1 | /* |
---|
2 | * auth.c - PPP authentication and phase control. |
---|
3 | * |
---|
4 | * Copyright (c) 1993 The Australian National University. |
---|
5 | * All rights reserved. |
---|
6 | * |
---|
7 | * Redistribution and use in source and binary forms are permitted |
---|
8 | * provided that the above copyright notice and this paragraph are |
---|
9 | * duplicated in all such forms and that any documentation, |
---|
10 | * advertising materials, and other materials related to such |
---|
11 | * distribution and use acknowledge that the software was developed |
---|
12 | * by the Australian National University. The name of the University |
---|
13 | * may not be used to endorse or promote products derived from this |
---|
14 | * software without specific prior written permission. |
---|
15 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
---|
16 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
---|
17 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
---|
18 | * |
---|
19 | * Copyright (c) 1989 Carnegie Mellon University. |
---|
20 | * All rights reserved. |
---|
21 | * |
---|
22 | * Redistribution and use in source and binary forms are permitted |
---|
23 | * provided that the above copyright notice and this paragraph are |
---|
24 | * duplicated in all such forms and that any documentation, |
---|
25 | * advertising materials, and other materials related to such |
---|
26 | * distribution and use acknowledge that the software was developed |
---|
27 | * by Carnegie Mellon University. The name of the |
---|
28 | * University may not be used to endorse or promote products derived |
---|
29 | * from this software without specific prior written permission. |
---|
30 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
---|
31 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
---|
32 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
---|
33 | */ |
---|
34 | |
---|
35 | #define RCSID "$Id$" |
---|
36 | |
---|
37 | #include <stdio.h> |
---|
38 | #include <stddef.h> |
---|
39 | #include <stdlib.h> |
---|
40 | #include <unistd.h> |
---|
41 | #include <pwd.h> |
---|
42 | #include <grp.h> |
---|
43 | #include <string.h> |
---|
44 | #include <sys/types.h> |
---|
45 | #include <sys/stat.h> |
---|
46 | #include <sys/socket.h> |
---|
47 | #include <fcntl.h> |
---|
48 | #if defined(_PATH_LASTLOG) && defined(_linux_) |
---|
49 | #include <lastlog.h> |
---|
50 | #endif |
---|
51 | |
---|
52 | #include <netdb.h> |
---|
53 | #include <netinet/in.h> |
---|
54 | #include <arpa/inet.h> |
---|
55 | |
---|
56 | #ifdef USE_PAM |
---|
57 | #include <security/pam_appl.h> |
---|
58 | #endif |
---|
59 | |
---|
60 | #ifdef HAS_SHADOW |
---|
61 | #include <shadow.h> |
---|
62 | #ifndef PW_PPP |
---|
63 | #define PW_PPP PW_LOGIN |
---|
64 | #endif |
---|
65 | #endif |
---|
66 | |
---|
67 | #include "pppd.h" |
---|
68 | #include "fsm.h" |
---|
69 | #include "lcp.h" |
---|
70 | #include "ipcp.h" |
---|
71 | #include "upap.h" |
---|
72 | #include "chap.h" |
---|
73 | #ifdef CBCP_SUPPORT |
---|
74 | #include "cbcp.h" |
---|
75 | #endif |
---|
76 | #include "pathnames.h" |
---|
77 | |
---|
78 | static const char rcsid[] = RCSID; |
---|
79 | |
---|
80 | /* The name by which the peer authenticated itself to us. */ |
---|
81 | char peer_authname[MAXNAMELEN]; |
---|
82 | |
---|
83 | /* Records which authentication operations haven't completed yet. */ |
---|
84 | static int auth_pending[NUM_PPP]; |
---|
85 | |
---|
86 | /* List of addresses which the peer may use. */ |
---|
87 | static struct permitted_ip *addresses[NUM_PPP]; |
---|
88 | |
---|
89 | /* Wordlist giving addresses which the peer may use |
---|
90 | without authenticating itself. */ |
---|
91 | static struct wordlist *noauth_addrs; |
---|
92 | |
---|
93 | /* Extra options to apply, from the secrets file entry for the peer. */ |
---|
94 | static struct wordlist *extra_options; |
---|
95 | |
---|
96 | /* Number of network protocols which we have opened. */ |
---|
97 | static int num_np_open; |
---|
98 | |
---|
99 | /* Number of network protocols which have come up. */ |
---|
100 | static int num_np_up; |
---|
101 | |
---|
102 | /* Set if we got the contents of passwd[] from the pap-secrets file. */ |
---|
103 | static int passwd_from_file; |
---|
104 | |
---|
105 | /* Set if we require authentication only because we have a default route. */ |
---|
106 | static bool default_auth; |
---|
107 | |
---|
108 | /* Hook for a link status */ |
---|
109 | void (*auth_linkup_hook)__P((void)) = NULL; |
---|
110 | void (*auth_linkdown_hook)__P((void)) = NULL; |
---|
111 | |
---|
112 | /* Hook to enable a plugin to control the idle time limit */ |
---|
113 | int (*idle_time_hook) __P((struct ppp_idle *)) = NULL; |
---|
114 | |
---|
115 | /* Hook for a plugin to say whether we can possibly authenticate any peer */ |
---|
116 | int (*pap_check_hook) __P((void)) = NULL; |
