1/* 2 * auth.c - PPP authentication and phase control. 3 * 4 * Copyright (c) 1993 The Australian National University. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms are permitted 8 * provided that the above copyright notice and this paragraph are 9 * duplicated in all such forms and that any documentation, 10 * advertising materials, and other materials related to such 11 * distribution and use acknowledge that the software was developed 12 * by the Australian National University. The name of the University 13 * may not be used to endorse or promote products derived from this 14 * software without specific prior written permission. 15 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 17 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 18 * 19 * Copyright (c) 1989 Carnegie Mellon University. 20 * All rights reserved. 21 * 22 * Redistribution and use in source and binary forms are permitted 23 * provided that the above copyright notice and this paragraph are 24 * duplicated in all such forms and that any documentation, 25 * advertising materials, and other materials related to such 26 * distribution and use acknowledge that the software was developed 27 * by Carnegie Mellon University. The name of the 28 * University may not be used to endorse or promote products derived 29 * from this software without specific prior written permission. 30 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 31 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 32 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 33 */ 34 35#define RCSID "$Id$" 36 37#include <stdio.h> 38#include <stddef.h> 39#include <stdlib.h> 40#include <unistd.h> 41#include <pwd.h> 42#include <grp.h> 43#include <string.h> 44#include <time.h> //Winster Chan added 05/15/2006 45#include <sys/types.h> 46#include <sys/stat.h> 47#include <sys/socket.h> 48#include <utmp.h> 49#include <fcntl.h> 50#if defined(_PATH_LASTLOG) && defined(_linux_) 51#include <lastlog.h> 52#endif 53 54#include <netdb.h> 55#include <netinet/in.h> 56#include <arpa/inet.h> 57 58#ifdef USE_PAM 59#include <security/pam_appl.h> 60#endif 61 62#ifdef HAS_SHADOW 63#include <shadow.h> 64#ifndef PW_PPP 65#define PW_PPP PW_LOGIN 66#endif 67#endif 68 69#include "pppd.h" 70#include "fsm.h" 71#include "lcp.h" 72#include "ipcp.h" 73#include "upap.h" 74#include "chap.h" 75#ifdef CBCP_SUPPORT 76#include "cbcp.h" 77#endif 78#include "pathnames.h" 79 80static const char rcsid[] = RCSID; 81 82/* Bits in scan_authfile return value */ 83#define NONWILD_SERVER 1 84#define NONWILD_CLIENT 2 85 86#define ISWILD(word) (word[0] == '*' && word[1] == 0) 87 88/* The name by which the peer authenticated itself to us. */ 89char peer_authname[MAXNAMELEN]; 90 91/* Records which authentication operations haven't completed yet. */ 92static int auth_pending[NUM_PPP]; 93 94/* Set if we have successfully called plogin() */ 95static int logged_in; 96 97/* List of addresses which the peer may use. */ 98static struct permitted_ip *addresses[NUM_PPP]; 99 100/* Wordlist giving addresses which the peer may use 101 without authenticating itself. */ 102static struct wordlist *noauth_addrs; 103 104/* Extra options to apply, from the secrets file entry for the peer. */ 105static struct wordlist *extra_options; 106 107/* Number of network protocols which we have opened. */ 108static int num_np_open; 109 110/* Number of network protocols which have come up. */ 111static int num_np_up; 112 113/* Set if we got the contents of passwd[] from the pap-secrets file. */ 114static int passwd_from_file; 115 116/* Set if we require authentication only because we have a default route. */ 117static bool default_auth; 118 119/* Hook to enable a plugin to control the idle time limit */ 120int (*idle_time_hook) __P((struct ppp_idle *)) = NULL; 121 122/* Hook for a plugin to say whether we can possibly authenticate any peer */ 123int (*pap_check_hook) __P((void)) = NULL; 124 125/* Hook for a plugin to check the PAP user and password */ 126int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp, 127 struct wordlist **paddrs, 128 struct wordlist **popts)) = NULL; 129 130/* Hook for a plugin to know about the PAP user logout */ 131void (*pap_logout_hook) __P((void)) = NULL; 132 133/* Hook for a plugin to get the PAP password for authenticating us */ 134int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL; 135 136/* 137 * This is used to ensure that we don't start an auth-up/down 138 * script while one is already running. 139 */ 140enum script_state { 141 s_down, 142 s_up 143}; 144 145static enum script_state auth_state = s_down; 146static enum script_state auth_script_state = s_down; 147static pid_t auth_script_pid = 0; 148 149static int used_login; /* peer authenticated against login database */ 150 151/* 152 * Option variables. 153 */ 154bool uselogin = 0; /* Use /etc/passwd for checking PAP */ 155bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */ 156bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */ 157bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */ 158bool usehostname = 0; /* Use hostname for our_name */ 159bool auth_required = 0; /* Always require authentication from peer */ 160bool allow_any_ip = 0; /* Allow peer to use any IP address */ 161bool explicit_remote = 0; /* User specified explicit remote name */ 162char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ 163 164static char *uafname; /* name of most recent +ua file */ 165 166/* Bits in auth_pending[] */ 167#define PAP_WITHPEER 1 168#define PAP_PEER 2 169#define CHAP_WITHPEER 4 170#define CHAP_PEER 8 171 172extern char *crypt __P((const char *, const char *)); 173 174/* Prototypes for procedures local to this file. */ 175 176static void network_phase __P((int)); 177static void check_idle __P((void *)); 178static void connect_time_expired __P((void *)); 179/* Foxconn removed start pling 06/02/2006 */ 180/* static int plogin __P((char *, char *, char **)); */ 181/* Foxconn removed end pling 06/02/2006 */ 182static void plogout __P((void)); 183static int null_login __P((int)); 184static int get_pap_passwd __P((char *)); 185static int have_pap_secret __P((int *)); 186static int have_chap_secret __P((char *, char *, int, int *)); 187static int ip_addr_check __P((u_int32_t, struct permitted_ip *)); 188static int scan_authfile __P((FILE *, char *, char *, char *, 189 struct wordlist **, struct wordlist **, 190 char *)); 191static void free_wordlist __P((struct wordlist *)); 192static void auth_script __P((char *)); 193static void auth_script_done __P((void *)); 194static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *)); 195static int some_ip_ok __P((struct wordlist *)); 196static int setupapfile __P((char **)); 197static int privgroup __P((char **)); 198static int set_noauth_addr __P((char **)); 199static void check_access __P((FILE *, char *)); 200static int wordlist_count __P((struct wordlist *)); 201 202/* 203 * Authentication-related options. 