1/* $OpenBSD: auth.c,v 1.40 2022/05/06 15:51:09 claudio Exp $ */ 2 3/* 4 * auth.c - PPP authentication and phase control. 5 * 6 * Copyright (c) 1989-2002 Paul Mackerras. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. The name(s) of the authors of this software must not be used to 21 * endorse or promote products derived from this software without 22 * prior written permission. 23 * 24 * 4. Redistributions of any form whatsoever must retain the following 25 * acknowledgment: 26 * "This product includes software developed by Paul Mackerras 27 * <paulus@samba.org>". 28 * 29 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO 30 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 31 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY 32 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 33 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 34 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 35 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 36 * 37 * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. 38 * 39 * Redistribution and use in source and binary forms, with or without 40 * modification, are permitted provided that the following conditions 41 * are met: 42 * 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 46 * 2. Redistributions in binary form must reproduce the above copyright 47 * notice, this list of conditions and the following disclaimer in 48 * the documentation and/or other materials provided with the 49 * distribution. 50 * 51 * 3. The name "Carnegie Mellon University" must not be used to 52 * endorse or promote products derived from this software without 53 * prior written permission. For permission or any legal 54 * details, please contact 55 * Office of Technology Transfer 56 * Carnegie Mellon University 57 * 5000 Forbes Avenue 58 * Pittsburgh, PA 15213-3890 59 * (412) 268-4387, fax: (412) 268-7395 60 * tech-transfer@andrew.cmu.edu 61 * 62 * 4. Redistributions of any form whatsoever must retain the following 63 * acknowledgment: 64 * "This product includes software developed by Computing Services 65 * at Carnegie Mellon University (http://www.cmu.edu/computing/)." 66 * 67 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 68 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 69 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 70 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 71 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 72 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 73 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 74 */ 75 76#include <stdio.h> 77#include <stddef.h> 78#include <stdlib.h> 79#include <unistd.h> 80#include <limits.h> 81#include <syslog.h> 82#include <pwd.h> 83#include <string.h> 84#include <sys/types.h> 85#include <sys/stat.h> 86#include <sys/socket.h> 87#include <utmp.h> 88#include <fcntl.h> 89#if defined(_PATH_LASTLOG) && defined(_linux_) 90#include <lastlog.h> 91#endif 92 93#include <netdb.h> 94#include <netinet/in.h> 95#include <arpa/inet.h> 96 97 98 99#include "pppd.h" 100#include "fsm.h" 101#include "lcp.h" 102#include "ipcp.h" 103#include "upap.h" 104#include "chap.h" 105#ifdef CBCP_SUPPORT 106#include "cbcp.h" 107#endif 108#include "pathnames.h" 109 110/* Used for storing a sequence of words. Usually malloced. */ 111struct wordlist { 112 struct wordlist *next; 113 char word[1]; 114}; 115 116/* Bits in scan_authfile return value */ 117#define NONWILD_SERVER 1 118#define NONWILD_CLIENT 2 119 120#define ISWILD(word) (word[0] == '*' && word[1] == 0) 121 122#define FALSE 0 123#define TRUE 1 124 125/* The name by which the peer authenticated itself to us. */ 126char peer_authname[MAXNAMELEN]; 127 128/* Records which authentication operations haven't completed yet. */ 129static int auth_pending[NUM_PPP]; 130 131/* Set if we have successfully called plogin() */ 132static int logged_in; 133 134/* Set if we have run the /etc/ppp/auth-up script. */ 135static int did_authup; 136 137/* List of addresses which the peer may use. */ 138static struct wordlist *addresses[NUM_PPP]; 139 140/* Number of network protocols which we have opened. */ 141static int num_np_open; 142 143/* Number of network protocols which have come up. */ 144static int num_np_up; 145 146/* Set if we got the