---|
117 | |
---|
118 | /* Hook for a plugin to check the PAP user and password */ |
---|
119 | int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp, |
---|
120 | struct wordlist **paddrs, |
---|
121 | struct wordlist **popts)) = NULL; |
---|
122 | |
---|
123 | /* Hook for a plugin to know about the PAP user logout */ |
---|
124 | void (*pap_logout_hook) __P((void)) = NULL; |
---|
125 | |
---|
126 | /* Hook for a plugin to get the PAP password for authenticating us */ |
---|
127 | int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL; |
---|
128 | |
---|
129 | /* |
---|
130 | * This is used to ensure that we don't start an auth-up/down |
---|
131 | * script while one is already running. |
---|
132 | */ |
---|
133 | enum script_state { |
---|
134 | s_down, |
---|
135 | s_up |
---|
136 | }; |
---|
137 | |
---|
138 | static enum script_state auth_state = s_down; |
---|
139 | static enum script_state auth_script_state = s_down; |
---|
140 | |
---|
141 | /* |
---|
142 | * Option variables. |
---|
143 | */ |
---|
144 | bool uselogin = 0; /* Use /etc/passwd for checking PAP */ |
---|
145 | bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */ |
---|
146 | bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */ |
---|
147 | bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */ |
---|
148 | bool usehostname = 0; /* Use hostname for our_name */ |
---|
149 | bool auth_required = 0; /* Always require authentication from peer */ |
---|
150 | bool allow_any_ip = 0; /* Allow peer to use any IP address */ |
---|
151 | bool explicit_remote = 0; /* User specified explicit remote name */ |
---|
152 | char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ |
---|
153 | |
---|
154 | /* Bits in auth_pending[] */ |
---|
155 | #define PAP_WITHPEER 1 |
---|
156 | #define PAP_PEER 2 |
---|
157 | #define CHAP_WITHPEER 4 |
---|
158 | #define CHAP_PEER 8 |
---|
159 | |
---|
160 | extern char *crypt __P((const char *, const char *)); |
---|
161 | |
---|
162 | /* Prototypes for procedures local to this file. */ |
---|
163 | |
---|
164 | static void network_phase __P((int)); |
---|
165 | static void check_idle __P((void *)); |
---|
166 | static void connect_time_expired __P((void *)); |
---|
167 | static int null_login __P((int)); |
---|
168 | static int get_pap_passwd __P((char *)); |
---|
169 | static int have_pap_secret __P((int *)); |
---|
170 | static int have_chap_secret __P((char *, char *, int, int *)); |
---|
171 | static int ip_addr_check __P((u_int32_t, struct permitted_ip *)); |
---|
172 | static void free_wordlist __P((struct wordlist *)); |
---|
173 | static void auth_script __P((enum script_state s)); |
---|
174 | static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *)); |
---|
175 | |
---|
176 | |
---|
177 | /* |
---|
178 | * Authentication-related options. |
---|
179 | */ |
---|
180 | option_t auth_options[] = { |
---|
181 | { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap, |
---|
182 | "Require PAP authentication from peer", 1, &auth_required }, |
---|
183 | { "+pap", o_bool, &lcp_wantoptions[0].neg_upap, |
---|
184 | "Require PAP authentication from peer", 1, &auth_required }, |
---|
185 | { "refuse-pap", o_bool, &refuse_pap, |
---|
186 | "Don't agree to auth to peer with PAP", 1 }, |
---|
187 | { "-pap", o_bool, &refuse_pap, |
---|
188 | "Don't allow PAP authentication with peer", 1 }, |
---|
189 | { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap, |
---|
190 | "Require CHAP authentication from peer", 1, &auth_required }, |
---|
191 | { "+chap", o_bool, &lcp_wantoptions[0].neg_chap, |
---|
192 | "Require CHAP authentication from peer", 1, &auth_required }, |
---|
193 | { "refuse-chap", o_bool, &refuse_chap, |
---|
194 | "Don't agree to auth to peer with CHAP", 1 }, |
---|
195 | { "-chap", o_bool, &refuse_chap, |
---|
196 | "Don't allow CHAP authentication with peer", 1 }, |
---|
197 | { "name", o_string, our_name, |
---|
198 | "Set local name for authentication", |
---|
199 | OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN }, |
---|
200 | { "user", o_string, user, |
---|
201 | "Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN }, |
---|
202 | { "usehostname", o_bool, &usehostname, |
---|
203 | "Must use hostname for authentication", 1 }, |
---|
204 | { "remotename", o_string, remote_name, |
---|
205 | "Set remote name for authentication", OPT_STATIC, |
---|
206 | &explicit_remote, MAXNAMELEN }, |
---|
207 | { "auth", o_bool, &auth_required, |
---|
208 | "Require authentication from peer", 1 }, |
---|
209 | { "noauth", o_bool, &auth_required, |
---|
210 | "Don't require peer to authenticate", OPT_PRIV, &allow_any_ip }, |
---|
211 | { "login", o_bool, &uselogin, |
---|
212 | "Use system password database for PAP", 1 }, |
---|
213 | { "papcrypt", o_bool, &cryptpap, |
---|
214 | "PAP passwords are encrypted", 1 }, |
---|
215 | /* Removed for RTEMS PORT |
