auth.c revision 31070 
1/*
2 *			PPP Secret Key Module
3 *
4 *	    Written by Toshiharu OHNO (tony-o@iij.ad.jp)
5 *
6 *   Copyright (C) 1994, Internet Initiative Japan, Inc. All rights reserverd.
7 *
8 * Redistribution and use in source and binary forms are permitted
9 * provided that the above copyright notice and this paragraph are
10 * duplicated in all such forms and that any documentation,
11 * advertising materials, and other materials related to such
12 * distribution and use acknowledge that the software was developed
13 * by the Internet Initiative Japan, Inc.  The name of the
14 * IIJ may not be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
19 *
20 * $Id: auth.c,v 1.18 1997/10/26 01:02:07 brian Exp $
21 *
22 *	TODO:
23 *		o Implement check against with registered IP addresses.
24 */
25#include <sys/param.h>
26#include <netinet/in.h>
27
28#include <stdio.h>
29#include <string.h>
30#include <unistd.h>
31
32#include "mbuf.h"
33#include "log.h"
34#include "defs.h"
35#include "timer.h"
36#include "fsm.h"
37#include "lcpproto.h"
38#include "ipcp.h"
39#include "loadalias.h"
40#include "command.h"
41#include "vars.h"
42#include "filter.h"
43#include "auth.h"
44#include "chat.h"
45#include "systems.h"
46
47void
48LocalAuthInit()
49{
50  char *p;
51
52  if (gethostname(VarShortHost, sizeof(VarShortHost))) {
53    VarLocalAuth = LOCAL_DENY;
54    return;
55  }
56
57  p = strchr(VarShortHost, '.');
58  if (p)
59    *p = '\0';
60
61  if (!(mode&(MODE_AUTO|MODE_DEDICATED|MODE_DIRECT)))
62    /* We're allowed in interactive and direct */
63    VarLocalAuth = LOCAL_AUTH;
64  else
65    VarLocalAuth = LocalAuthValidate(SECRETFILE, VarShortHost, "")
66      == NOT_FOUND ?  LOCAL_DENY : LOCAL_NO_AUTH;
67}
68
69LOCAL_AUTH_VALID
70LocalAuthValidate(char *fname, char *system, char *key)
71{
72  FILE *fp;
73  int n;
74  char *vector[3];
75  char buff[LINE_LEN];
76  LOCAL_AUTH_VALID rc;
77
78  rc = NOT_FOUND;		/* No system entry */
79  fp = OpenSecret(fname);
80  if (fp == NULL)
81    return (rc);
82  while (fgets(buff, sizeof(buff), fp)) {
83    if (buff[0] == '#')
84      continue;
85    buff[strlen(buff) - 1] = 0;
86    memset(vector, '\0', sizeof(vector));
87    n = MakeArgs(buff, vector, VECSIZE(vector));
88    if (n < 1)
89      continue;
90    if (strcmp(vector[0], system) == 0) {
91      if ((vector[1] == (char *) NULL && (key == NULL || *key == '\0')) ||
92          (vector[1] != (char *) NULL && strcmp(vector[1], key) == 0)) {
93	rc = VALID;		/* Valid   */
94      } else {
95	rc = INVALID;		/* Invalid */
96      }
97      break;
98    }
99  }
100  CloseSecret(fp);
101  return (rc);
102}
103
104int
105AuthValidate(char *fname, char *system, char *key)
106{
107  FILE *fp;
108  int n;
109  char *vector[4];
110  char buff[LINE_LEN];
111  char passwd[100];
112
113  fp = OpenSecret(fname);
114  if (fp == NULL)
115    return (0);
116  while (fgets(buff, sizeof(buff), fp)) {
117    if (buff[0] == '#')
118      continue;
119    buff[strlen(buff) - 1] = 0;
120    memset(vector, '\0', sizeof(vector));
121    n = MakeArgs(buff, vector, VECSIZE(vector));
122    if (n < 2)
123      continue;
124    if (strcmp(vector[0], system) == 0) {
125      ExpandString(vector[1], passwd, sizeof(passwd), 0);
126      if (strcmp(passwd, key) == 0) {
127	CloseSecret(fp);
128	memset(&DefHisAddress, '\0', sizeof(DefHisAddress));
129	n -= 2;
130	if (n > 0) {
131	  if (ParseAddr(n--, &vector[2],
132			&DefHisAddress.ipaddr,
133			&DefHisAddress.mask,
134			&DefHisAddress.width) == 0) {
135	    return (0);		/* Invalid */
136	  }
137	}
138	IpcpInit();
139	return (1);		/* Valid */
140      }
141    }
142  }
143  CloseSecret(fp);
144  return (0);			/* Invalid */
145}
146
147char *
148AuthGetSecret(char *fname, char *system, int len, int setaddr)
149{
150  FILE *fp;
151  int n;
152  char *vector[4];
153  char buff[LINE_LEN];
154  static char passwd[100];
155
156  fp = OpenSecret(fname);
157  if (fp == NULL)
158    return (NULL);
159  while (fgets(buff, sizeof(buff), fp)) {
160    if (buff[0] == '#')
161      continue;
162    buff[strlen(buff) - 1] = 0;
163    memset(vector, '\0', sizeof(vector));
164    n = MakeArgs(buff, vector, VECSIZE(vector));
165    if (n < 2)
166      continue;
167    if (strlen(vector[0]) == len && strncmp(vector[0], system, len) == 0) {
168      ExpandString(vector[1], passwd, sizeof(passwd), 0);
169      if (setaddr) {
170	memset(&DefHisAddress, '\0', sizeof(DefHisAddress));
171      }
172      n -= 2;
173      if (n > 0 && setaddr) {
174	LogPrintf(LogDEBUG, "AuthGetSecret: n = %d, %s\n", n, vector[2]);
175	if (ParseAddr(n--, &vector[2],
176		      &DefHisAddress.ipaddr,
177		      &DefHisAddress.mask,
178		      &DefHisAddress.width) != 0)
179	  IpcpInit();
180      }
181      return (passwd);
182    }
183  }
184  CloseSecret(fp);
185  return (NULL);		/* Invalid */
186}
187
188static void
189AuthTimeout(struct authinfo *authp)
190{
191  struct pppTimer *tp;
192
193  tp = &authp->authtimer;
194  StopTimer(tp);
195  if (--authp->retry > 0) {
196    StartTimer(tp);
197    (authp->ChallengeFunc) (++authp->id);
198  }
199}
200
201void
202StartAuthChallenge(struct authinfo *authp)
203{
204  struct pppTimer *tp;
205
206  tp = &authp->authtimer;
207  StopTimer(tp);
208  tp->func = AuthTimeout;
209  tp->load = VarRetryTimeout * SECTICKS;
210  tp->state = TIMER_STOPPED;
211  tp->arg = (void *) authp;
212  StartTimer(tp);
213  authp->retry = 3;
214  authp->id = 1;
215  (authp->ChallengeFunc) (authp->id);
216}
217
218void
219StopAuthTimer(struct authinfo *authp)
220{
221  StopTimer(&authp->authtimer);
222}
223