contents of passwd[] from the pap-secrets file. */ 147static int passwd_from_file; 148 149/* Bits in auth_pending[] */ 150#define PAP_WITHPEER 1 151#define PAP_PEER 2 152#define CHAP_WITHPEER 4 153#define CHAP_PEER 8 154 155extern char *crypt(const char *, const char *); 156 157/* Prototypes for procedures local to this file. */ 158 159static void network_phase(int); 160static void check_idle(void *); 161static void connect_time_expired(void *); 162static int plogin(char *, char *, char **, int *); 163static void plogout(void); 164static int null_login(int); 165static int get_pap_passwd(char *); 166static int have_pap_secret(void); 167static int have_chap_secret(char *, char *, u_int32_t); 168static int ip_addr_check(u_int32_t, struct wordlist *); 169static int scan_authfile(FILE *, char *, char *, u_int32_t, char *, 170 struct wordlist **, char *); 171static void free_wordlist(struct wordlist *); 172static void auth_script(char *); 173static void set_allowed_addrs(int, struct wordlist *); 174 175/* 176 * An Open on LCP has requested a change from Dead to Establish phase. 177 * Do what's necessary to bring the physical layer up. 178 */ 179void 180link_required(unit) 181 int unit; 182{ 183} 184 185/* 186 * LCP has terminated the link; go to the Dead phase and take the 187 * physical layer down. 188 */ 189void 190link_terminated(unit) 191 int unit; 192{ 193 if (phase == PHASE_DEAD) 194 return; 195 if (logged_in) 196 plogout(); 197 phase = PHASE_DEAD; 198 syslog(LOG_NOTICE, "Connection terminated."); 199} 200 201/* 202 * LCP has gone down; it will either die or try to re-establish. 203 */ 204void 205link_down(unit) 206 int unit; 207{ 208 int i; 209 struct protent *protp; 210 211 if (did_authup) { 212 auth_script(_PATH_AUTHDOWN); 213 did_authup = 0; 214 } 215 for (i = 0; (protp = protocols[i]) != NULL; ++i) { 216 if (!protp->enabled_flag) 217 continue; 218 if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) 219 (*protp->lowerdown)(unit); 220 if (protp->protocol < 0xC000 && protp->close != NULL) 221 (*protp->close)(unit, "LCP down"); 222 } 223 num_np_open = 0; 224 num_np_up = 0; 225 if (phase != PHASE_DEAD) 226 phase = PHASE_TERMINATE; 227} 228 229/* 230 * The link is established. 231 * Proceed to the Dead, Authenticate or Network phase as appropriate. 232 */ 233void 234link_established(unit) 235 int unit; 236{ 237 int auth; 238 lcp_options *wo = &lcp_wantoptions[unit]; 239 lcp_options *go = &lcp_gotoptions[unit]; 240 lcp_options *ho = &lcp_hisoptions[unit]; 241 int i; 242 struct protent *protp; 243 244 /* 245 * Tell higher-level protocols that LCP is up. 246 */ 247 for (i = 0; (protp = protocols[i]) != NULL; ++i) 248 if (protp->protocol != PPP_LCP && protp->enabled_flag 249 && protp->lowerup != NULL) 250 (*protp->lowerup)(unit); 251 252 if (auth_required && !(go->neg_chap || go->neg_upap)) { 253 /* 254 * We wanted the peer to authenticate itself, and it refused: 255 * treat it as though it authenticated with PAP using a username 256 * of "" and a password of "". If that's not OK, boot it out. 257 */ 258 if (!wo->neg_upap || !null_login(unit)) { 259 syslog(LOG_WARNING, "peer refused to authenticate"); 260 lcp_close(unit, "peer refused to authenticate"); 261 return; 262 } 263 } 264 265 phase = PHASE_AUTHENTICATE; 266 auth = 0; 267 if (go->neg_chap) { 268 ChapAuthPeer(unit, our_name, go->chap_mdtype); 269 auth |= CHAP_PEER; 270 } else if (go->neg_upap) { 271 upap_authpeer(unit); 272 auth |= PAP_PEER; 273 } 274 if (ho->neg_chap) { 275 ChapAuthWithPeer(unit, user, ho->chap_mdtype); 276 auth |= CHAP_WITHPEER; 277 } else if (ho->neg_upap) { 278 if (passwd[0] == 0) { 279 passwd_from_file = 1; 280 if (!get_pap_passwd(passwd)) 281 syslog(LOG_ERR, "No secret found for PAP login"); 282 } 283 upap_authwithpeer(unit, user, passwd); 284 auth |= PAP_WITHPEER; 285 } 286 auth_pending[unit] = auth; 287 288 if (!auth) 289 network_phase(unit); 290} 291 292/* 293 * Proceed to the network phase. 