---|
216 | { "+ua", o_special, setupapfile, |
---|
217 | "Get PAP user and password from file" }, |
---|
218 | */ |
---|
219 | { "password", o_string, passwd, |
---|
220 | "Password for authenticating us to the peer", OPT_STATIC, |
---|
221 | NULL, MAXSECRETLEN }, |
---|
222 | /* Removed for RTEMS_PORT |
---|
223 | { "privgroup", o_special, privgroup, |
---|
224 | "Allow group members to use privileged options", OPT_PRIV }, |
---|
225 | { "allow-ip", o_special, set_noauth_addr, |
---|
226 | "Set IP address(es) which can be used without authentication", |
---|
227 | OPT_PRIV }, |
---|
228 | */ |
---|
229 | { NULL } |
---|
230 | }; |
---|
231 | |
---|
232 | /* |
---|
233 | * An Open on LCP has requested a change from Dead to Establish phase. |
---|
234 | * Do what's necessary to bring the physical layer up. |
---|
235 | */ |
---|
236 | void |
---|
237 | link_required(unit) |
---|
238 | int unit; |
---|
239 | { |
---|
240 | } |
---|
241 | |
---|
242 | /* |
---|
243 | * LCP has terminated the link; go to the Dead phase and take the |
---|
244 | * physical layer down. |
---|
245 | */ |
---|
246 | void |
---|
247 | link_terminated(unit) |
---|
248 | int unit; |
---|
249 | { |
---|
250 | if (phase == PHASE_DEAD) |
---|
251 | return; |
---|
252 | if (pap_logout_hook) { |
---|
253 | pap_logout_hook(); |
---|
254 | } |
---|
255 | new_phase(PHASE_DEAD); |
---|
256 | notice("Connection terminated."); |
---|
257 | } |
---|
258 | |
---|
259 | /* |
---|
260 | * LCP has gone down; it will either die or try to re-establish. |
---|
261 | */ |
---|
262 | void |
---|
263 | link_down(unit) |
---|
264 | int unit; |
---|
265 | { |
---|
266 | int i; |
---|
267 | struct protent *protp; |
---|
268 | |
---|
269 | auth_state = s_down; |
---|
270 | if (auth_script_state == s_up) { |
---|
271 | update_link_stats(unit); |
---|
272 | auth_script(s_down); |
---|
273 | } |
---|
274 | for (i = 0; (protp = protocols[i]) != NULL; ++i) { |
---|
275 | if (!protp->enabled_flag) |
---|
276 | continue; |
---|
277 | if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) |
---|
278 | (*protp->lowerdown)(unit); |
---|
279 | if (protp->protocol < 0xC000 && protp->close != NULL) |
---|
280 | (*protp->close)(unit, "LCP down"); |
---|
281 | } |
---|
282 | num_np_open = 0; |
---|
283 | num_np_up = 0; |
---|
284 | if (phase != PHASE_DEAD) |
---|
285 | new_phase(PHASE_TERMINATE); |
---|
286 | } |
---|
287 | |
---|
288 | /* |
---|
289 | * The link is established. |
---|
290 | * Proceed to the Dead, Authenticate or Network phase as appropriate. |
---|
291 | */ |
---|
292 | void |
---|
293 | link_established(unit) |
---|
294 | int unit; |
---|
295 | { |
---|
296 | int auth; |
---|
297 | lcp_options *wo = &lcp_wantoptions[unit]; |
---|
298 | lcp_options *go = &lcp_gotoptions[unit]; |
---|
299 | lcp_options *ho = &lcp_hisoptions[unit]; |
---|
300 | int i; |
---|
301 | struct protent *protp; |
---|
302 | |
---|
303 | /* |
---|
304 | * Tell higher-level protocols that LCP is up. |
---|
305 | */ |
---|
306 | for (i = 0; (protp = protocols[i]) != NULL; ++i) |
---|
307 | if (protp->protocol != PPP_LCP && protp->enabled_flag |
---|
308 | && protp->lowerup != NULL) |
---|
309 | (*protp->lowerup)(unit); |
---|
310 | |
---|
311 | if (auth_required && !(go->neg_chap || go->neg_upap)) { |
---|
312 | /* |
---|
313 | * We wanted the peer to authenticate itself, and it refused: |
---|
314 | * if we have some address(es) it can use without auth, fine, |
---|
315 | * otherwise treat it as though it authenticated with PAP using |
---|
316 | * a username * of "" and a password of "". If that's not OK, |
---|
317 | * boot it out. |
---|
318 | */ |
---|
319 | if (noauth_addrs != NULL) { |
---|
320 | set_allowed_addrs(unit, noauth_addrs, NULL); |
---|
321 | } else if (!wo->neg_upap || !null_login(unit)) { |
---|
322 | warn("peer refused to authenticate: terminating link"); |
---|
323 | lcp_close(unit, "peer refused to authenticate"); |
---|
324 | status = EXIT_PEER_AUTH_FAILED; |
---|
325 | return; |
---|
326 | } |
---|
327 | } |
---|
328 | |
---|
329 | new_phase(PHASE_AUTHENTICATE); |
---|
330 | auth = 0; |
---|
331 | if (go->neg_chap) { |
---|
332 | ChapAuthPeer(unit, our_name, go->chap_mdtype); |
---|
333 | auth |= CHAP_PEER; |
---|
334 | } else if (go->neg_upap) { |
---|
335 | upap_authpeer(unit); |
---|
336 | auth |= PAP_PEER; |
---|
337 | } |
---|
338 | if (ho->neg_chap) { |
---|
339 | ChapAuthWithPeer(unit, user, ho->chap_mdtype); |
---|
340 | auth |= CHAP_WITHPEER; |
---|
341 | } else if (ho->neg_upap) { |
---|
342 | if (passwd[0] == 0) { |
---|
343 | passwd_from_file = 1; |
---|
344 | if (!get_pap_passwd(passwd)) |
---|
345 | error("No secret found for PAP login"); |
---|
346 | } |
---|
347 | upap_authwithpeer(unit, user, passwd); |
---|
348 | auth |= PAP_WITHPEER; |
---|
349 | } |
---|
350 | auth_pending[unit] = auth; |
---|
351 | |
---|
352 | if (!auth) |
---|
