HardenedBSD/usr.sbin/ppp/pap.c

203 lines
5.8 KiB
C
Raw Normal View History

1995-01-31 07:29:58 +01:00
/*
* PPP PAP Module
*
* Written by Toshiharu OHNO (tony-o@iij.ad.jp)
*
* Copyright (C) 1993-94, Internet Initiative Japan, Inc.
* All rights reserverd.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by the Internet Initiative Japan, Inc. The name of the
* IIJ may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
1998-08-26 20:07:57 +02:00
* $Id: pap.c,v 1.26 1998/08/07 18:42:50 brian Exp $
1995-05-30 05:57:47 +02:00
*
1995-01-31 07:29:58 +01:00
* TODO:
*/
#include <sys/types.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <sys/un.h>
1998-08-26 20:07:57 +02:00
#include <string.h>
#include <termios.h>
#include "mbuf.h"
#include "log.h"
#include "defs.h"
#include "timer.h"
1995-01-31 07:29:58 +01:00
#include "fsm.h"
#include "lcp.h"
#include "auth.h"
1995-01-31 07:29:58 +01:00
#include "pap.h"
#include "lqr.h"
1995-01-31 07:29:58 +01:00
#include "hdlc.h"
#include "lcpproto.h"
#include "async.h"
#include "throughput.h"
o Move struct lcp and struct ccp into struct link. o Remove bundle2lcp(), bundle2ccp() and bundle2link(). They're too resource-hungry and we have `owner pointers' to do their job. o Make our FSM understand LCPs that are always ST_OPENED (with a minimum code that != 1). o Send FSM code rejects for invalid codes. o Make our bundle fsm_parent deal with multiple links. o Make timer diagnostics pretty and allow access via ~t in `term' mode (not just when logging debug) and `show timers'. Only show timers every second in debug mode, otherwise we get too many diagnostics to be useful (we probably still do). Also, don't restrict ~m in term mode to depend on debug logging. o Rationalise our bundles' phases. o Create struct mp (multilink protocol). This is both an NCP and a type of struct link. It feeds off other NCPs for output, passing fragmented packets into the queues of available datalinks. It also gets PROTO_MP input, reassembles the fragments into ppp frames, and passes them back to the HDLC layer that the fragments were passed from. ** It's not yet possible to enter multilink mode :-( ** o Add `set weight' (requires context) for deciding on a links weighting in multilink mode. Weighting is simplistic (and probably badly implemented) for now. o Remove the function pointers in struct link. They ended up only applying to physical links. o Configure our tun device with an MTU equal to the MRU from struct mp's LCP and a speed equal to the sum of our link speeds. o `show {lcp,ccp,proto}' and `set deflate' now have optional context and use ChooseLink() to decide on which `struct link' to use. This allows behaviour as before when in non-multilink mode, and allows access to the MP logical link in multilink mode. o Ignore reconnect and redial values when in -direct mode and when cleaning up. Always redial when in -ddial or -dedicated mode (unless cleaning up). o Tell our links to `staydown' when we close them due to a signal. o Remove remaining `#ifdef SIGALRM's (ppp doesn't function without alarms). o Don't bother strdup()ing our physical link name. o Various other cosmetic changes.