204 */ 205option_t auth_options[] = { 206 { "auth", o_bool, &auth_required, 207 "Require authentication from peer", OPT_PRIO | 1 }, 208 { "noauth", o_bool, &auth_required, 209 "Don't require peer to authenticate", OPT_PRIOSUB | OPT_PRIV, 210 &allow_any_ip }, 211 { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap, 212 "Require PAP authentication from peer", 213 OPT_PRIOSUB | 1, &auth_required }, 214 { "+pap", o_bool, &lcp_wantoptions[0].neg_upap, 215 "Require PAP authentication from peer", 216 OPT_ALIAS | OPT_PRIOSUB | 1, &auth_required }, 217 { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap, 218 "Require CHAP authentication from peer", 219 OPT_PRIOSUB | 1, &auth_required }, 220 { "+chap", o_bool, &lcp_wantoptions[0].neg_chap, 221 "Require CHAP authentication from peer", 222 OPT_ALIAS | OPT_PRIOSUB | 1, &auth_required }, 223 224 { "refuse-pap", o_bool, &refuse_pap, 225 "Don't agree to auth to peer with PAP", 1 }, 226 { "-pap", o_bool, &refuse_pap, 227 "Don't allow PAP authentication with peer", OPT_ALIAS | 1 }, 228 229 { "refuse-chap", o_bool, &refuse_chap, 230 "Don't agree to auth to peer with CHAP", 1 }, 231 { "-chap", o_bool, &refuse_chap, 232 "Don't allow CHAP authentication with peer", OPT_ALIAS | 1 }, 233 234 { "name", o_string, our_name, 235 "Set local name for authentication", 236 OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXNAMELEN }, 237 238 { "+ua", o_special, (void *)setupapfile, 239 "Get PAP user and password from file", 240 OPT_PRIO | OPT_A2STRVAL, &uafname }, 241 242 { "user", o_string, user, 243 "Set name for auth with peer", OPT_PRIO | OPT_STATIC, NULL, MAXNAMELEN }, 244 245 { "password", o_string, passwd, 246 "Password for authenticating us to the peer", 247 OPT_PRIO | OPT_STATIC | OPT_HIDE, NULL, MAXSECRETLEN }, 248 249 { "usehostname", o_bool, &usehostname, 250 "Must use hostname for authentication", 1 }, 251 252 { "remotename", o_string, remote_name, 253 "Set remote name for authentication", OPT_PRIO | OPT_STATIC, 254 &explicit_remote, MAXNAMELEN }, 255 256 { "login", o_bool, &uselogin, 257 "Use system password database for PAP", 1 }, 258 259 { "papcrypt", o_bool, &cryptpap, 260 "PAP passwords are encrypted", 1 }, 261 262 { "privgroup", o_special, (void *)privgroup, 263 "Allow group members to use privileged options", OPT_PRIV | OPT_A2LIST }, 264 265 { "allow-ip", o_special, (void *)set_noauth_addr, 266 "Set IP address(es) which can be used without authentication", 267 OPT_PRIV | OPT_A2LIST }, 268 269 { NULL } 270}; 271 272/* 273 * setupapfile - specifies UPAP info for authenticating with peer. 274 */ 275static int 276setupapfile(argv) 277 char **argv; 278{ 279 FILE *ufile; 280 int l; 281 char u[MAXNAMELEN], p[MAXSECRETLEN]; 282 char *fname; 283 284 lcp_allowoptions[0].neg_upap = 1; 285 286 /* open user info file */ 287 fname = strdup(*argv); 288 if (fname == NULL) 289 novm("+ua file name"); 290 seteuid(getuid()); 291 ufile = fopen(fname, "r"); 292 seteuid(0); 293 if (ufile == NULL) { 294 option_error("unable to open user login data file %s", fname); 295 return 0; 296 } 297 check_access(ufile, fname); 298 uafname = fname; 299 300 /* get username */ 301 if (fgets(u, MAXNAMELEN - 1, ufile) == NULL 302 || fgets(p, MAXSECRETLEN - 1, ufile) == NULL){ 303 option_error("unable to read user login data file %s", fname); 304 return 0; 305 } 306 fclose(ufile); 307 308 /* get rid of newlines */ 309 l = strlen(u); 310 if (l > 0 && u[l-1] == '\n') 311 u[l-1] = 0; 312 l = strlen(p); 313 if (l > 0 && p[l-1] == '\n') 314 p[l-1] = 0; 315 316 if (override_value("user", option_priority, fname)) 317 strlcpy(user, u, sizeof(user)); 318 if (override_value("passwd", option_priority, fname)) 319 strlcpy(passwd, p, sizeof(passwd)); 320 321 return (1); 322} 323 324 325/* 326 * privgroup - allow members of the group to have privileged access. 327 */ 328static int 329privgroup(argv) 330 char **argv; 331{ 332 struct group *g; 333 int i; 334 335 g = getgrnam(*argv); 336 if (g == 0) { 337 option_error("group %s is unknown", *argv); 338 return 0; 339 } 340 for (i = 0; i < ngroups; ++i) { 341 if (groups[i] == g->gr_gid) { 342 privileged = 1; 343 break; 344 } 345 } 346 return 1; 347} 348 349 350/* 351 * set_noauth_addr - set address(es) that can be used without authentication. 352 * Equivalent to specifying an entry like `"" * "" addr' in pap-secrets. 353 */ 354static int 355set_noauth_addr(argv) 356 char **argv; 357{ 358 char *addr = *argv; 359 int l = strlen(addr) + 1; 360 struct wordlist *wp; 361 362 wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l); 363 if (wp == NULL) 364 novm("allow-ip argument"); 365 wp->word = (char *) (wp + 1); 366 wp->next = noauth_addrs; 367 BCOPY(addr, wp->word, l); 368 noauth_addrs = wp; 369 return 1; 370} 371 372 373/* 374 * An Open on LCP has requested a change from Dead to Establish phase. 375 * Do what's necessary to bring the physical layer up. 376 */ 377void 378link_required(unit) 379 int unit; 380{ 381} 382 383/* 384 * LCP has terminated the link; go to the Dead phase and take the 385 * physical layer down. 386 */ 387void 388link_terminated(unit) 389 int unit; 390{ 391 if (phase == PHASE_DEAD) 392 return; 393 if (pap_logout_hook) { 394 pap_logout_hook(); 395 } else { 396 if (logged_in) 397 plogout(); 398 } 399 new_phase(PHASE_DEAD); 400 notice("Connection terminated."); 401} 402 403/* 404 * LCP has gone down; it will either die or try to re-establish. 405 */ 406void 407link_down(unit) 408 int unit; 409{ 410 int i; 411 struct protent *protp; 412 413 auth_state = s_down; 414 if (auth_script_state == s_up && auth_script_pid == 0) { 415 update_link_stats(unit); 416 auth_script_state = s_down; 417 auth_script(_PATH_AUTHDOWN); 418 } 419 for (i = 0; (protp = protocols[i]) != NULL; ++i) { 420 if (!protp->enabled_flag) 421 continue; 422 if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) 423 (*protp->lowerdown)(unit); 424 if (protp->protocol < 0xC000 && protp->close != NULL) 425 (*protp->close)(unit, "LCP down"); 426 } 427 num_np_open = 0; 428 num_np_up = 0; 429 if (phase != PHASE_DEAD) 430 new_phase(PHASE_TERMINATE); 431} 432 433/* 434 * The link is established. 