353 | network_phase(unit); |
---|
354 | } |
---|
355 | |
---|
356 | /* |
---|
357 | * Proceed to the network phase. |
---|
358 | */ |
---|
359 | static void |
---|
360 | network_phase(unit) |
---|
361 | int unit; |
---|
362 | { |
---|
363 | #ifdef CBCP_SUPPORT |
---|
364 | lcp_options *go = &lcp_gotoptions[unit]; |
---|
365 | #endif |
---|
366 | |
---|
367 | /* always run the auth-up script */ |
---|
368 | auth_state = s_up; |
---|
369 | if (auth_script_state == s_down) { |
---|
370 | auth_script(s_up); |
---|
371 | } |
---|
372 | |
---|
373 | #ifdef CBCP_SUPPORT |
---|
374 | /* |
---|
375 | * If we negotiated callback, do it now. |
---|
376 | */ |
---|
377 | if (go->neg_cbcp) { |
---|
378 | new_phase(PHASE_CALLBACK); |
---|
379 | (*cbcp_protent.open)(unit); |
---|
380 | return; |
---|
381 | } |
---|
382 | #endif |
---|
383 | |
---|
384 | /* |
---|
385 | * Process extra options from the secrets file |
---|
386 | */ |
---|
387 | if (extra_options) { |
---|
388 | options_from_list(extra_options, 1); |
---|
389 | free_wordlist(extra_options); |
---|
390 | extra_options = 0; |
---|
391 | } |
---|
392 | start_networks(); |
---|
393 | } |
---|
394 | |
---|
395 | void |
---|
396 | start_networks() |
---|
397 | { |
---|
398 | int i; |
---|
399 | struct protent *protp; |
---|
400 | |
---|
401 | new_phase(PHASE_NETWORK); |
---|
402 | for (i = 0; (protp = protocols[i]) != NULL; ++i) |
---|
403 | if (protp->protocol < 0xC000 && protp->enabled_flag |
---|
404 | && protp->open != NULL) { |
---|
405 | (*protp->open)(0); |
---|
406 | if (protp->protocol != PPP_CCP) |
---|
407 | ++num_np_open; |
---|
408 | } |
---|
409 | |
---|
410 | if (num_np_open == 0) |
---|
411 | /* nothing to do */ |
---|
412 | lcp_close(0, "No network protocols running"); |
---|
413 | } |
---|
414 | |
---|
415 | /* |
---|
416 | * The peer has failed to authenticate himself using `protocol'. |
---|
417 | */ |
---|
418 | void |
---|
419 | auth_peer_fail(unit, protocol) |
---|
420 | int unit, protocol; |
---|
421 | { |
---|
422 | /* |
---|
423 | * Authentication failure: take the link down |
---|
424 | */ |
---|
425 | lcp_close(unit, "Authentication failed"); |
---|
426 | status = EXIT_PEER_AUTH_FAILED; |
---|
427 | } |
---|
428 | |
---|
429 | /* |
---|
430 | * The peer has been successfully authenticated using `protocol'. |
---|
431 | */ |
---|
432 | void |
---|
433 | auth_peer_success(unit, protocol, name, namelen) |
---|
434 | int unit, protocol; |
---|
435 | char *name; |
---|
436 | int namelen; |
---|
437 | { |
---|
438 | int bit; |
---|
439 | |
---|
440 | switch (protocol) { |
---|
441 | case PPP_CHAP: |
---|
442 | bit = CHAP_PEER; |
---|
443 | break; |
---|
444 | case PPP_PAP: |
---|
445 | bit = PAP_PEER; |
---|
446 | break; |
---|
447 | default: |
---|
448 | warn("auth_peer_success: unknown protocol %x", protocol); |
---|
449 | return; |
---|
450 | } |
---|
451 | |
---|
452 | /* |
---|
453 | * Save the authenticated name of the peer for later. |
---|
454 | */ |
---|
455 | if (namelen > sizeof(peer_authname) - 1) |
---|
456 | namelen = sizeof(peer_authname) - 1; |
---|
457 | BCOPY(name, peer_authname, namelen); |
---|
458 | peer_authname[namelen] = 0; |
---|
459 | |
---|
460 | /* |
---|
461 | * If there is no more authentication still to be done, |
---|
462 | * proceed to the network (or callback) phase. |
---|
463 | */ |
---|
464 | if ((auth_pending[unit] &= ~bit) == 0) |
---|
465 | network_phase(unit); |
---|
466 | } |
---|
467 | |
---|
468 | /* |
---|
469 | * We have failed to authenticate ourselves to the peer using `protocol'. |
---|
470 | */ |
---|
471 | void |
---|
472 | auth_withpeer_fail(unit, protocol) |
---|
473 | int unit, protocol; |
---|
474 | { |
---|
475 | if (passwd_from_file) |
---|
476 | BZERO(passwd, MAXSECRETLEN); |
---|
477 | /* |
---|
478 | * We've failed to authenticate ourselves to our peer. |
---|
479 | * Some servers keep sending CHAP challenges, but there |
---|
480 | * is no point in persisting without any way to get updated |
---|
481 | * authentication secrets. |
---|
482 | */ |
---|
483 | lcp_close(unit, "Failed to authenticate ourselves to peer"); |
---|
484 | status = EXIT_AUTH_TOPEER_FAILED; |
---|
485 | } |
---|
486 | |
---|
487 | /* |
---|
488 | * We have successfully authenticated ourselves with the peer using `protocol'. |
---|
489 | */ |
---|
490 | void |
---|
491 | auth_withpeer_success(unit, protocol) |
---|
492 | int unit, protocol; |
---|
493 | { |
---|
494 | int bit; |
---|
495 | |
---|
496 | switch (protocol) { |
---|
497 | case PPP_CHAP: |
---|
498 | bit = CHAP_WITHPEER; |
---|
499 | break; |
---|
500 | case PPP_PAP: |
---|
501 | if (passwd_from_file) |
---|
502 | BZERO(passwd, MAXSECRETLEN); |
---|
503 | bit = PAP_WITHPEER; |
---|
504 | break; |
---|
505 | default: |
---|
506 | warn("auth_withpeer_success: unknown protocol %x", protocol); |
---|
507 | bit = 0; |
---|
508 | } |
---|
509 | |