294 */ 295static void 296network_phase(unit) 297 int unit; 298{ 299 int i; 300 struct protent *protp; 301 lcp_options *go = &lcp_gotoptions[unit]; 302 303 /* 304 * If the peer had to authenticate, run the auth-up script now. 305 */ 306 if ((go->neg_chap || go->neg_upap) && !did_authup) { 307 auth_script(_PATH_AUTHUP); 308 did_authup = 1; 309 } 310 311#ifdef CBCP_SUPPORT 312 /* 313 * If we negotiated callback, do it now. 314 */ 315 if (go->neg_cbcp) { 316 phase = PHASE_CALLBACK; 317 (*cbcp_protent.open)(unit); 318 return; 319 } 320#endif 321 322 phase = PHASE_NETWORK; 323#if 0 324 if (!demand) 325 set_filters(&pass_filter, &active_filter); 326#endif 327 for (i = 0; (protp = protocols[i]) != NULL; ++i) 328 if (protp->protocol < 0xC000 && protp->enabled_flag 329 && protp->open != NULL) { 330 (*protp->open)(unit); 331 if (protp->protocol != PPP_CCP) 332 ++num_np_open; 333 } 334 335 if (num_np_open == 0) 336 /* nothing to do */ 337 lcp_close(0, "No network protocols running"); 338} 339 340/* 341 * The peer has failed to authenticate himself using `protocol'. 342 */ 343void 344auth_peer_fail(unit, protocol) 345 int unit, protocol; 346{ 347 /* 348 * Authentication failure: take the link down 349 */ 350 lcp_close(unit, "Authentication failed"); 351} 352 353/* 354 * The peer has been successfully authenticated using `protocol'. 355 */ 356void 357auth_peer_success(unit, protocol, name, namelen) 358 int unit, protocol; 359 char *name; 360 int namelen; 361{ 362 int bit; 363 364 switch (protocol) { 365 case PPP_CHAP: 366 bit = CHAP_PEER; 367 break; 368 case PPP_PAP: 369 bit = PAP_PEER; 370 break; 371 default: 372 syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", 373 protocol); 374 return; 375 } 376 377 /* 378 * Save the authenticated name of the peer for later. 379 */ 380 if (namelen > sizeof(peer_authname) - 1) 381 namelen = sizeof(peer_authname) - 1; 382 BCOPY(name, peer_authname, namelen); 383 peer_authname[namelen] = 0; 384 script_setenv("PEERNAME", peer_authname); 385 386 /* 387 * If there is no more authentication still to be done, 388 * proceed to the network (or callback) phase. 389 */ 390 if ((auth_pending[unit] &= ~bit) == 0) 391 network_phase(unit); 392} 393 394/* 395 * We have failed to authenticate ourselves to the peer using `protocol'. 396 */ 397void 398auth_withpeer_fail(unit, protocol) 399 int unit, protocol; 400{ 401 if (passwd_from_file) 402 EXPLICIT_BZERO(passwd, MAXSECRETLEN); 403 /* 404 * We've failed to authenticate ourselves to our peer. 405 * He'll probably take the link down, and there's not much 406 * we can do except wait for that. 407 */ 408} 409 410/* 411 * We have successfully authenticated ourselves with the peer using `protocol'. 412 */ 413void 414auth_withpeer_success(unit, protocol) 415 int unit, protocol; 416{ 417 int bit; 418 419 switch (protocol) { 420 case PPP_CHAP: 421 bit = CHAP_WITHPEER; 422 break; 423 case PPP_PAP: 424 if (passwd_from_file) 425 EXPLICIT_BZERO(passwd, MAXSECRETLEN); 426 bit = PAP_WITHPEER; 427 break; 428 default: 429 syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", 430 protocol); 431 bit = 0; 432 } 433 434 /* 435 * If there is no more authentication still being done, 436 * proceed to the network (or callback) phase. 437 */ 438 if ((auth_pending[unit] &= ~bit) == 0) 439 network_phase(unit); 440} 441 442 443/* 444 * np_up - a network protocol has come up. 445 */ 446void 447np_up(unit, proto) 448 int unit, proto; 449{ 450 if (num_np_up == 0) { 451 /* 452 * At this point we consider that the link has come up successfully. 453 */ 454 need_holdoff = 0; 455 456 if (idle_time_limit > 0) 457 TIMEOUT(check_idle, NULL, idle_time_limit); 458 459 /* 460 * Set a timeout to close the connection once the maximum 461 * connect time has expired. 462 */ 463 if (maxconnect > 0) 464 TIMEOUT(connect_time_expired, 0, maxconnect); 465 466 /* 467 * Detach now, if the updetach option was given. 468 */ 469 if (nodetach == -1) 470 detach(); 471 } 472 ++num_np_up; 473} 474 475/* 476 * np_down - a network protocol has gone down. 477 */ 478void 479np_down(unit, proto) 480 int unit, proto; 481{ 482 if (--num_np_up == 0 && idle_time_limit > 0) { 483 UNTIMEOUT(check_idle, NULL); 484 } 485} 486 487/* 488 * np_finished - a network protocol has finished using the link. 489 */ 490void 491np_finished(unit, proto) 492 int unit, proto; 493{ 494 if (--num_np_open <= 0) { 495 /* no further use for the link: shut up shop. */ 496 lcp_close(0, "No network protocols running"); 497 } 498} 499 500/* 501 * check_idle - check whether the link has been idle for long 502 * enough that we can shut it down. 503 */ 504static void 505check_idle(arg) 506 void *arg; 507{ 508 struct ppp_idle idle; 509 time_t itime; 510 511 if (!get_idle_time(0, &idle)) 512 return; 513 itime = MIN(idle.xmit_idle, idle.recv_idle); 514 if (itime >= idle_time_limit) { 515 /* link is idle: shut it down. */ 516 syslog(LOG_INFO, "Terminating connection due to lack of activity."); 517 lcp_close(0, "Link inactive"); 518 } else { 519 TIMEOUT(check_idle, NULL, idle_time_limit - itime); 520 } 521} 522 523/* 524 * connect_time_expired - log a message and close the connection. 