435 * Proceed to the Dead, Authenticate or Network phase as appropriate. 436 */ 437void 438link_established(unit) 439 int unit; 440{ 441 int auth; 442 lcp_options *wo = &lcp_wantoptions[unit]; 443 lcp_options *go = &lcp_gotoptions[unit]; 444 lcp_options *ho = &lcp_hisoptions[unit]; 445 int i; 446 struct protent *protp; 447 448 /* 449 * Tell higher-level protocols that LCP is up. 450 */ 451 for (i = 0; (protp = protocols[i]) != NULL; ++i) 452 if (protp->protocol != PPP_LCP && protp->enabled_flag 453 && protp->lowerup != NULL) 454 (*protp->lowerup)(unit); 455 456 if (auth_required && !(go->neg_chap || go->neg_upap)) { 457 /* 458 * We wanted the peer to authenticate itself, and it refused: 459 * if we have some address(es) it can use without auth, fine, 460 * otherwise treat it as though it authenticated with PAP using 461 * a username * of "" and a password of "". If that's not OK, 462 * boot it out. 463 */ 464 if (noauth_addrs != NULL) { 465 set_allowed_addrs(unit, NULL, NULL); 466 } else if (!wo->neg_upap || uselogin || !null_login(unit)) { 467 warn("peer refused to authenticate: terminating link"); 468 lcp_close(unit, "peer refused to authenticate"); 469 status = EXIT_PEER_AUTH_FAILED; 470 return; 471 } 472 } 473 474 new_phase(PHASE_AUTHENTICATE); 475 used_login = 0; 476 auth = 0; 477 if (go->neg_chap) { 478 ChapAuthPeer(unit, our_name, go->chap_mdtype); 479 auth |= CHAP_PEER; 480 } else if (go->neg_upap) { 481 upap_authpeer(unit); 482 auth |= PAP_PEER; 483 } 484 if (ho->neg_chap) { 485 ChapAuthWithPeer(unit, user, ho->chap_mdtype); 486 auth |= CHAP_WITHPEER; 487 } else if (ho->neg_upap) { 488 if (passwd[0] == 0) { 489 passwd_from_file = 1; 490 if (!get_pap_passwd(passwd)) 491 error("No secret found for PAP login"); 492 } 493 upap_authwithpeer(unit, user, passwd); 494 auth |= PAP_WITHPEER; 495 } 496 auth_pending[unit] = auth; 497 498 if (!auth) 499 network_phase(unit); 500} 501 502/* 503 * Proceed to the network phase. 504 */ 505static void 506network_phase(unit) 507 int unit; 508{ 509 lcp_options *go = &lcp_gotoptions[unit]; 510 511 /* 512 * If the peer had to authenticate, run the auth-up script now. 513 */ 514 if (go->neg_chap || go->neg_upap) { 515 auth_state = s_up; 516 if (auth_script_state == s_down && auth_script_pid == 0) { 517 auth_script_state = s_up; 518 auth_script(_PATH_AUTHUP); 519 } 520 } 521 522#ifdef CBCP_SUPPORT 523 /* 524 * If we negotiated callback, do it now. 525 */ 526 if (go->neg_cbcp) { 527 new_phase(PHASE_CALLBACK); 528 (*cbcp_protent.open)(unit); 529 return; 530 } 531#endif 532 533 /* 534 * Process extra options from the secrets file 535 */ 536 if (extra_options) { 537 options_from_list(extra_options, 1); 538 free_wordlist(extra_options); 539 extra_options = 0; 540 } 541 start_networks(); 542} 543 544void 545start_networks() 546{ 547 int i; 548 struct protent *protp; 549 550 new_phase(PHASE_NETWORK); 551 552#ifdef HAVE_MULTILINK 553 if (multilink) { 554 if (mp_join_bundle()) { 555 if (updetach && !nodetach) 556 detach(); 557 return; 558 } 559 } 560#endif /* HAVE_MULTILINK */ 561 562#ifdef PPP_FILTER 563 if (!demand) 564 set_filters(&pass_filter, &active_filter); 565#endif 566 for (i = 0; (protp = protocols[i]) != NULL; ++i) 567 if (protp->protocol < 0xC000 && protp->enabled_flag 568 && protp->open != NULL) { 569 (*protp->open)(0); 570 if (protp->protocol != PPP_CCP) 571 ++num_np_open; 572 } 573 574 if (num_np_open == 0) 575 /* nothing to do */ 576 lcp_close(0, "No network protocols running"); 577} 578 579/* 580 * The peer has failed to authenticate himself using `protocol'. 581 */ 582void 583auth_peer_fail(unit, protocol) 584 int unit, protocol; 585{ 586 /* 587 * Authentication failure: take the link down 588 */ 589 lcp_close(unit, "Authentication failed"); 590 status = EXIT_PEER_AUTH_FAILED; 591} 592 593/* 594 * The peer has been successfully authenticated using `protocol'. 595 */ 596void 597auth_peer_success(unit, protocol, name, namelen) 598 int unit, protocol; 599 char *name; 600 int namelen; 601{ 602 int bit; 603 604 switch (protocol) { 605 case PPP_CHAP: 606 bit = CHAP_PEER; 607 break; 608 case PPP_PAP: 609 bit = PAP_PEER; 610 break; 611 default: 612 warn("auth_peer_success: unknown protocol %x", protocol); 613 return; 614 } 615 616 /* 617 * Save the authenticated name of the peer for later. 618 */ 619 if (namelen > sizeof(peer_authname) - 1) 620 namelen = sizeof(peer_authname) - 1; 621 BCOPY(name, peer_authname, namelen); 622 peer_authname[namelen] = 0; 623 script_setenv("PEERNAME", peer_authname, 0); 624 625 /* 626 * If there is no more authentication still to be done, 627 * proceed to the network (or callback) phase. 628 */ 629 if ((auth_pending[unit] &= ~bit) == 0) 630 network_phase(unit); 631} 632 633/* 634 * We have failed to authenticate ourselves to the peer using `protocol'. 635 */ 636void 637auth_withpeer_fail(unit, protocol) 638 int unit, protocol; 639{ 640 if (passwd_from_file) 641 BZERO(passwd, MAXSECRETLEN); 642 /* 643 * We've failed to authenticate ourselves to our peer. 644 * Some servers keep sending CHAP challenges, but there 645 * is no point in persisting without any way to get updated 646 * authentication secrets. 647 */ 648 lcp_close(unit, "Failed to authenticate ourselves to peer"); 649 status = EXIT_AUTH_TOPEER_FAILED; 650} 651 652/* 653 * We have successfully authenticated ourselves with the peer using `protocol'. 654 */ 655void 656auth_withpeer_success(unit, protocol) 657 int unit, protocol; 658{ 659 int bit; 660 661 switch (protocol) { 662 case PPP_CHAP: 663 bit = CHAP_WITHPEER; 664 break; 665 case PPP_PAP: 666 if (passwd_from_file) 667 BZERO(passwd, MAXSECRETLEN); 668 bit = PAP_WITHPEER; 669 break; 670 default: 671 warn("auth_withpeer_success: unknown protocol %x", protocol); 672 bit = 0; 673 } 674 675 /* 676 * If there is no more authentication still being done, 677 * proceed to the network (or callback) phase. 678 */ 679 if ((auth_pending[unit] &= ~bit) == 0) 680 network_phase(unit); 681} 682 683 684/* 685 * np_up - a network protocol has come up. 686 */ 687void 688np_up(unit, proto) 689 int unit, proto; 690{ 691 int tlim; 692 693 if (num_np_up == 0) { 694 /* 695 * At this point we consider that the link has come up successfully. 