---|
510 | /* |
---|
511 | * If there is no more authentication still being done, |
---|
512 | * proceed to the network (or callback) phase. |
---|
513 | */ |
---|
514 | if ((auth_pending[unit] &= ~bit) == 0) |
---|
515 | network_phase(unit); |
---|
516 | } |
---|
517 | |
---|
518 | |
---|
519 | /* |
---|
520 | * np_up - a network protocol has come up. |
---|
521 | */ |
---|
522 | void |
---|
523 | np_up(unit, proto) |
---|
524 | int unit, proto; |
---|
525 | { |
---|
526 | int tlim; |
---|
527 | |
---|
528 | if (num_np_up == 0) { |
---|
529 | /* |
---|
530 | * At this point we consider that the link has come up successfully. |
---|
531 | */ |
---|
532 | status = EXIT_OK; |
---|
533 | unsuccess = 0; |
---|
534 | new_phase(PHASE_RUNNING); |
---|
535 | |
---|
536 | if (idle_time_hook != 0) |
---|
537 | tlim = (*idle_time_hook)(NULL); |
---|
538 | else |
---|
539 | tlim = idle_time_limit; |
---|
540 | if (tlim > 0) |
---|
541 | TIMEOUT(check_idle, NULL, tlim); |
---|
542 | |
---|
543 | /* |
---|
544 | * Set a timeout to close the connection once the maximum |
---|
545 | * connect time has expired. |
---|
546 | */ |
---|
547 | if (maxconnect > 0) |
---|
548 | TIMEOUT(connect_time_expired, 0, maxconnect); |
---|
549 | } |
---|
550 | ++num_np_up; |
---|
551 | } |
---|
552 | |
---|
553 | /* |
---|
554 | * np_down - a network protocol has gone down. |
---|
555 | */ |
---|
556 | void |
---|
557 | np_down(unit, proto) |
---|
558 | int unit, proto; |
---|
559 | { |
---|
560 | if (--num_np_up == 0) { |
---|
561 | UNTIMEOUT(check_idle, NULL); |
---|
562 | new_phase(PHASE_NETWORK); |
---|
563 | } |
---|
564 | } |
---|
565 | |
---|
566 | /* |
---|
567 | * np_finished - a network protocol has finished using the link. |
---|
568 | */ |
---|
569 | void |
---|
570 | np_finished(unit, proto) |
---|
571 | int unit, proto; |
---|
572 | { |
---|
573 | if (--num_np_open <= 0) { |
---|
574 | /* no further use for the link: shut up shop. */ |
---|
575 | lcp_close(0, "No network protocols running"); |
---|
576 | } |
---|
577 | } |
---|
578 | |
---|
579 | /* |
---|
580 | * check_idle - check whether the link has been idle for long |
---|
581 | * enough that we can shut it down. |
---|
582 | */ |
---|
583 | static void |
---|
584 | check_idle(arg) |
---|
585 | void *arg; |
---|
586 | { |
---|
587 | struct ppp_idle idle; |
---|
588 | time_t itime; |
---|
589 | int tlim; |
---|
590 | |
---|
591 | if (!get_idle_time(0, &idle)) |
---|
592 | return; |
---|
593 | if (idle_time_hook != 0) { |
---|
594 | tlim = idle_time_hook(&idle); |
---|
595 | } else { |
---|
596 | itime = MIN(idle.xmit_idle, idle.recv_idle); |
---|
597 | tlim = idle_time_limit - itime; |
---|
598 | } |
---|
599 | if (tlim <= 0) { |
---|
600 | /* link is idle: shut it down. */ |
---|
601 | notice("Terminating connection due to lack of activity."); |
---|
602 | lcp_close(0, "Link inactive"); |
---|
603 | need_holdoff = 0; |
---|
604 | status = EXIT_IDLE_TIMEOUT; |
---|
605 | } else { |
---|
606 | TIMEOUT(check_idle, NULL, tlim); |
---|
607 | } |
---|
608 | } |
---|
609 | |
---|
610 | /* |
---|
611 | * connect_time_expired - log a message and close the connection. |
---|
612 | */ |
---|
613 | static void |
---|
614 | connect_time_expired(arg) |
---|
615 | void *arg; |
---|
616 | { |
---|
617 | info("Connect time expired"); |
---|
618 | lcp_close(0, "Connect time expired"); /* Close connection */ |
---|
619 | status = EXIT_CONNECT_TIME; |
---|
620 | } |
---|
621 | |
---|
622 | /* |
---|
623 | * auth_check_options - called to check authentication options. |
---|
624 | */ |
---|
625 | int |
---|
626 | auth_check_options() |
---|
627 | { |
---|
628 | lcp_options *wo = &lcp_wantoptions[0]; |
---|
629 | int status = 1; |
---|
630 | int can_auth; |
---|
631 | int lacks_ip; |
---|
632 | |
---|
633 | /* Default our_name to hostname, and user to our_name */ |
---|
634 | if (our_name[0] == 0 || usehostname) |
---|
635 | strlcpy(our_name, hostname, sizeof(our_name)); |
---|
636 | if (user[0] == 0) |
---|
637 | strlcpy(user, our_name, sizeof(user)); |
---|
638 | |
---|
639 | /* |
---|
640 | * If we have a default route, require the peer to authenticate |
---|
641 | * unless the noauth option was given or the real user is root. |
---|
642 | */ |
---|
643 | if (!auth_required && !allow_any_ip && have_route_to(0) && !privileged) { |
---|
644 | printf("auth_check_options: turning on\n"); |
---|
645 | auth_required = 1; |
---|
646 | default_auth = 1; |
---|
647 | } |
---|
648 | |
---|
649 | /* If authentication is required, ask peer for CHAP or PAP. */ |
---|
650 | if (auth_required) { |
---|
651 | if (!wo->neg_chap && !wo->neg_upap) { |
---|
652 | wo->neg_chap = 1; |
---|
653 | wo->neg_upap = 1; |
---|
654 | } |
---|
655 | } else { |
---|
656 | wo->neg_chap = 0; |
---|
657 | wo->neg_upap = 0; |
---|
658 | } |
---|
659 | |
---|
660 | /* |
---|
661 | * Check whether we have appropriate secrets to use |