525 */ 526static void 527connect_time_expired(arg) 528 void *arg; 529{ 530 syslog(LOG_INFO, "Connect time expired"); 531 lcp_close(0, "Connect time expired"); /* Close connection */ 532} 533 534/* 535 * auth_check_options - called to check authentication options. 536 */ 537void 538auth_check_options() 539{ 540 lcp_options *wo = &lcp_wantoptions[0]; 541 int can_auth; 542 ipcp_options *ipwo = &ipcp_wantoptions[0]; 543 u_int32_t remote; 544 545 /* Default our_name to hostname, and user to our_name */ 546 if (our_name[0] == 0 || usehostname) 547 strlcpy(our_name, hostname, HOST_NAME_MAX+1); 548 if (user[0] == 0) 549 strlcpy(user, our_name, MAXNAMELEN); 550 551 /* If authentication is required, ask peer for CHAP or PAP. */ 552 if (auth_required && !wo->neg_chap && !wo->neg_upap) { 553 wo->neg_chap = 1; 554 wo->neg_upap = 1; 555 } 556 557 /* 558 * Check whether we have appropriate secrets to use 559 * to authenticate the peer. 560 */ 561 can_auth = wo->neg_upap && (uselogin || have_pap_secret()); 562 if (!can_auth && wo->neg_chap) { 563 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 564 can_auth = have_chap_secret(remote_name, our_name, remote); 565 } 566 567 if (auth_required && !can_auth) { 568 option_error("peer authentication required but no suitable secret(s) found\n"); 569 if (remote_name[0] == 0) 570 option_error("for authenticating any peer to us (%s)\n", our_name); 571 else 572 option_error("for authenticating peer %s to us (%s)\n", 573 remote_name, our_name); 574 exit(1); 575 } 576 577 /* 578 * Check whether the user tried to override certain values 579 * set by root. 580 */ 581 if (!auth_required && auth_req_info.priv > 0) { 582 if (!default_device && devnam_info.priv == 0) { 583 option_error("can't override device name when noauth option used"); 584 exit(1); 585 } 586 if ((connector != NULL && connector_info.priv == 0) 587 || (disconnector != NULL && disconnector_info.priv == 0) 588 || (welcomer != NULL && welcomer_info.priv == 0)) { 589 option_error("can't override connect, disconnect or welcome"); 590 option_error("option values when noauth option used"); 591 exit(1); 592 } 593 } 594} 595 596/* 597 * auth_reset - called when LCP is starting negotiations to recheck 598 * authentication options, i.e. whether we have appropriate secrets 599 * to use for authenticating ourselves and/or the peer. 600 */ 601void 602auth_reset(unit) 603 int unit; 604{ 605 lcp_options *go = &lcp_gotoptions[unit]; 606 lcp_options *ao = &lcp_allowoptions[0]; 607 ipcp_options *ipwo = &ipcp_wantoptions[0]; 608 u_int32_t remote; 609 610 ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL)); 611 ao->neg_chap = !refuse_chap 612 && have_chap_secret(user, remote_name, (u_int32_t)0); 613 614 if (go->neg_upap && !uselogin && !have_pap_secret()) 615 go->neg_upap = 0; 616 if (go->neg_chap) { 617 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 618 if (!have_chap_secret(remote_name, our_name, remote)) 619 go->neg_chap = 0; 620 } 621} 622 623 624/* 625 * check_passwd - Check the user name and passwd against the PAP secrets 626 * file. If requested, also check against the system password database, 627 * and login the user if OK. 628 * 629 * returns: 630 * UPAP_AUTHNAK: Authentication failed. 631 * UPAP_AUTHACK: Authentication succeeded. 632 * In either case, msg points to an appropriate message. 