696 */ 697 status = EXIT_OK; 698 unsuccess = 0; 699 new_phase(PHASE_RUNNING); 700 701 if (idle_time_hook != 0) 702 tlim = (*idle_time_hook)(NULL); 703 else 704 tlim = idle_time_limit; 705 if (tlim > 0) 706 TIMEOUT(check_idle, NULL, tlim); 707 708 /* 709 * Set a timeout to close the connection once the maximum 710 * connect time has expired. 711 */ 712 if (maxconnect > 0) 713 TIMEOUT(connect_time_expired, 0, maxconnect); 714 715 /* 716 * Detach now, if the updetach option was given. 717 */ 718 if (updetach && !nodetach) 719 detach(); 720 } 721 ++num_np_up; 722} 723 724/* 725 * np_down - a network protocol has gone down. 726 */ 727void 728np_down(unit, proto) 729 int unit, proto; 730{ 731 if (--num_np_up == 0) { 732 UNTIMEOUT(check_idle, NULL); 733 new_phase(PHASE_NETWORK); 734 } 735} 736 737/* 738 * np_finished - a network protocol has finished using the link. 739 */ 740void 741np_finished(unit, proto) 742 int unit, proto; 743{ 744 if (--num_np_open <= 0) { 745 /* no further use for the link: shut up shop. */ 746 lcp_close(0, "No network protocols running"); 747 } 748} 749 750/* 751 * check_idle - check whether the link has been idle for long 752 * enough that we can shut it down. 753 */ 754static void 755check_idle(arg) 756 void *arg; 757{ 758 struct ppp_idle idle; 759 time_t itime; 760 int tlim; 761 762 if (!get_idle_time(0, &idle)) 763 return; 764 if (idle_time_hook != 0) { 765 tlim = idle_time_hook(&idle); 766 } else { 767 itime = MIN(idle.xmit_idle, idle.recv_idle); 768 tlim = idle_time_limit - itime; 769 } 770 if (tlim <= 0) { 771 /* link is idle: shut it down. */ 772 notice("Terminating connection due to lack of activity."); 773 lcp_close(0, "Link inactive"); 774 need_holdoff = 0; 775 status = EXIT_IDLE_TIMEOUT; 776 } else { 777 TIMEOUT(check_idle, NULL, tlim); 778 } 779} 780 781/* 782 * connect_time_expired - log a message and close the connection. 783 */ 784static void 785connect_time_expired(arg) 786 void *arg; 787{ 788 info("Connect time expired"); 789 lcp_close(0, "Connect time expired"); /* Close connection */ 790 status = EXIT_CONNECT_TIME; 791} 792 793/* 794 * auth_check_options - called to check authentication options. 795 */ 796void 797auth_check_options() 798{ 799 lcp_options *wo = &lcp_wantoptions[0]; 800 int can_auth; 801 int lacks_ip; 802 803 /* Default our_name to hostname, and user to our_name */ 804 if (our_name[0] == 0 || usehostname) 805 strlcpy(our_name, hostname, sizeof(our_name)); 806 if (user[0] == 0) 807 strlcpy(user, our_name, sizeof(user)); 808 809 /* 810 * If we have a default route, require the peer to authenticate 811 * unless the noauth option was given or the real user is root. 812 */ 813 if (!auth_required && !allow_any_ip && have_route_to(0) && !privileged) { 814 auth_required = 1; 815 default_auth = 1; 816 } 817 818 /* If authentication is required, ask peer for CHAP or PAP. */ 819 if (auth_required) { 820 allow_any_ip = 0; 821 if (!wo->neg_chap && !wo->neg_upap) { 822 wo->neg_chap = 1; 823 wo->neg_upap = 1; 824 } 825 } else { 826 wo->neg_chap = 0; 827 wo->neg_upap = 0; 828 } 829 830 /* 831 * Check whether we have appropriate secrets to use 832 * to authenticate the peer. 833 */ 834 lacks_ip = 0; 835 can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip)); 836 if (!can_auth && wo->neg_chap) { 837 can_auth = have_chap_secret((explicit_remote? remote_name: NULL), 838 our_name, 1, &lacks_ip); 839 } 840 841 if (auth_required && !can_auth && noauth_addrs == NULL) { 842 if (default_auth) { 843 option_error( 844"By default the remote system is required to authenticate itself"); 845 option_error( 846"(because this system has a default route to the internet)"); 847 } else if (explicit_remote) 848 option_error( 849"The remote system (%s) is required to authenticate itself", 850 remote_name); 851 else 852 option_error( 853"The remote system is required to authenticate itself"); 854 option_error( 855"but I couldn't find any suitable secret (password) for it to use to do so."); 856 if (lacks_ip) 857 option_error( 858"(None of the available passwords would let it use an IP address.)"); 859 860 exit(1); 861 } 862} 863 864/* 865 * auth_reset - called when LCP is starting negotiations to recheck 866 * authentication options, i.e. whether we have appropriate secrets 867 * to use for authenticating ourselves and/or the peer. 868 */ 869void 870auth_reset(unit) 871 int unit; 872{ 873 lcp_options *go = &lcp_gotoptions[unit]; 874 lcp_options *ao = &lcp_allowoptions[0]; 875 876 ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL)); 877 ao->neg_chap = !refuse_chap 878 && (passwd[0] != 0 879 || have_chap_secret(user, (explicit_remote? remote_name: NULL), 880 0, NULL)); 881 882 if (go->neg_upap && !uselogin && !have_pap_secret(NULL)) 883 go->neg_upap = 0; 884 if (go->neg_chap) { 885 if (!have_chap_secret((explicit_remote? remote_name: NULL), 886 our_name, 1, NULL)) 887 go->neg_chap = 0; 888 } 889} 890 891 892/* 893 * check_passwd - Check the user name and passwd against the PAP secrets 894 * file. If requested, also check against the system password database, 895 * and login the user if OK. 896 * 897 * returns: 898 * UPAP_AUTHNAK: Authentication failed. 899 * UPAP_AUTHACK: Authentication succeeded. 900 * In either case, msg points to an appropriate message. 901 */ 902int 903check_passwd(unit, auser, userlen, apasswd, passwdlen, msg) 904 int unit; 905 char *auser; 906 int userlen; 907 char *apasswd; 908 int passwdlen; 909 char **msg; 910{ 911 int ret; 912 char *filename; 913 FILE *f; 914 struct wordlist *addrs = NULL, *opts = NULL; 915 char passwd[256], user[256]; 916 char secret[MAXWORDLEN]; 917 static int attempts = 0; 918 919 /* 920 * Make copies of apasswd and auser, then null-terminate them. 921 * If there are unprintable characters in the password, make 922 * them visible. 923 */ 924 slprintf(passwd, sizeof(passwd), "%.*v", passwdlen, apasswd); 925 slprintf(user, sizeof(user), "%.