1998-04-03 21:21:56 +02:00
#include "ccp.h"
#include "link.h"
#include "descriptor.h"
#include "physical.h"
1998-03-13 22:07:46 +01:00
#include "iplist.h"
#include "slcompress.h"
1998-03-13 22:07:46 +01:00
#include "ipcp.h"
1998-03-16 23:52:54 +01:00
#include "filter.h"
o Move struct lcp and struct ccp into struct link. o Remove bundle2lcp(), bundle2ccp() and bundle2link(). They're too resource-hungry and we have `owner pointers' to do their job. o Make our FSM understand LCPs that are always ST_OPENED (with a minimum code that != 1). o Send FSM code rejects for invalid codes. o Make our bundle fsm_parent deal with multiple links. o Make timer diagnostics pretty and allow access via ~t in `term' mode (not just when logging debug) and `show timers'. Only show timers every second in debug mode, otherwise we get too many diagnostics to be useful (we probably still do). Also, don't restrict ~m in term mode to depend on debug logging. o Rationalise our bundles' phases. o Create struct mp (multilink protocol). This is both an NCP and a type of struct link. It feeds off other NCPs for output, passing fragmented packets into the queues of available datalinks. It also gets PROTO_MP input, reassembles the fragments into ppp frames, and passes them back to the HDLC layer that the fragments were passed from. ** It's not yet possible to enter multilink mode :-( ** o Add `set weight' (requires context) for deciding on a links weighting in multilink mode. Weighting is simplistic (and probably badly implemented) for now. o Remove the function pointers in struct link. They ended up only applying to physical links. o Configure our tun device with an MTU equal to the MRU from struct mp's LCP and a speed equal to the sum of our link speeds. o `show {lcp,ccp,proto}' and `set deflate' now have optional context and use ChooseLink() to decide on which `struct link' to use. This allows behaviour as before when in non-multilink mode, and allows access to the MP logical link in multilink mode. o Ignore reconnect and redial values when in -direct mode and when cleaning up. Always redial when in -ddial or -dedicated mode (unless cleaning up). o Tell our links to `staydown' when we close them due to a signal. o Remove remaining `#ifdef SIGALRM's (ppp doesn't function without alarms). o Don't bother strdup()ing our physical link name. o Various other cosmetic changes.
1998-04-03 21:21:56 +02:00
#include "mp.h"
#include "bundle.h"
#include "chat.h"
#include "chap.h"
#include "cbcp.h"
#include "datalink.h"
1995-01-31 07:29:58 +01:00
static const char *papcodes[] = { "???", "REQUEST", "SUCCESS", "FAILURE" };
1995-01-31 07:29:58 +01:00
void
pap_SendChallenge(struct authinfo *auth, int papid, struct physical *physical)
1995-01-31 07:29:58 +01:00
{
struct fsmheader lh;
struct mbuf *bp;
u_char *cp;
int namelen, keylen, plen;
namelen = strlen(physical->dl->bundle->cfg.auth.name);
keylen = strlen(physical->dl->bundle->cfg.auth.key);
1995-01-31 07:29:58 +01:00
plen = namelen + keylen + 2;
log_Printf(LogDEBUG, "pap_SendChallenge: namelen = %d, keylen = %d\n",
namelen, keylen);
log_Printf(LogPHASE, "Pap Output: %s ********\n",
physical->dl->bundle->cfg.auth.name);
if (*physical->dl->bundle->cfg.auth.name == '\0')
log_Printf(LogWARN, "Sending empty PAP authname!\n");
1995-01-31 07:29:58 +01:00
lh.code = PAP_REQUEST;
lh.id = papid;
1995-01-31 07:29:58 +01:00
lh.length = htons(plen + sizeof(struct fsmheader));
bp = mbuf_Alloc(plen + sizeof(struct fsmheader), MB_FSM);
memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