633 */ 634int 635check_passwd(unit, auser, userlen, apasswd, passwdlen, msg, msglen) 636 int unit; 637 char *auser; 638 int userlen; 639 char *apasswd; 640 int passwdlen; 641 char **msg; 642 int *msglen; 643{ 644 int ret; 645 char *filename; 646 FILE *f; 647 struct wordlist *addrs; 648 u_int32_t remote; 649 ipcp_options *ipwo = &ipcp_wantoptions[unit]; 650 char passwd[256], user[256]; 651 char secret[MAXWORDLEN]; 652 static int attempts = 0; 653 654 /* 655 * Make copies of apasswd and auser, then null-terminate them. 656 */ 657 BCOPY(apasswd, passwd, passwdlen); 658 passwd[passwdlen] = '\0'; 659 BCOPY(auser, user, userlen); 660 user[userlen] = '\0'; 661 *msg = (char *) 0; 662 663 /* 664 * Open the file of pap secrets and scan for a suitable secret 665 * for authenticating this user. 666 */ 667 filename = _PATH_UPAPFILE; 668 addrs = NULL; 669 ret = UPAP_AUTHACK; 670 f = fopen(filename, "r"); 671 if (f == NULL) { 672 syslog(LOG_ERR, "Can't open PAP password file %s: %m", filename); 673 ret = UPAP_AUTHNAK; 674 } else { 675 check_access(f, filename); 676 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 677 if (scan_authfile(f, user, our_name, remote, 678 secret, &addrs, filename) < 0 679 || (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0) 680 && strcmp(crypt(passwd, secret), secret) != 0)) { 681 syslog(LOG_WARNING, "PAP authentication failure for %s", user); 682 ret = UPAP_AUTHNAK; 683 } 684 fclose(f); 685 } 686 687 if (uselogin && ret == UPAP_AUTHACK) { 688 ret = plogin(user, passwd, msg, msglen); 689 if (ret == UPAP_AUTHNAK) { 690 syslog(LOG_WARNING, "PAP login failure for %s", user); 691 } 692 } 693 694 if (ret == UPAP_AUTHNAK) { 695 if (*msg == (char *) 0) 696 *msg = "Login incorrect"; 697 *msglen = strlen(*msg); 698 /* 699 * Frustrate passwd stealer programs. 700 * Allow 10 tries, but start backing off after 3 (stolen from login). 701 * On 10'th, drop the connection. 702 */ 703 if (attempts++ >= 10) { 704 syslog(LOG_WARNING, "%d LOGIN FAILURES ON %s, %s", 705 attempts, devnam, user); 706 quit(); 707 } 708 if (attempts > 3) 709 sleep((u_int) (attempts - 3) * 5); 710 if (addrs != NULL) 711 free_wordlist(addrs); 712 713 } else { 714 attempts = 0; /* Reset count */ 715 if (*msg == (char *) 0) 716 *msg = "Login ok"; 717 *msglen = strlen(*msg); 718 set_allowed_addrs(unit, addrs); 719 } 720 721 EXPLICIT_BZERO(passwd, sizeof(passwd)); 722 EXPLICIT_BZERO(secret, sizeof(secret)); 723 724 return ret; 725} 726 727/* 728 * plogin - Check the user name and password against the system 729 * password database, and login the user if OK. 730 * 731 * returns: 732 * UPAP_AUTHNAK: Login failed. 733 * UPAP_AUTHACK: Login succeeded. 734 * In either case, msg points to an appropriate message. 735 */ 736 737static int 738plogin(user, passwd, msg, msglen) 739 char *user; 740 char *passwd; 741 char **msg; 742 int *msglen; 743{ 744 struct passwd *pw; 745 char *tty; 746 747 pw = getpwnam_shadow(user); 748 if (crypt_checkpass(passwd, pw ? pw->pw_passwd : NULL)) 749 return UPAP_AUTHNAK; 750 751 /* 752 * Write a wtmp entry for this user. 753 */ 754 755 tty = devnam; 756 if (strncmp(tty, "/dev/", 5) == 0) 757 tty += 5; 758 logwtmp(tty, user, remote_name); /* Add wtmp login entry */ 759 760#if defined(_PATH_LASTLOG) 761 { 762 struct lastlog ll; 763 int fd; 764 765 if ((fd = open(_PATH_LASTLOG, O_RDWR)) >= 0) { 766 memset(&ll, 0, sizeof(ll)); 767 (void)time(&ll.ll_time); 768 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); 769 (void)pwrite(fd, &ll, sizeof(ll), (off_t)pw->pw_uid * 770 sizeof(ll)); 771 (void)close(fd); 772 } 773 } 774#endif 775 776 777 syslog(LOG_INFO, "user %s logged in", user); 778 logged_in = TRUE; 779 780 return (UPAP_AUTHACK); 781} 782 783/* 784 * plogout - Logout the user. 785 */ 786static void 787plogout() 788{ 789 char *tty; 790 791 tty = devnam; 792 if (strncmp(tty, "/dev/", 5) == 0) 793 tty += 5; 794 logwtmp(tty, "", ""); /* Wipe out utmp logout entry */ 795 796 logged_in = FALSE; 797} 798 799 800/* 801 * null_login - Check if a username of "" and a password of "" are 802 * acceptable, and iff so, set the list of acceptable IP addresses 803 * and return 1. 804 */ 805static int 806null_login(unit) 807 int unit; 808{ 809 char *filename; 810 FILE *f; 811 int i, ret; 812 struct wordlist *addrs; 813 char secret[MAXWORDLEN]; 814 815 /* 816 * Open the file of pap secrets and scan for a suitable secret. 817 * We don't accept a wildcard client. 