---|
662 | * to authenticate the peer. |
---|
663 | */ |
---|
664 | lacks_ip = 0; |
---|
665 | can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip)); |
---|
666 | if (!can_auth && wo->neg_chap) { |
---|
667 | can_auth = have_chap_secret((explicit_remote? remote_name: NULL), |
---|
668 | our_name, 1, &lacks_ip); |
---|
669 | } |
---|
670 | |
---|
671 | if (auth_required && !can_auth && noauth_addrs == NULL) { |
---|
672 | if (default_auth) { |
---|
673 | option_error( |
---|
674 | "By default the remote system is required to authenticate itself"); |
---|
675 | option_error( |
---|
676 | "(because this system has a default route to the internet)"); |
---|
677 | } else if (explicit_remote) |
---|
678 | option_error( |
---|
679 | "The remote system (%s) is required to authenticate itself", |
---|
680 | remote_name); |
---|
681 | else |
---|
682 | option_error( |
---|
683 | "The remote system is required to authenticate itself"); |
---|
684 | option_error( |
---|
685 | "but I couldn't find any suitable secret (password) for it to use to do so."); |
---|
686 | if (lacks_ip) |
---|
687 | option_error( |
---|
688 | "(None of the available passwords would let it use an IP address.)"); |
---|
689 | |
---|
690 | status = 0; |
---|
691 | } |
---|
692 | return ( status ); |
---|
693 | } |
---|
694 | |
---|
695 | /* |
---|
696 | * auth_reset - called when LCP is starting negotiations to recheck |
---|
697 | * authentication options, i.e. whether we have appropriate secrets |
---|
698 | * to use for authenticating ourselves and/or the peer. |
---|
699 | */ |
---|
700 | void |
---|
701 | auth_reset(unit) |
---|
702 | int unit; |
---|
703 | { |
---|
704 | lcp_options *go = &lcp_gotoptions[unit]; |
---|
705 | lcp_options *ao = &lcp_allowoptions[0]; |
---|
706 | |
---|
707 | ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL)); |
---|
708 | ao->neg_chap = !refuse_chap |
---|
709 | && (passwd[0] != 0 |
---|
710 | || have_chap_secret(user, (explicit_remote? remote_name: NULL), |
---|
711 | 0, NULL)); |
---|
712 | |
---|
713 | if (go->neg_upap && !uselogin && !have_pap_secret(NULL)) |
---|
714 | go->neg_upap = 0; |
---|
715 | if (go->neg_chap) { |
---|
716 | if (!have_chap_secret((explicit_remote? remote_name: NULL), |
---|
717 | our_name, 1, NULL)) |
---|
718 | go->neg_chap = 0; |
---|
719 | } |
---|
720 | } |
---|
721 | |
---|
722 | |
---|
723 | /* |
---|
724 | * check_passwd - Check the user name and passwd against the PAP secrets |
---|
725 | * file. If requested, also check against the system password database, |
---|
726 | * and login the user if OK. |
---|
727 | * |
---|
728 | * returns: |
---|
729 | * UPAP_AUTHNAK: Authentication failed. |
---|
730 | * UPAP_AUTHACK: Authentication succeeded. |
---|
731 | * In either case, msg points to an appropriate message. |
---|
732 | */ |
---|
733 | int |
---|
734 | check_passwd(unit, auser, userlen, apasswd, passwdlen, msg) |
---|
735 | int unit; |
---|
736 | char *auser; |
---|
737 | int userlen; |
---|
738 | char *apasswd; |
---|
739 | int passwdlen; |
---|
740 | char **msg; |
---|
741 | { |
---|
742 | int ret = (int)UPAP_AUTHNAK; |
---|
743 | |
---|
744 | if (( userlen == 0 ) && ( passwdlen == 0 )) { |
---|
745 | ret = (int)UPAP_AUTHACK; |
---|
746 | } |
---|
747 | printf("check_passwd: %d\n", ret); |
---|
748 | |
---|
749 | return ret; |
---|
750 | } |
---|
751 | |
---|
752 | /* |
---|
753 | * null_login - Check if a username of "" and a password of "" are |
---|
754 | * acceptable, and iff so, set the list of acceptable IP addresses |
---|
755 | * and return 1. |
---|
756 | */ |
---|
757 | static int |
---|
758 | null_login(unit) |
---|
759 | int unit; |
---|
760 | { |
---|
761 | return 0; |
---|
762 | } |
---|
763 | |
---|
764 | |
---|
765 | /* |
---|
766 | * get_pap_passwd - get a password for authenticating ourselves with |
---|
767 | * our peer using PAP. Returns 1 on success, 0 if no suitable password |
---|
768 | * could be found. |
---|
769 | * Assumes passwd points to MAXSECRETLEN bytes of space (if non-null). |
---|
770 | */ |
---|
771 | static int |
---|
772 | get_pap_passwd(passwd) |
---|
773 | char *passwd; |
---|
774 | { |
---|
775 | int ret = (int)0; |
---|
776 | |
---|
777 | /* |
---|
778 | * Check whether a plugin wants to supply this. |
---|
779 | */ |
---|
780 | if (pap_passwd_hook) { |
---|
781 | ret = (*pap_passwd_hook)(user, passwd); |
---|
782 | } |
---|
783 | |
---|
784 | return ( ret ); |
---|
785 | } |
---|
786 | |
---|
787 | |
---|
788 | /* |
---|
789 | * have_pap_secret - check whether we have a PAP file with any |
---|
790 | * secrets that we could possibly use for authenticating the peer. |
---|
791 | */ |
---|
792 | static int |
---|
793 | have_pap_secret(lacks_ipp) |
---|
794 | int *lacks_ipp; |
---|
795 | { |
---|
796 | int ret = (int)0; |
---|
797 | |
---|
798 | /* let the plugin decide, if there is one */ |