*v", userlen, auser); 926 *msg = ""; 927 928 /* 929 * Check if a plugin wants to handle this. 930 */ 931 if (pap_auth_hook) { 932 ret = (*pap_auth_hook)(user, passwd, msg, &addrs, &opts); 933 if (ret >= 0) { 934 if (ret) 935 set_allowed_addrs(unit, addrs, opts); 936 BZERO(passwd, sizeof(passwd)); 937 if (addrs != 0) 938 free_wordlist(addrs); 939 return ret? UPAP_AUTHACK: UPAP_AUTHNAK; 940 } 941 } 942 943 /* 944 * Open the file of pap secrets and scan for a suitable secret 945 * for authenticating this user. 946 */ 947 filename = _PATH_UPAPFILE; 948 addrs = opts = NULL; 949 ret = UPAP_AUTHNAK; 950 f = fopen(filename, "r"); 951 if (f == NULL) { 952 error("Can't open PAP password file %s: %m", filename); 953 954 } else { 955 check_access(f, filename); 956 if (scan_authfile(f, user, our_name, secret, &addrs, &opts, filename) < 0) { 957 warn("no PAP secret found for %s", user); 958 } 959 /* Foxconn removed start pling 06/01/2006 */ 960 /* Check PAP-secret file only, don't check login database! */ 961#if 0 962 else { 963 /* 964 * If the secret is "@login", it means to check 965 * the password against the login database. 966 */ 967 int login_secret = strcmp(secret, "@login") == 0; 968 ret = UPAP_AUTHACK; 969 if (uselogin || login_secret) { 970 /* login option or secret is @login */ 971 ret = plogin(user, passwd, msg); 972 if (ret == UPAP_AUTHNAK) 973 warn("PAP login failure for %s", user); 974 else 975 used_login = 1; 976 } 977 if (secret[0] != 0 && !login_secret) { 978 /* password given in pap-secrets - must match */ 979 if ((cryptpap || strcmp(passwd, secret) != 0) 980 && strcmp(crypt(passwd, secret), secret) != 0) { 981 ret = UPAP_AUTHNAK; 982 warn("PAP authentication failure for %s", user); 983 } 984 } 985 } 986#endif 987 /* Foxconn removed end pling 06/01/2006 */ 988 fclose(f); 989 } 990 991 if (ret == UPAP_AUTHNAK) { 992 if (**msg == 0) 993 *msg = "Login incorrect"; 994 if (attempts++ >= 10) { 995 warn("%d LOGIN FAILURES ON %s, %s", attempts, devnam, user); 996 lcp_close(unit, "login failed"); 997 } 998 if (attempts > 3) 999 sleep((u_int) (attempts - 3) * 5); 1000 if (opts != NULL) 1001 free_wordlist(opts); 1002 1003 } else { 1004 attempts = 0; /* Reset count */ 1005 if (**msg == 0) 1006 *msg = "Login ok"; 1007 set_allowed_addrs(unit, addrs, opts); 1008 } 1009 1010 if (addrs != NULL) 1011 free_wordlist(addrs); 1012 BZERO(passwd, sizeof(passwd)); 1013 BZERO(secret, sizeof(secret)); 1014 1015 return ret; 1016} 1017 1018/* 1019 * This function is needed for PAM. 1020 */ 1021 1022#ifdef USE_PAM 1023/* Static variables used to communicate between the conversation function 1024 * and the server_login function 1025 */ 1026static char *PAM_username; 1027static char *PAM_password; 1028static int PAM_error = 0; 1029static pam_handle_t *pamh = NULL; 1030 1031/* PAM conversation function 1032 * Here we assume (for now, at least) that echo on means login name, and 1033 * echo off means password. 1034 */ 1035 1036static int PAM_conv (int num_msg, const struct pam_message **msg, 1037 struct pam_response **resp, void *appdata_ptr) 1038{ 1039 int replies = 0; 1040 struct pam_response *reply = NULL; 1041 1042#define COPY_STRING(s) (s) ? strdup(s) : NULL 1043 1044 reply = malloc(sizeof(struct pam_response) * num_msg); 1045 if (!reply) return PAM_CONV_ERR; 1046 1047 for (replies = 0; replies < num_msg; replies++) { 1048 switch (msg[replies]->msg_style) { 1049 case PAM_PROMPT_ECHO_ON: 1050 reply[replies].resp_retcode = PAM_SUCCESS; 1051 reply[replies].resp = COPY_STRING(PAM_username); 1052 /* PAM frees resp */ 1053 break; 1054 case PAM_PROMPT_ECHO_OFF: 1055 reply[replies].resp_retcode = PAM_SUCCESS; 1056 reply[replies].resp = COPY_STRING(PAM_password); 1057 /* PAM frees resp */ 1058 break; 1059 case PAM_TEXT_INFO: 1060 /* fall through */ 1061 case PAM_ERROR_MSG: 1062 /* ignore it, but pam still wants a NULL response... */ 1063 reply[replies].resp_retcode = PAM_SUCCESS; 1064 reply[replies].resp = NULL; 1065 break; 1066 default: 1067 /* Must be an error of some sort... */ 1068 free (reply); 1069 PAM_error = 1; 1070 return PAM_CONV_ERR; 1071 } 1072 } 1073 *resp = reply; 1074 return PAM_SUCCESS; 1075} 1076 1077static struct pam_conv PAM_conversation = { 1078 &PAM_conv, 1079 NULL 1080}; 1081#endif /* USE_PAM */ 1082 1083/* Foxconn removed start pling 06/02/2006 */ 1084#if 0 1085/* 1086 * plogin - Check the user name and password against the system 1087 * password database, and login the user if OK. 1088 * 1089 * returns: 1090 * UPAP_AUTHNAK: Login failed. 1091 * UPAP_AUTHACK: Login succeeded. 1092 * In either case, msg points to an appropriate message. 1093 */ 1094 1095static int 1096plogin(user, passwd, msg) 1097 char *user; 1098 char *passwd; 1099 char **msg; 1100{ 1101 char *tty; 1102 1103#ifdef USE_PAM 1104 int pam_error; 1105 1106 pam_error = pam_start ("ppp", user, &PAM_conversation, &pamh); 1107 if (pam_error != PAM_SUCCESS) { 1108 *msg = (char *) pam_strerror (pamh, pam_error); 1109 reopen_log(); 1110 return UPAP_AUTHNAK; 1111 } 1112 /* 1113 * Define the fields for the credential validation 1114 */ 1115 1116 PAM_username = user; 1117 PAM_password = passwd; 1118 PAM_error = 0; 1119 pam_set_item (pamh, PAM_TTY, devnam); /* this might be useful to some modules */ 1120 1121 /* 1122 * Validate the user 1123 */ 1124 pam_error = pam_authenticate (pamh, PAM_SILENT); 1125 if (pam_error == PAM_SUCCESS && !PAM_error) { 1126 pam_error = pam_acct_mgmt (pamh, PAM_SILENT); 1127 if (pam_error == PAM_SUCCESS) 1128 pam_open_session (pamh, PAM_SILENT); 1129 } 1130 1131 *msg = (char *) pam_strerror (pamh, pam_error); 1132 1133 /* 1134 * Clean up the mess 1135 */ 1136 reopen_log(); /* apparently the PAM stuff does closelog() */ 1137 PAM_username = NULL; 1138 PAM_password = NULL; 1139 if (pam_error != PAM_SUCCESS) 1140 return UPAP_AUTHNAK; 1141#else /* #ifdef USE_PAM */ 1142 1143/* 1144 * Use the non-PAM methods directly 1145 */ 1146 1147#ifdef HAS_SHADOW 1148 struct spwd *spwd; 1149 struct spwd *getspnam(); 1150#endif 1151 struct passwd *pw = getpwnam(user); 1152 1153 endpwent(); 1154 if (pw == NULL) 1155 return (UPAP_AUTHNAK); 1156 1157#ifdef HAS_SHADOW 1158 spwd = getspnam(user); 1159 endspent(); 1160 if (spwd) { 1161 /* check the age of the password entry */ 1162 long now = time(NULL) / 86400L; 1163 1164 if ((spwd->sp_expire > 0 && now >= spwd->sp_expire) 1165 || ((spwd->sp_max >= 0 && spwd->sp_max < 10000) 1166 && spwd->sp_lstchg >= 0 1167 && now >= spwd->sp_lstchg + spwd->sp_max)) { 1168 warn("Password for %s has expired", user); 1169 return (UPAP_AUTHNAK); 1170 } 1171 pw->pw_passwd = spwd->sp_pwdp; 1172 } 1173#endif 1174 1175 /* 1176 * If no passwd, don't let them login. 