818 */ 819 filename = _PATH_UPAPFILE; 820 addrs = NULL; 821 f = fopen(filename, "r"); 822 if (f == NULL) 823 return 0; 824 check_access(f, filename); 825 826 i = scan_authfile(f, "", our_name, (u_int32_t)0, secret, &addrs, filename); 827 ret = i >= 0 && (i & NONWILD_CLIENT) != 0 && secret[0] == 0; 828 EXPLICIT_BZERO(secret, sizeof(secret)); 829 830 if (ret) 831 set_allowed_addrs(unit, addrs); 832 else 833 free_wordlist(addrs); 834 835 fclose(f); 836 return ret; 837} 838 839 840/* 841 * get_pap_passwd - get a password for authenticating ourselves with 842 * our peer using PAP. Returns 1 on success, 0 if no suitable password 843 * could be found. 844 */ 845static int 846get_pap_passwd(passwd) 847 char *passwd; 848{ 849 char *filename; 850 FILE *f; 851 int ret; 852 char secret[MAXWORDLEN]; 853 854 filename = _PATH_UPAPFILE; 855 f = fopen(filename, "r"); 856 if (f == NULL) 857 return 0; 858 check_access(f, filename); 859 ret = scan_authfile(f, user, 860 remote_name[0]? remote_name: NULL, 861 (u_int32_t)0, secret, NULL, filename); 862 fclose(f); 863 if (ret < 0) 864 return 0; 865 if (passwd != NULL) 866 strlcpy(passwd, secret, MAXSECRETLEN); 867 EXPLICIT_BZERO(secret, sizeof(secret)); 868 return 1; 869} 870 871 872/* 873 * have_pap_secret - check whether we have a PAP file with any 874 * secrets that we could possibly use for authenticating the peer. 875 */ 876static int 877have_pap_secret() 878{ 879 FILE *f; 880 int ret; 881 char *filename; 882 ipcp_options *ipwo = &ipcp_wantoptions[0]; 883 u_int32_t remote; 884 885 filename = _PATH_UPAPFILE; 886 f = fopen(filename, "r"); 887 if (f == NULL) 888 return 0; 889 890 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 891 ret = scan_authfile(f, NULL, our_name, remote, NULL, NULL, filename); 892 fclose(f); 893 if (ret < 0) 894 return 0; 895 896 return 1; 897} 898 899 900/* 901 * have_chap_secret - check whether we have a CHAP file with a 902 * secret that we could possibly use for authenticating `client' 903 * on `server'. Either can be the null string, meaning we don't 904 * know the identity yet. 905 */ 906static int 907have_chap_secret(client, server, remote) 908 char *client; 909 char *server; 910 u_int32_t remote; 911{ 912 FILE *f; 913 int ret; 914 char *filename; 915 916 filename = _PATH_CHAPFILE; 917 f = fopen(filename, "r"); 918 if (f == NULL) 919 return 0; 920 921 if (client[0] == 0) 922 client = NULL; 923 else if (server[0] == 0) 924 server = NULL; 925 926 ret = scan_authfile(f, client, server, remote, NULL, NULL, filename); 927 fclose(f); 928 if (ret < 0) 929 return 0; 930 931 return 1; 932} 933 934 935/* 936 * get_secret - open the CHAP secret file and return the secret 937 * for authenticating the given client on the given server. 938 * (We could be either client or server). 939 */ 940int 941get_secret(unit, client, server, secret, secret_len, save_addrs) 942 int unit; 943 char *client; 944 char *server; 945 char *secret; 946 int *secret_len; 947 int save_addrs; 948{ 949 FILE *f; 950 int ret, len; 951 char *filename; 952 struct wordlist *addrs; 953 char secbuf[MAXWORDLEN]; 954 955 filename = _PATH_CHAPFILE; 956 addrs = NULL; 957 secbuf[0] = 0; 958 959 f = fopen(filename, "r"); 960 if (f == NULL) { 961 syslog(LOG_ERR, "Can't open chap secret file %s: %m", filename); 962 return 0; 963 } 964 check_access(f, filename); 965 966 ret = scan_authfile(f, client, server, (u_int32_t)0, 967 secbuf, &addrs, filename); 968 fclose(f); 969 if (ret < 0) 970 return 0; 971 972 if (save_addrs) 973 set_allowed_addrs(unit, addrs); 974 975 len = strlen(secbuf); 976 if (len > MAXSECRETLEN) { 977 syslog(LOG_ERR, "Secret for %s on %s is too long", client, server); 978 len = MAXSECRETLEN; 979 } 980 BCOPY(secbuf, secret, len); 981 EXPLICIT_BZERO(secbuf, sizeof(secbuf)); 982 *secret_len = len; 983 984 return 1; 985} 986 987/* 988 * set_allowed_addrs() - set the list of allowed addresses. 989 */ 990static void 991set_allowed_addrs(unit, addrs) 992 int unit; 993 struct wordlist *addrs; 994{ 995 if (addresses[unit] != NULL) 996 free_wordlist(addresses[unit]); 997 addresses[unit] = addrs; 998 999 /* 1000 * If there's only one authorized address we might as well 1001 * ask our peer for that one right away 1002 */ 1003 if (addrs != NULL && addrs->next == NULL) { 1004 char *p = addrs->word; 1005 struct ipcp_options *wo = &ipcp_wantoptions[unit]; 1006 struct in_addr ina; 1007 struct hostent *hp; 1008 1009 if (*p != '!' && *p != '-' && !ISWILD(p) && strchr(p, '/') == NULL) { 1010 hp = gethostbyname(p); 1011 if (hp != NULL && hp->h_addrtype == AF_INET) 1012 wo->hisaddr = *(u_int32_t *)hp->h_addr; 1013 else if (inet_aton(p, &ina) == 1) 1014 wo->hisaddr = ina.s_addr; 1015 } 1016 } 1017} 1018 1019/* 1020 * auth_ip_addr - check whether the peer is authorized to use 1021 * a given IP address. Returns 1 if authorized, 0 otherwise. 