---|
799 | printf("have_pap_secret:\n"); |
---|
800 | if (pap_check_hook) { |
---|
801 | ret = (*pap_check_hook)(); |
---|
802 | } |
---|
803 | |
---|
804 | return ( ret ); |
---|
805 | } |
---|
806 | |
---|
807 | |
---|
808 | /* |
---|
809 | * have_chap_secret - check whether we have a CHAP file with a |
---|
810 | * secret that we could possibly use for authenticating `client' |
---|
811 | * on `server'. Either can be the null string, meaning we don't |
---|
812 | * know the identity yet. |
---|
813 | */ |
---|
814 | static int |
---|
815 | have_chap_secret(client, server, need_ip, lacks_ipp) |
---|
816 | char *client; |
---|
817 | char *server; |
---|
818 | int need_ip; |
---|
819 | int *lacks_ipp; |
---|
820 | { |
---|
821 | return 0; |
---|
822 | } |
---|
823 | |
---|
824 | |
---|
825 | /* |
---|
826 | * get_secret - open the CHAP secret file and return the secret |
---|
827 | * for authenticating the given client on the given server. |
---|
828 | * (We could be either client or server). |
---|
829 | */ |
---|
830 | int |
---|
831 | get_secret(unit, client, server, secret, secret_len, am_server) |
---|
832 | int unit; |
---|
833 | char *client; |
---|
834 | char *server; |
---|
835 | char *secret; |
---|
836 | int *secret_len; |
---|
837 | int am_server; |
---|
838 | { |
---|
839 | int len; |
---|
840 | char secbuf[MAXWORDLEN]; |
---|
841 | |
---|
842 | if (!am_server && passwd[0] != 0) { |
---|
843 | strlcpy(secbuf, passwd, sizeof(secbuf)); |
---|
844 | } else { |
---|
845 | return 0; |
---|
846 | } |
---|
847 | |
---|
848 | len = strlen(secbuf); |
---|
849 | if (len > MAXSECRETLEN) { |
---|
850 | error("Secret for %s on %s is too long", client, server); |
---|
851 | len = MAXSECRETLEN; |
---|
852 | } |
---|
853 | BCOPY(secbuf, secret, len); |
---|
854 | BZERO(secbuf, sizeof(secbuf)); |
---|
855 | *secret_len = len; |
---|
856 | |
---|
857 | return 1; |
---|
858 | } |
---|
859 | |
---|
860 | /* |
---|
861 | * set_allowed_addrs() - set the list of allowed addresses. |
---|
862 | * Also looks for `--' indicating options to apply for this peer |
---|
863 | * and leaves the following words in extra_options. |
---|
864 | */ |
---|
865 | static void |
---|
866 | set_allowed_addrs(unit, addrs, opts) |
---|
867 | int unit; |
---|
868 | struct wordlist *addrs; |
---|
869 | struct wordlist *opts; |
---|
870 | { |
---|
871 | int n; |
---|
872 | struct wordlist *ap, **pap; |
---|
873 | struct permitted_ip *ip; |
---|
874 | char *ptr_word, *ptr_mask; |
---|
875 | struct hostent *hp; |
---|
876 | struct netent *np; |
---|
877 | u_int32_t a, mask, ah, offset; |
---|
878 | struct ipcp_options *wo = &ipcp_wantoptions[unit]; |
---|
879 | u_int32_t suggested_ip = 0; |
---|
880 | |
---|
881 | if (addresses[unit] != NULL) |
---|
882 | free(addresses[unit]); |
---|
883 | addresses[unit] = NULL; |
---|
884 | if (extra_options != NULL) |
---|
885 | free_wordlist(extra_options); |
---|
886 | extra_options = opts; |
---|
887 | |
---|
888 | /* |
---|
889 | * Count the number of IP addresses given. |
---|
890 | */ |
---|
891 | for (n = 0, pap = &addrs; (ap = *pap) != NULL; pap = &ap->next) |
---|
892 | ++n; |
---|
893 | if (n == 0) |
---|
894 | return; |
---|
895 | ip = (struct permitted_ip *) malloc((n + 1) * sizeof(struct permitted_ip)); |
---|
896 | if (ip == 0) |
---|
897 | return; |
---|
898 | |
---|
899 | n = 0; |
---|
900 | for (ap = addrs; ap != NULL; ap = ap->next) { |
---|
901 | /* "-" means no addresses authorized, "*" means any address allowed */ |
---|
902 | ptr_word = ap->word; |
---|
903 | if (strcmp(ptr_word, "-") == 0) |
---|
904 | break; |
---|
905 | if (strcmp(ptr_word, "*") == 0) { |
---|
906 | ip[n].permit = 1; |
---|
907 | ip[n].base = ip[n].mask = 0; |
---|
908 | ++n; |
---|
909 | break; |
---|
910 | } |
---|
911 | |
---|
912 | ip[n].permit = 1; |
---|
913 | if (*ptr_word == '!') { |
---|
914 | ip[n].permit = 0; |
---|
915 | ++ptr_word; |
---|
916 | } |
---|
917 | |
---|
918 | mask = ~ (u_int32_t) 0; |
---|
919 | offset = 0; |
---|
920 | ptr_mask = strchr (ptr_word, '/'); |
---|
921 | if (ptr_mask != NULL) { |
---|
922 | int bit_count; |
---|
923 | char *endp; |
---|
924 | |
---|
925 | bit_count = (int) strtol (ptr_mask+1, &endp, 10); |
---|
926 | if (bit_count <= 0 || bit_count > 32) { |
---|
927 | warn("invalid address length %v in auth. address list", |
---|
928 | ptr_mask+1); |
---|
929 | continue; |
---|
930 | } |
---|
931 | bit_count = 32 - bit_count; /* # bits in host part */ |
---|
932 | if (*endp == '+') { |
---|
933 | offset = pppifunit + 1; |
---|
934 | ++endp; |
---|
935 | } |
---|
936 | if (*endp != 0) { |
---|
937 | warn("invalid address length syntax: %v", ptr_mask+1); |
---|
938 | continue; |
---|
939 | } |
---|
940 | *ptr_mask = '\0'; |
---|
941 | mask <<= bit_count; |
---|
942 | } |
---|
943 | |
---|
944 | hp = gethostbyname(ptr_word); |
---|