1177 */ 1178 if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2 1179 || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) 1180 return (UPAP_AUTHNAK); 1181 1182#endif /* #ifdef USE_PAM */ 1183 1184 /* 1185 * Write a wtmp entry for this user. 1186 */ 1187 1188 tty = devnam; 1189 if (strncmp(tty, "/dev/", 5) == 0) 1190 tty += 5; 1191 logwtmp(tty, user, remote_name); /* Add wtmp login entry */ 1192 1193#if defined(_PATH_LASTLOG) && !defined(USE_PAM) 1194 if (pw != (struct passwd *)NULL) { 1195 struct lastlog ll; 1196 int fd; 1197 1198 if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { 1199 (void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET); 1200 memset((void *)&ll, 0, sizeof(ll)); 1201 (void)time(&ll.ll_time); 1202 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); 1203 (void)write(fd, (char *)&ll, sizeof(ll)); 1204 (void)close(fd); 1205 } 1206 } 1207#endif /* _PATH_LASTLOG and not USE_PAM */ 1208 1209 info("user %s logged in", user); 1210 logged_in = 1; 1211 1212 return (UPAP_AUTHACK); 1213} 1214#endif 1215/* Foxconn removed end pling 06/02/2006 */ 1216 1217/* 1218 * plogout - Logout the user. 1219 */ 1220static void 1221plogout() 1222{ 1223#ifdef USE_PAM 1224 int pam_error; 1225 1226 if (pamh != NULL) { 1227 pam_error = pam_close_session (pamh, PAM_SILENT); 1228 pam_end (pamh, pam_error); 1229 pamh = NULL; 1230 } 1231 /* Apparently the pam stuff does closelog(). */ 1232 reopen_log(); 1233#else /* ! USE_PAM */ 1234 char *tty; 1235 1236 tty = devnam; 1237 if (strncmp(tty, "/dev/", 5) == 0) 1238 tty += 5; 1239 logwtmp(tty, "", ""); /* Wipe out utmp logout entry */ 1240#endif /* ! USE_PAM */ 1241 logged_in = 0; 1242} 1243 1244 1245/* 1246 * null_login - Check if a username of "" and a password of "" are 1247 * acceptable, and iff so, set the list of acceptable IP addresses 1248 * and return 1. 1249 */ 1250static int 1251null_login(unit) 1252 int unit; 1253{ 1254 char *filename; 1255 FILE *f; 1256 int i, ret; 1257 struct wordlist *addrs, *opts; 1258 char secret[MAXWORDLEN]; 1259 1260 /* 1261 * Open the file of pap secrets and scan for a suitable secret. 1262 */ 1263 filename = _PATH_UPAPFILE; 1264 addrs = NULL; 1265 f = fopen(filename, "r"); 1266 if (f == NULL) 1267 return 0; 1268 check_access(f, filename); 1269 1270 i = scan_authfile(f, "", our_name, secret, &addrs, &opts, filename); 1271 ret = i >= 0 && secret[0] == 0; 1272 BZERO(secret, sizeof(secret)); 1273 1274 if (ret) 1275 set_allowed_addrs(unit, addrs, opts); 1276 else if (opts != 0) 1277 free_wordlist(opts); 1278 if (addrs != 0) 1279 free_wordlist(addrs); 1280 1281 fclose(f); 1282 return ret; 1283} 1284 1285 1286/* 1287 * get_pap_passwd - get a password for authenticating ourselves with 1288 * our peer using PAP. Returns 1 on success, 0 if no suitable password 1289 * could be found. 1290 * Assumes passwd points to MAXSECRETLEN bytes of space (if non-null). 1291 */ 1292static int 1293get_pap_passwd(passwd) 1294 char *passwd; 1295{ 1296 char *filename; 1297 FILE *f; 1298 int ret; 1299 char secret[MAXWORDLEN]; 1300 1301 /* 1302 * Check whether a plugin wants to supply this. 1303 */ 1304 if (pap_passwd_hook) { 1305 ret = (*pap_passwd_hook)(user, passwd); 1306 if (ret >= 0) 1307 return ret; 1308 } 1309 1310 filename = _PATH_UPAPFILE; 1311 f = fopen(filename, "r"); 1312 if (f == NULL) 1313 return 0; 1314 check_access(f, filename); 1315 ret = scan_authfile(f, user, 1316 (remote_name[0]? remote_name: NULL), 1317 secret, NULL, NULL, filename); 1318 fclose(f); 1319 if (ret < 0) 1320 return 0; 1321 if (passwd != NULL) 1322 strlcpy(passwd, secret, MAXSECRETLEN); 1323 BZERO(secret, sizeof(secret)); 1324 return 1; 1325} 1326 1327 1328/* 1329 * have_pap_secret - check whether we have a PAP file with any 1330 * secrets that we could possibly use for authenticating the peer. 1331 */ 1332static int 1333have_pap_secret(lacks_ipp) 1334 int *lacks_ipp; 1335{ 1336 FILE *f; 1337 int ret; 1338 char *filename; 1339 struct wordlist *addrs; 1340 1341 /* let the plugin decide, if there is one */ 1342 if (pap_check_hook) { 1343 ret = (*pap_check_hook)(); 1344 if (ret >= 0) 1345 return ret; 1346 } 1347 1348 filename = _PATH_UPAPFILE; 1349 f = fopen(filename, "r"); 1350 if (f == NULL) 1351 return 0; 1352 1353 ret = scan_authfile(f, (explicit_remote? remote_name: NULL), our_name, 1354 NULL, &addrs, NULL, filename); 1355 fclose(f); 1356 if (ret >= 0 && !some_ip_ok(addrs)) { 1357 if (lacks_ipp != 0) 1358 *lacks_ipp = 1; 1359 ret = -1; 1360 } 1361 if (addrs != 0) 1362 free_wordlist(addrs); 1363 1364 return ret >= 0; 1365} 1366 1367 1368/* 1369 * have_chap_secret - check whether we have a CHAP file with a 1370 * secret that we could possibly use for authenticating `client' 1371 * on `server'. Either can be the null string, meaning we don't 1372 * know the identity yet. 1373 */ 1374static int 1375have_chap_secret(client, server, need_ip, lacks_ipp) 1376 char *client; 1377 char *server; 1378 int need_ip; 1379 int *lacks_ipp; 1380{ 1381 FILE *f; 1382 int ret; 1383 char *filename; 1384 struct wordlist *addrs; 1385 1386 filename = _PATH_CHAPFILE; 1387 f = fopen(filename, "r"); 1388 if (f == NULL) 1389 return 0; 1390 1391 if (client != NULL && client[0] == 0) 1392 client = NULL; 1393 else if (server != NULL && server[0] == 0) 1394 server = NULL; 1395 1396 ret = scan_authfile(f, client, server, NULL, &addrs, NULL, filename); 1397 fclose(f); 1398 if (ret >= 0 && need_ip && !some_ip_ok(addrs)) { 1399 if (lacks_ipp != 0) 1400 *lacks_ipp = 1; 1401 ret = -1; 1402 } 1403 if (addrs != 0) 1404 free_wordlist(addrs); 1405 1406 return ret >= 0; 1407} 1408 1409 1410/* 1411 * get_secret - open the CHAP secret file and return the secret 1412 * for authenticating the given client on the given server. 1413 * (We could be either client or server). 1414 */ 1415int 1416get_secret(unit, client, server, secret, secret_len, am_server) 1417 int unit; 1418 char *client; 1419 char *server; 1420 char *secret; 1421 int *secret_len; 1422 int am_server; 1423{ 1424 FILE *f; 1425 int ret, len; 1426 char *filename; 1427 struct wordlist *addrs, *opts; 1428 char secbuf[MAXWORDLEN]; 1429 1430 if (!am_server && passwd[0] != 0) { 1431 strlcpy(secbuf, passwd, sizeof(secbuf)); 1432 } else { 1433 filename = _PATH_CHAPFILE; 1434 addrs = NULL; 1435 secbuf[0] = 0; 1436 1437 f = fopen(filename, "r"); 1438 if (f == NULL) { 1439 error("Can't open chap secret file %s: %m", filename); 1440 return 0; 1441 } 1442 check_access(f, filename); 1443 1444 ret = scan_authfile(f, client, server, secbuf, &addrs, &opts, filename); 1445 fclose(f); 1446 if (ret < 0) 1447 return 0; 1448 1449 if (am_server) 1450 set_allowed_addrs(unit, addrs, opts); 1451 else if (opts != 0) 1452 free_wordlist(opts); 1453 if (addrs != 0) 1454 free_wordlist(addrs); 1455 } 1456 1457 len = strlen(secbuf); 1458 if (len > MAXSECRETLEN) { 1459 error("Secret for %s on %s is too long", client, server); 1460 len = MAXSECRETLEN; 1461 } 1462 BCOPY(secbuf, secret, len); 1463 BZERO(secbuf, sizeof(secbuf)); 1464 *secret_len = len; 1465 1466 return 1; 1467} 1468 1469/* 1470 * set_allowed_addrs() - set the list of allowed addresses. 