1022 */ 1023int 1024auth_ip_addr(unit, addr) 1025 int unit; 1026 u_int32_t addr; 1027{ 1028 return ip_addr_check(addr, addresses[unit]); 1029} 1030 1031static int 1032ip_addr_check(addr, addrs) 1033 u_int32_t addr; 1034 struct wordlist *addrs; 1035{ 1036 u_int32_t mask, ah; 1037 struct in_addr ina; 1038 int accept, r = 1; 1039 char *ptr_word, *ptr_mask; 1040 struct hostent *hp; 1041 1042 /* don't allow loopback or multicast address */ 1043 if (bad_ip_adrs(addr)) 1044 return 0; 1045 1046 if (addrs == NULL) 1047 return !auth_required; /* no addresses authorized */ 1048 1049 for (; addrs != NULL; addrs = addrs->next) { 1050 /* "-" means no addresses authorized, "*" means any address allowed */ 1051 ptr_word = addrs->word; 1052 if (strcmp(ptr_word, "-") == 0) 1053 break; 1054 if (strcmp(ptr_word, "*") == 0) 1055 return 1; 1056 1057 accept = 1; 1058 if (*ptr_word == '!') { 1059 accept = 0; 1060 ++ptr_word; 1061 } 1062 1063 mask = ~ (u_int32_t) 0; 1064 ptr_mask = strchr (ptr_word, '/'); 1065 if (ptr_mask != NULL) { 1066 int bit_count; 1067 1068 bit_count = (int) strtol (ptr_mask+1, (char **) 0, 10); 1069 if (bit_count <= 0 || bit_count > 32) { 1070 syslog (LOG_WARNING, 1071 "invalid address length %s in auth. address list", 1072 ptr_mask); 1073 continue; 1074 } 1075 *ptr_mask = '\0'; 1076 mask <<= 32 - bit_count; 1077 } 1078 1079 hp = gethostbyname(ptr_word); 1080 if (hp != NULL && hp->h_addrtype == AF_INET) { 1081 ina.s_addr = *(u_int32_t *)hp->h_addr; 1082 } else { 1083 r = inet_aton (ptr_word, &ina); 1084 if (ptr_mask == NULL) { 1085 /* calculate appropriate mask for net */ 1086 ah = ntohl(ina.s_addr); 1087 if (IN_CLASSA(ah)) 1088 mask = IN_CLASSA_NET; 1089 else if (IN_CLASSB(ah)) 1090 mask = IN_CLASSB_NET; 1091 else if (IN_CLASSC(ah)) 1092 mask = IN_CLASSC_NET; 1093 } 1094 } 1095 1096 if (ptr_mask != NULL) 1097 *ptr_mask = '/'; 1098 1099 if (r == 0) 1100 syslog (LOG_WARNING, 1101 "unknown host %s in auth. address list", 1102 addrs->word); 1103 else 1104 /* Here ina.s_addr and addr are in network byte order, 1105 and mask is in host order. */ 1106 if (((addr ^ ina.s_addr) & htonl(mask)) == 0) 1107 return accept; 1108 } 1109 return 0; /* not in list => can't have it */ 1110} 1111 1112/* 1113 * bad_ip_adrs - return 1 if the IP address is one we don't want 1114 * to use, such as an address in the loopback net or a multicast address. 1115 * addr is in network byte order. 1116 */ 1117int 1118bad_ip_adrs(addr) 1119 u_int32_t addr; 1120{ 1121 addr = ntohl(addr); 1122 return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET 1123 || IN_MULTICAST(addr); 1124} 1125 1126/* 1127 * check_access - complain if a secret file has too-liberal permissions. 1128 */ 1129void 1130check_access(f, filename) 1131 FILE *f; 1132 char *filename; 1133{ 1134 struct stat sbuf; 1135 1136 if (fstat(fileno(f), &sbuf) < 0) { 1137 syslog(LOG_WARNING, "cannot stat secret file %s: %m", filename); 1138 } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) { 1139 syslog(LOG_WARNING, "Warning - secret file %s has world and/or group access", filename); 1140 } 1141} 1142 1143 1144/* 1145 * scan_authfile - Scan an authorization file for a secret suitable 1146 * for authenticating `client' on `server'. The return value is -1 1147 * if no secret is found, otherwise >= 0. The return value has 1148 * NONWILD_CLIENT set if the secret didn't have "*" for the client, and 1149 * NONWILD_SERVER set if the secret didn't have "*" for the server. 1150 * Any following words on the line (i.e. address authorization 1151 * info) are placed in a wordlist and returned in *addrs. 