945 | if (hp != NULL && hp->h_addrtype == AF_INET) { |
---|
946 | a = *(u_int32_t *)hp->h_addr; |
---|
947 | } else { |
---|
948 | np = getnetbyname (ptr_word); |
---|
949 | if (np != NULL && np->n_addrtype == AF_INET) { |
---|
950 | a = htonl (*(u_int32_t *)np->n_net); |
---|
951 | if (ptr_mask == NULL) { |
---|
952 | /* calculate appropriate mask for net */ |
---|
953 | ah = ntohl(a); |
---|
954 | if (IN_CLASSA(ah)) |
---|
955 | mask = IN_CLASSA_NET; |
---|
956 | else if (IN_CLASSB(ah)) |
---|
957 | mask = IN_CLASSB_NET; |
---|
958 | else if (IN_CLASSC(ah)) |
---|
959 | mask = IN_CLASSC_NET; |
---|
960 | } |
---|
961 | } else { |
---|
962 | a = inet_addr (ptr_word); |
---|
963 | } |
---|
964 | } |
---|
965 | |
---|
966 | if (ptr_mask != NULL) |
---|
967 | *ptr_mask = '/'; |
---|
968 | |
---|
969 | if (a == (u_int32_t)-1L) { |
---|
970 | warn("unknown host %s in auth. address list", ap->word); |
---|
971 | continue; |
---|
972 | } |
---|
973 | if (offset != 0) { |
---|
974 | if (offset >= ~mask) { |
---|
975 | warn("interface unit %d too large for subnet %v", |
---|
976 | pppifunit, ptr_word); |
---|
977 | continue; |
---|
978 | } |
---|
979 | a = htonl((ntohl(a) & mask) + offset); |
---|
980 | mask = ~(u_int32_t)0; |
---|
981 | } |
---|
982 | ip[n].mask = htonl(mask); |
---|
983 | ip[n].base = a & ip[n].mask; |
---|
984 | ++n; |
---|
985 | if (~mask == 0 && suggested_ip == 0) |
---|
986 | suggested_ip = a; |
---|
987 | } |
---|
988 | |
---|
989 | ip[n].permit = 0; /* make the last entry forbid all addresses */ |
---|
990 | ip[n].base = 0; /* to terminate the list */ |
---|
991 | ip[n].mask = 0; |
---|
992 | |
---|
993 | addresses[unit] = ip; |
---|
994 | |
---|
995 | /* |
---|
996 | * If the address given for the peer isn't authorized, or if |
---|
997 | * the user hasn't given one, AND there is an authorized address |
---|
998 | * which is a single host, then use that if we find one. |
---|
999 | */ |
---|
1000 | if (suggested_ip != 0 |
---|
1001 | && (wo->hisaddr == 0 || !auth_ip_addr(unit, wo->hisaddr))) |
---|
1002 | wo->hisaddr = suggested_ip; |
---|
1003 | } |
---|
1004 | |
---|
1005 | /* |
---|
1006 | * auth_ip_addr - check whether the peer is authorized to use |
---|
1007 | * a given IP address. Returns 1 if authorized, 0 otherwise. |
---|
1008 | */ |
---|
1009 | int |
---|
1010 | auth_ip_addr(unit, addr) |
---|
1011 | int unit; |
---|
1012 | u_int32_t addr; |
---|
1013 | { |
---|
1014 | int ok; |
---|
1015 | |
---|
1016 | /* don't allow loopback or multicast address */ |
---|
1017 | if (bad_ip_adrs(addr)) |
---|
1018 | return 0; |
---|
1019 | |
---|
1020 | if (addresses[unit] != NULL) { |
---|
1021 | ok = ip_addr_check(addr, addresses[unit]); |
---|
1022 | if (ok >= 0) |
---|
1023 | return ok; |
---|
1024 | } |
---|
1025 | if (auth_required) |
---|
1026 | return 0; /* no addresses authorized */ |
---|
1027 | return allow_any_ip || !have_route_to(addr); |
---|
1028 | } |
---|
1029 | |
---|
1030 | static int |
---|
1031 | ip_addr_check(addr, addrs) |
---|
1032 | u_int32_t addr; |
---|
1033 | struct permitted_ip *addrs; |
---|
1034 | { |
---|
1035 | for (; ; ++addrs) |
---|
1036 | if ((addr & addrs->mask) == addrs->base) |
---|
1037 | return addrs->permit; |
---|
1038 | } |
---|
1039 | |
---|
1040 | /* |
---|
1041 | * bad_ip_adrs - return 1 if the IP address is one we don't want |
---|
1042 | * to use, such as an address in the loopback net or a multicast address. |
---|
1043 | * addr is in network byte order. |
---|
1044 | */ |
---|
1045 | int |
---|
1046 | bad_ip_adrs(addr) |
---|
1047 | u_int32_t addr; |
---|
1048 | { |
---|
1049 | addr = ntohl(addr); |
---|
1050 | return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET |
---|
1051 | || IN_MULTICAST(addr) || IN_BADCLASS(addr); |
---|
1052 | } |
---|
1053 | |
---|
1054 | /* |
---|
1055 | * free_wordlist - release memory allocated for a wordlist. |
---|
1056 | */ |
---|
1057 | static void |
---|
1058 | free_wordlist(wp) |
---|
1059 | struct wordlist *wp; |
---|
1060 | { |
---|
1061 | struct wordlist *next; |
---|
1062 | |
---|
1063 | while (wp != NULL) { |
---|
1064 | next = wp->next; |
---|
1065 | free(wp); |
---|
1066 | wp = next; |
---|
1067 | } |
---|
1068 | } |
---|
1069 | |
---|
1070 | /* |
---|
1071 | * auth_script - execute a script with arguments |
---|
1072 | * interface-name peer-name real-user tty speed |
---|
1073 | */ |
---|
1074 | static void |
---|
1075 | auth_script(s) |
---|
1076 | enum script_state s; |
---|
1077 | { |
---|
1078 | switch (s) { |
---|
1079 | case s_up: |
---|
1080 | auth_script_state = s_up; |
---|
1081 | if ( auth_linkup_hook ) { |
---|
1082 | (*auth_linkup_hook)(); |
---|
1083 | } |
---|
1084 | break; |
---|
1085 | case s_down: |
---|
1086 | auth_script_state = s_down; |
---|
1087 | if ( auth_linkdown_hook ) { |
---|
1088 | (*auth_linkdown_hook)(); |
---|
1089 | } |
---|
1090 | break; |
---|
1091 | } |
---|
1092 | } |
---|