authp->id, authp->physical);
| |
283 } else {
284 log_Printf(LogPHASE, "Auth: No response from server\n");
285 datalink_AuthNotOk(authp->physical->dl);
286 }
287}
288
289void
| 279 } else {
280 log_Printf(LogPHASE, "Auth: No response from server\n");
281 datalink_AuthNotOk(authp->physical->dl);
282 }
283}
284
285void
|
290auth_Init(struct authinfo *authinfo)
| 286auth_Init(struct authinfo *authp, struct physical *p, auth_func req,
287 auth_func success, auth_func failure)
|
291{
| 288{
|
292 memset(authinfo, '\0', sizeof(struct authinfo));
293 authinfo->cfg.fsmretry = DEF_FSMRETRY;
| 289 memset(authp, '\0', sizeof(struct authinfo));
290 authp->cfg.fsmretry = DEF_FSMRETRY;
291 authp->fn.req = req;
292 authp->fn.success = success;
293 authp->fn.failure = failure;
294 authp->physical = p;
|
294}
295
296void
| 295}
296
297void
|
297auth_StartChallenge(struct authinfo *authp, struct physical *physical,
298 void (*chal)(struct authinfo *, int, struct physical *))
| 298auth_StartReq(struct authinfo *authp)
|
299{
| 299{
|
300 authp->ChallengeFunc = chal;
301 authp->physical = physical;
| |
302 timer_Stop(&authp->authtimer);
303 authp->authtimer.func = AuthTimeout;
304 authp->authtimer.name = "auth";
305 authp->authtimer.load = authp->cfg.fsmretry * SECTICKS;
| 300 timer_Stop(&authp->authtimer);
301 authp->authtimer.func = AuthTimeout;
302 authp->authtimer.name = "auth";
303 authp->authtimer.load = authp->cfg.fsmretry * SECTICKS;
|
306 authp->authtimer.arg = (void *) authp;
| 304 authp->authtimer.arg = (void *)authp;
|
307 authp->retry = 3;
308 authp->id = 1;
| 305 authp->retry = 3;
306 authp->id = 1;
|
309 (*authp->ChallengeFunc)(authp, authp->id, physical);
| 307 (*authp->fn.req)(authp);
|
310 timer_Start(&authp->authtimer);
311}
312
313void
314auth_StopTimer(struct authinfo *authp)
315{
316 timer_Stop(&authp->authtimer);
| 308 timer_Start(&authp->authtimer);
309}
310
311void
312auth_StopTimer(struct authinfo *authp)
313{
314 timer_Stop(&authp->authtimer);
|
317 authp->physical = NULL;
| |
318}
| 315}
|
| 316
317struct mbuf *
318auth_ReadHeader(struct authinfo *authp, struct mbuf *bp)
319{
320 int len;
321
322 len = mbuf_Length(bp);
323 if (len >= sizeof authp->in.hdr) {
324 bp = mbuf_Read(bp, (u_char *)&authp->in.hdr, sizeof authp->in.hdr);
325 if (len >= ntohs(authp->in.hdr.length))
326 return bp;
327 }
328
329 mbuf_Free(bp);
330 return NULL;
331}
332
333struct mbuf *
334auth_ReadName(struct authinfo *authp, struct mbuf *bp, int len)
335{
336 if (len > sizeof authp->in.name - 1)
337 log_Printf(LogERROR, "auth_ReadName: Name too long (%d) !\n", len);
338 else {
339 int mlen = mbuf_Length(bp);
340
341 if (len > mlen)
342 log_Printf(LogERROR, "auth_ReadName: Short packet !\n");
343 else {
344 bp = mbuf_Read(bp, (u_char *)authp->in.name, len);
345 authp->in.name[len] = '\0';
346 return bp;
347 }
348 }
349
350 *authp->in.name = '\0';
351 mbuf_Free(bp);
352 return NULL;
353}
|
| |