1471 * Also looks for `--' indicating options to apply for this peer 1472 * and leaves the following words in extra_options. 1473 */ 1474static void 1475set_allowed_addrs(unit, addrs, opts) 1476 int unit; 1477 struct wordlist *addrs; 1478 struct wordlist *opts; 1479{ 1480 int n; 1481 struct wordlist *ap, **plink; 1482 struct permitted_ip *ip; 1483 char *ptr_word, *ptr_mask; 1484 struct hostent *hp; 1485 struct netent *np; 1486 u_int32_t a, mask, ah, offset; 1487 struct ipcp_options *wo = &ipcp_wantoptions[unit]; 1488 u_int32_t suggested_ip = 0; 1489 1490 if (addresses[unit] != NULL) 1491 free(addresses[unit]); 1492 addresses[unit] = NULL; 1493 if (extra_options != NULL) 1494 free_wordlist(extra_options); 1495 extra_options = opts; 1496 1497 /* 1498 * Count the number of IP addresses given. 1499 */ 1500 n = wordlist_count(addrs) + wordlist_count(noauth_addrs); 1501 if (n == 0) 1502 return; 1503 ip = (struct permitted_ip *) malloc((n + 1) * sizeof(struct permitted_ip)); 1504 if (ip == 0) 1505 return; 1506 1507 /* temporarily append the noauth_addrs list to addrs */ 1508 for (plink = &addrs; *plink != NULL; plink = &(*plink)->next) 1509 ; 1510 *plink = noauth_addrs; 1511 1512 n = 0; 1513 for (ap = addrs; ap != NULL; ap = ap->next) { 1514 /* "-" means no addresses authorized, "*" means any address allowed */ 1515 ptr_word = ap->word; 1516 if (strcmp(ptr_word, "-") == 0) 1517 break; 1518 if (strcmp(ptr_word, "*") == 0) { 1519 ip[n].permit = 1; 1520 ip[n].base = ip[n].mask = 0; 1521 ++n; 1522 break; 1523 } 1524 1525 ip[n].permit = 1; 1526 if (*ptr_word == '!') { 1527 ip[n].permit = 0; 1528 ++ptr_word; 1529 } 1530 1531 mask = ~ (u_int32_t) 0; 1532 offset = 0; 1533 ptr_mask = strchr (ptr_word, '/'); 1534 if (ptr_mask != NULL) { 1535 int bit_count; 1536 char *endp; 1537 1538 bit_count = (int) strtol (ptr_mask+1, &endp, 10); 1539 if (bit_count <= 0 || bit_count > 32) { 1540 warn("invalid address length %v in auth. address list", 1541 ptr_mask+1); 1542 continue; 1543 } 1544 bit_count = 32 - bit_count; /* # bits in host part */ 1545 if (*endp == '+') { 1546 offset = ifunit + 1; 1547 ++endp; 1548 } 1549 if (*endp != 0) { 1550 warn("invalid address length syntax: %v", ptr_mask+1); 1551 continue; 1552 } 1553 *ptr_mask = '\0'; 1554 mask <<= bit_count; 1555 } 1556 1557 hp = gethostbyname(ptr_word); 1558 if (hp != NULL && hp->h_addrtype == AF_INET) { 1559 a = *(u_int32_t *)hp->h_addr; 1560 } else { 1561 np = getnetbyname (ptr_word); 1562 if (np != NULL && np->n_addrtype == AF_INET) { 1563 a = htonl (*(u_int32_t *)np->n_net); 1564 if (ptr_mask == NULL) { 1565 /* calculate appropriate mask for net */ 1566 ah = ntohl(a); 1567 if (IN_CLASSA(ah)) 1568 mask = IN_CLASSA_NET; 1569 else if (IN_CLASSB(ah)) 1570 mask = IN_CLASSB_NET; 1571 else if (IN_CLASSC(ah)) 1572 mask = IN_CLASSC_NET; 1573 } 1574 } else { 1575 a = inet_addr (ptr_word); 1576 } 1577 } 1578 1579 if (ptr_mask != NULL) 1580 *ptr_mask = '/'; 1581 1582 if (a == (u_int32_t)-1L) { 1583 warn("unknown host %s in auth. address list", ap->word); 1584 continue; 1585 } 1586 if (offset != 0) { 1587 if (offset >= ~mask) { 1588 warn("interface unit %d too large for subnet %v", 1589 ifunit, ptr_word); 1590 continue; 1591 } 1592 a = htonl((ntohl(a) & mask) + offset); 1593 mask = ~(u_int32_t)0; 1594 } 1595 ip[n].mask = htonl(mask); 1596 ip[n].base = a & ip[n].mask; 1597 ++n; 1598 if (~mask == 0 && suggested_ip == 0) 1599 suggested_ip = a; 1600 } 1601 *plink = NULL; 1602 1603 ip[n].permit = 0; /* make the last entry forbid all addresses */ 1604 ip[n].base = 0; /* to terminate the list */ 1605 ip[n].mask = 0; 1606 1607 addresses[unit] = ip; 1608 1609 /* 1610 * If the address given for the peer isn't authorized, or if 1611 * the user hasn't given one, AND there is an authorized address 1612 * which is a single host, then use that if we find one. 1613 */ 1614 if (suggested_ip != 0 1615 && (wo->hisaddr == 0 || !auth_ip_addr(unit, wo->hisaddr))) { 1616 wo->hisaddr = suggested_ip; 1617 /* 1618 * Do we insist on this address? No, if there are other 1619 * addresses authorized than the suggested one. 1620 */ 1621 if (n > 1) 1622 wo->accept_remote = 1; 1623 } 1624} 1625 1626/* 1627 * auth_ip_addr - check whether the peer is authorized to use 1628 * a given IP address. Returns 1 if authorized, 0 otherwise. 1629 */ 1630int 1631auth_ip_addr(unit, addr) 1632 int unit; 1633 u_int32_t addr; 1634{ 1635 int ok; 1636 1637 /* don't allow loopback or multicast address */ 1638 if (bad_ip_adrs(addr)) 1639 return 0; 1640 1641 if (addresses[unit] != NULL) { 1642 ok = ip_addr_check(addr, addresses[unit]); 1643 if (ok >= 0) 1644 return ok; 1645 } 1646 if (auth_required) 1647 return 0; /* no addresses authorized */ 1648 return allow_any_ip || privileged || !have_route_to(addr); 1649} 1650 1651static int 1652ip_addr_check(addr, addrs) 1653 u_int32_t addr; 1654 struct permitted_ip *addrs; 1655{ 1656 for (; ; ++addrs) 1657 if ((addr & addrs->mask) == addrs->base) 1658 return addrs->permit; 1659} 1660 1661/* 1662 * bad_ip_adrs - return 1 if the IP address is one we don't want 1663 * to use, such as an address in the loopback net or a multicast address. 1664 * addr is in network byte order. 1665 */ 1666int 1667bad_ip_adrs(addr) 1668 u_int32_t addr; 1669{ 1670 addr = ntohl(addr); 1671 return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET 1672 || IN_MULTICAST(addr) || IN_BADCLASS(addr); 1673} 1674 1675/* 1676 * some_ip_ok - check a wordlist to see if it authorizes any 1677 * IP address(es). 1678 */ 1679static int 1680some_ip_ok(addrs) 1681 struct wordlist *addrs; 1682{ 1683 for (; addrs != 0; addrs = addrs->next) { 1684 if (addrs->word[0] == '-') 1685 break; 1686 if (addrs->word[0] != '!') 1687 return 1; /* some IP address is allowed */ 1688 } 1689 return 0; 1690} 1691 1692/* 1693 * check_access - complain if a secret file has too-liberal permissions. 