1152 */ 1153static int 1154scan_authfile(f, client, server, ipaddr, secret, addrs, filename) 1155 FILE *f; 1156 char *client; 1157 char *server; 1158 u_int32_t ipaddr; 1159 char *secret; 1160 struct wordlist **addrs; 1161 char *filename; 1162{ 1163 int newline, xxx; 1164 int got_flag, best_flag; 1165 FILE *sf; 1166 struct wordlist *ap, *addr_list, *alist, *alast; 1167 char word[MAXWORDLEN]; 1168 char atfile[MAXWORDLEN]; 1169 char lsecret[MAXWORDLEN]; 1170 1171 if (addrs != NULL) 1172 *addrs = NULL; 1173 addr_list = NULL; 1174 if (!getword(f, word, &newline, filename)) 1175 return -1; /* file is empty??? */ 1176 newline = 1; 1177 best_flag = -1; 1178 for (;;) { 1179 /* 1180 * Skip until we find a word at the start of a line. 1181 */ 1182 while (!newline && getword(f, word, &newline, filename)) 1183 ; 1184 if (!newline) 1185 break; /* got to end of file */ 1186 1187 /* 1188 * Got a client - check if it's a match or a wildcard. 1189 */ 1190 got_flag = 0; 1191 if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) { 1192 newline = 0; 1193 continue; 1194 } 1195 if (!ISWILD(word)) 1196 got_flag = NONWILD_CLIENT; 1197 1198 /* 1199 * Now get a server and check if it matches. 1200 */ 1201 if (!getword(f, word, &newline, filename)) 1202 break; 1203 if (newline) 1204 continue; 1205 if (server != NULL && strcmp(word, server) != 0 && !ISWILD(word)) 1206 continue; 1207 if (!ISWILD(word)) 1208 got_flag |= NONWILD_SERVER; 1209 1210 /* 1211 * Got some sort of a match - see if it's better than what 1212 * we have already. 1213 */ 1214 if (got_flag <= best_flag) 1215 continue; 1216 1217 /* 1218 * Get the secret. 1219 */ 1220 if (!getword(f, word, &newline, filename)) 1221 break; 1222 if (newline) 1223 continue; 1224 1225 /* 1226 * Special syntax: @filename means read secret from file. 1227 */ 1228 if (word[0] == '@') { 1229 strlcpy(atfile, word+1, sizeof atfile); 1230 if ((sf = fopen(atfile, "r")) == NULL) { 1231 syslog(LOG_WARNING, "can't open indirect secret file %s", 1232 atfile); 1233 continue; 1234 } 1235 check_access(sf, atfile); 1236 if (!getword(sf, word, &xxx, atfile)) { 1237 syslog(LOG_WARNING, "no secret in indirect secret file %s", 1238 atfile); 1239 fclose(sf); 1240 continue; 1241 } 1242 fclose(sf); 1243 } 1244 if (secret != NULL) 1245 strlcpy(lsecret, word, sizeof lsecret); 1246 1247 /* 1248 * Now read address authorization info and make a wordlist. 1249 */ 1250 alist = alast = NULL; 1251 for (;;) { 1252 size_t wordlen; 1253 1254 if (!getword(f, word, &newline, filename) || newline) 1255 break; 1256 wordlen = strlen(word); /* NUL in struct wordlist */ 1257 ap = (struct wordlist *) malloc(sizeof(struct wordlist) + 1258 wordlen); 1259 1260 if (ap == NULL) 1261 novm("authorized addresses"); 1262 ap->next = NULL; 1263 strlcpy(ap->word, word, wordlen + 1); 1264 if (alist == NULL) 1265 alist = ap; 1266 else 1267 alast->next = ap; 1268 alast = ap; 1269 } 1270 1271 /* 1272 * Check if the given IP address is allowed by the wordlist. 1273 */ 1274 if (ipaddr != 0 && !ip_addr_check(ipaddr, alist)) { 1275 free_wordlist(alist); 1276 continue; 1277 } 1278 1279 /* 1280 * This is the best so far; remember it. 1281 */ 1282 best_flag = got_flag; 1283 if (addr_list) 1284 free_wordlist(addr_list); 1285 addr_list = alist; 1286 if (secret != NULL) 1287 strlcpy(secret, lsecret, MAXWORDLEN); 1288 1289 if (!newline) 1290 break; 1291 } 1292 1293 if (addrs != NULL) 1294 *addrs = addr_list; 1295 else if (addr_list != NULL) 1296 free_wordlist(addr_list); 1297 1298 return best_flag; 1299} 1300 1301/* 1302 * free_wordlist - release memory allocated for a wordlist. 1303 */ 1304static void 1305free_wordlist(wp) 1306 struct wordlist *wp; 1307{ 1308 struct wordlist *next; 1309 1310 while (wp != NULL) { 1311 next = wp->next; 1312 free(wp); 1313 wp = next; 1314 } 1315} 1316 1317/* 1318 * auth_script - execute a script with arguments 1319 * interface-name peer-name real-user tty speed 1320 */ 1321static void 1322auth_script(script) 1323 char *script; 1324{ 1325 char strspeed[32]; 1326 struct passwd *pw; 1327 char struid[32]; 1328 char *user_name; 1329 char *argv[8]; 1330 1331 if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL) 1332 user_name = pw->pw_name; 1333 else { 1334 snprintf(struid, sizeof struid, "%u", getuid()); 1335 user_name = struid; 1336 } 1337 snprintf(strspeed, sizeof strspeed, "%d", baud_rate); 1338 1339 argv[0] = script; 1340 argv[1] = ifname; 1341 argv[2] = peer_authname; 1342 argv[3] = user_name; 1343 argv[4] = devnam; 1344 argv[5] = strspeed; 1345 argv[6] = NULL; 1346 1347 run_program(script, argv, 0); 1348} 1349