1995-01-31 07:29:58 +01:00
cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
*cp++ = namelen;
memcpy(cp, physical->dl->bundle->cfg.auth.name, namelen);
1995-01-31 07:29:58 +01:00
cp += namelen;
*cp++ = keylen;
memcpy(cp, physical->dl->bundle->cfg.auth.key, keylen);
1995-05-30 05:57:47 +02:00
hdlc_Output(&physical->link, PRI_LINK, PROTO_PAP, bp);
1995-01-31 07:29:58 +01:00
}
static void
SendPapCode(int id, int code, const char *message, struct physical *physical)
1995-01-31 07:29:58 +01:00
{
struct fsmheader lh;
struct mbuf *bp;
u_char *cp;
int plen, mlen;
lh.code = code;
lh.id = id;
mlen = strlen(message);
plen = mlen + 1;
lh.length = htons(plen + sizeof(struct fsmheader));
bp = mbuf_Alloc(plen + sizeof(struct fsmheader), MB_FSM);
memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
1995-01-31 07:29:58 +01:00
cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
*cp++ = mlen;
memcpy(cp, message, mlen);
log_Printf(LogPHASE, "Pap Output: %s\n", papcodes[code]);
hdlc_Output(&physical->link, PRI_LINK, PROTO_PAP, bp);
1995-01-31 07:29:58 +01:00
}
/*
* Validate given username and passwrd against with secret table
*/
static int
PapValidate(struct bundle *bundle, u_char *name, u_char *key,
struct physical *physical)
1995-01-31 07:29:58 +01:00
{
int nlen, klen;
nlen = *name++;
klen = *key;
*key++ = 0;
key[klen] = 0;
log_Printf(LogDEBUG, "PapValidate: name %s (%d), key %s (%d)\n",
name, nlen, key, klen);
return auth_Validate(bundle, name, key, physical);
1995-01-31 07:29:58 +01:00
}
void
pap_Input(struct bundle *bundle, struct mbuf *bp, struct physical *physical)
1995-01-31 07:29:58 +01:00
{
int len = mbuf_Length(bp);
1995-01-31 07:29:58 +01:00
struct fsmheader *php;
u_char *cp;
if (len >= sizeof(struct fsmheader)) {
php = (struct fsmheader *) MBUF_CTOP(bp);
1995-01-31 07:29:58 +01:00
if (len >= ntohs(php->length)) {
if (php->code < PAP_REQUEST || php->code > PAP_NAK)
php->code = 0;
switch (php->code) {
case PAP_REQUEST:
cp = (u_char *) (php + 1);
log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n",
papcodes[php->code], *cp, cp + 1);
if (PapValidate(bundle, cp, cp + *cp + 1, physical)) {
datalink_GotAuthname(physical->dl, cp+1, *cp);
SendPapCode(php->id, PAP_ACK, "Greetings!!", physical);
physical->link.lcp.auth_ineed = 0;
if (Enabled(bundle, OPT_UTMP))
physical_Login(physical, cp + 1);
if (physical->link.lcp.auth_iwait == 0)
/*
* Either I didn't need to authenticate, or I've already been
* told that I got the answer right.
*/
datalink_AuthOk(physical->dl);
1995-01-31 07:29:58 +01:00
} else {
SendPapCode(php->id, PAP_NAK, "Login incorrect", physical);
datalink_AuthNotOk(physical->dl);
1995-01-31 07:29:58 +01:00
}
break;
case PAP_ACK:
auth_StopTimer(&physical->dl->pap);
cp = (u_char *) (php + 1);
1995-01-31 07:29:58 +01:00
len = *cp++;
cp[len] = 0;
log_Printf(LogPHASE, "Pap Input: %s (%s)\n", papcodes[php->code], cp);
if (physical->link.lcp.auth_iwait == PROTO_PAP) {
physical->link.lcp.auth_iwait = 0;
if (physical->link.lcp.auth_ineed == 0)
/*
* We've succeeded in our ``login''
* If we're not expecting the peer to authenticate (or he already
* has), proceed to network phase.
*/
datalink_AuthOk(physical->dl);
1995-01-31 07:29:58 +01:00
}
break;
case PAP_NAK:
auth_StopTimer(&physical->dl->pap);
cp = (u_char *) (php + 1);
1995-01-31 07:29:58 +01:00
len = *cp++;
cp[len] = 0;
log_Printf(LogPHASE, "Pap Input: %s (%s)\n", papcodes[php->code], cp);
datalink_AuthNotOk(physical->dl);
1995-01-31 07:29:58 +01:00
break;
}
}
}
mbuf_Free(bp);
1995-01-31 07:29:58 +01:00
}