1694 */ 1695static void 1696check_access(f, filename) 1697 FILE *f; 1698 char *filename; 1699{ 1700 struct stat sbuf; 1701 1702 if (fstat(fileno(f), &sbuf) < 0) { 1703 warn("cannot stat secret file %s: %m", filename); 1704 } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) { 1705 warn("Warning - secret file %s has world and/or group access", 1706 filename); 1707 } 1708} 1709 1710 1711/* 1712 * scan_authfile - Scan an authorization file for a secret suitable 1713 * for authenticating `client' on `server'. The return value is -1 1714 * if no secret is found, otherwise >= 0. The return value has 1715 * NONWILD_CLIENT set if the secret didn't have "*" for the client, and 1716 * NONWILD_SERVER set if the secret didn't have "*" for the server. 1717 * Any following words on the line up to a "--" (i.e. address authorization 1718 * info) are placed in a wordlist and returned in *addrs. Any 1719 * following words (extra options) are placed in a wordlist and 1720 * returned in *opts. 1721 * We assume secret is NULL or points to MAXWORDLEN bytes of space. 1722 */ 1723static int 1724scan_authfile(f, client, server, secret, addrs, opts, filename) 1725 FILE *f; 1726 char *client; 1727 char *server; 1728 char *secret; 1729 struct wordlist **addrs; 1730 struct wordlist **opts; 1731 char *filename; 1732{ 1733 int newline, xxx; 1734 int got_flag, best_flag; 1735 FILE *sf; 1736 struct wordlist *ap, *addr_list, *alist, **app; 1737 char word[MAXWORDLEN]; 1738 char atfile[MAXWORDLEN]; 1739 char lsecret[MAXWORDLEN]; 1740 1741 if (addrs != NULL) 1742 *addrs = NULL; 1743 if (opts != NULL) 1744 *opts = NULL; 1745 addr_list = NULL; 1746 if (!getword(f, word, &newline, filename)) 1747 return -1; /* file is empty??? */ 1748 newline = 1; 1749 best_flag = -1; 1750 for (;;) { 1751 /* 1752 * Skip until we find a word at the start of a line. 1753 */ 1754 while (!newline && getword(f, word, &newline, filename)) 1755 ; 1756 if (!newline) 1757 break; /* got to end of file */ 1758 1759 /* 1760 * Got a client - check if it's a match or a wildcard. 1761 */ 1762 got_flag = 0; 1763 if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) { 1764 newline = 0; 1765 continue; 1766 } 1767 if (!ISWILD(word)) 1768 got_flag = NONWILD_CLIENT; 1769 1770 /* 1771 * Now get a server and check if it matches. 1772 */ 1773 if (!getword(f, word, &newline, filename)) 1774 break; 1775 if (newline) 1776 continue; 1777 if (!ISWILD(word)) { 1778 if (server != NULL && strcmp(word, server) != 0) 1779 continue; 1780 got_flag |= NONWILD_SERVER; 1781 } 1782 1783 /* 1784 * Got some sort of a match - see if it's better than what 1785 * we have already. 1786 */ 1787 if (got_flag <= best_flag) 1788 continue; 1789 1790 /* 1791 * Get the secret. 1792 */ 1793 if (!getword(f, word, &newline, filename)) 1794 break; 1795 if (newline) 1796 continue; 1797 1798 if (secret != NULL) { 1799 /* 1800 * Special syntax: @/pathname means read secret from file. 1801 */ 1802 if (word[0] == '@' && word[1] == '/') { 1803 strlcpy(atfile, word+1, sizeof(atfile)); 1804 if ((sf = fopen(atfile, "r")) == NULL) { 1805 warn("can't open indirect secret file %s", atfile); 1806 continue; 1807 } 1808 check_access(sf, atfile); 1809 if (!getword(sf, word, &xxx, atfile)) { 1810 warn("no secret in indirect secret file %s", atfile); 1811 fclose(sf); 1812 continue; 1813 } 1814 fclose(sf); 1815 } 1816 strlcpy(lsecret, word, sizeof(lsecret)); 1817 } 1818 1819 /* 1820 * Now read address authorization info and make a wordlist. 1821 */ 1822 app = &alist; 1823 for (;;) { 1824 if (!getword(f, word, &newline, filename) || newline) 1825 break; 1826 ap = (struct wordlist *) 1827 malloc(sizeof(struct wordlist) + strlen(word) + 1); 1828 if (ap == NULL) 1829 novm("authorized addresses"); 1830 ap->word = (char *) (ap + 1); 1831 strcpy(ap->word, word); 1832 *app = ap; 1833 app = &ap->next; 1834 } 1835 *app = NULL; 1836 1837 /* 1838 * This is the best so far; remember it. 1839 */ 1840 best_flag = got_flag; 1841 if (addr_list) 1842 free_wordlist(addr_list); 1843 addr_list = alist; 1844 if (secret != NULL) 1845 strlcpy(secret, lsecret, MAXWORDLEN); 1846 1847 if (!newline) 1848 break; 1849 } 1850 1851 /* scan for a -- word indicating the start of options */ 1852 for (app = &addr_list; (ap = *app) != NULL; app = &ap->next) 1853 if (strcmp(ap->word, "--") == 0) 1854 break; 1855 /* ap = start of options */ 1856 if (ap != NULL) { 1857 ap = ap->next; /* first option */ 1858 free(*app); /* free the "--" word */ 1859 *app = NULL; /* terminate addr list */ 1860 } 1861 if (opts != NULL) 1862 *opts = ap; 1863 else if (ap != NULL) 1864 free_wordlist(ap); 1865 if (addrs != NULL) 1866 *addrs = addr_list; 1867 else if (addr_list != NULL) 1868 free_wordlist(addr_list); 1869 1870 return best_flag; 1871} 1872 1873/* 1874 * wordlist_count - return the number of items in a wordlist 1875 */ 1876static int 1877wordlist_count(wp) 1878 struct wordlist *wp; 1879{ 1880 int n; 1881 1882 for (n = 0; wp != NULL; wp = wp->next) 1883 ++n; 1884 return n; 1885} 1886 1887/* 1888 * free_wordlist - release memory allocated for a wordlist. 1889 */ 1890static void 1891free_wordlist(wp) 1892 struct wordlist *wp; 1893{ 1894 struct wordlist *next; 1895 1896 while (wp != NULL) { 1897 next = wp->next; 1898 free(wp); 1899 wp = next; 1900 } 1901} 1902 1903/* 1904 * auth_script_done - called when the auth-up or auth-down script 1905 * has finished. 1906 */ 1907static void 1908auth_script_done(arg) 1909 void *arg; 1910{ 1911 auth_script_pid = 0; 1912 switch (auth_script_state) { 1913 case s_up: 1914 if (auth_state == s_down) { 1915 auth_script_state = s_down; 1916 auth_script(_PATH_AUTHDOWN); 1917 } 1918 break; 1919 case s_down: 1920 if (auth_state == s_up) { 1921 auth_script_state = s_up; 1922 auth_script(_PATH_AUTHUP); 1923 } 1924 break; 1925 } 1926} 1927 1928/* 1929 * auth_script - execute a script with arguments 1930 * interface-name peer-name real-user tty speed 1931 */ 1932static void 1933auth_script(script) 1934 char *script; 1935{ 1936 char strspeed[32]; 1937 struct passwd *pw; 1938 char struid[32]; 1939 char *user_name; 1940 char *argv[8]; 1941 1942 if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL) 1943 user_name = pw->pw_name; 1944 else { 1945 slprintf(struid, sizeof(struid), "%d", getuid()); 1946 user_name = struid; 1947 } 1948 slprintf(strspeed, sizeof(strspeed), "%d", baud_rate); 1949 1950 argv[0] = script; 1951 argv[1] = ifname; 1952 argv[2] = peer_authname; 1953 argv[3] = user_name; 1954 argv[4] = devnam; 1955 argv[5] = strspeed; 1956 argv[6] = NULL; 1957 1958 auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL); 1959} 1960