OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [freertos-6.1.1/] [Demo/] [Common/] [ethernet/] [lwIP_132/] [src/] [netif/] [ppp/] [auth.c] - Blame information for rev 817

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 606 jeremybenn
/*****************************************************************************
2
* auth.c - Network Authentication and Phase Control program file.
3
*
4
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
5
* Copyright (c) 1997 by Global Election Systems Inc.  All rights reserved.
6
*
7
* The authors hereby grant permission to use, copy, modify, distribute,
8
* and license this software and its documentation for any purpose, provided
9
* that existing copyright notices are retained in all copies and that this
10
* notice and the following disclaimer are included verbatim in any
11
* distributions. No written agreement, license, or royalty fee is required
12
* for any of the authorized uses.
13
*
14
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
15
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
18
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24
*
25
******************************************************************************
26
* REVISION HISTORY
27
*
28
* 03-01-01 Marc Boucher <marc@mbsi.ca>
29
*   Ported to lwIP.
30
* 97-12-08 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
31
*   Ported from public pppd code.
32
*****************************************************************************/
33
/*
34
 * auth.c - PPP authentication and phase control.
35
 *
36
 * Copyright (c) 1993 The Australian National University.
37
 * All rights reserved.
38
 *
39
 * Redistribution and use in source and binary forms are permitted
40
 * provided that the above copyright notice and this paragraph are
41
 * duplicated in all such forms and that any documentation,
42
 * advertising materials, and other materials related to such
43
 * distribution and use acknowledge that the software was developed
44
 * by the Australian National University.  The name of the University
45
 * may not be used to endorse or promote products derived from this
46
 * software without specific prior written permission.
47
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
48
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
49
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
50
 *
51
 * Copyright (c) 1989 Carnegie Mellon University.
52
 * All rights reserved.
53
 *
54
 * Redistribution and use in source and binary forms are permitted
55
 * provided that the above copyright notice and this paragraph are
56
 * duplicated in all such forms and that any documentation,
57
 * advertising materials, and other materials related to such
58
 * distribution and use acknowledge that the software was developed
59
 * by Carnegie Mellon University.  The name of the
60
 * University may not be used to endorse or promote products derived
61
 * from this software without specific prior written permission.
62
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
63
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
64
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
65
 */
66
 
67
#include "lwip/opt.h"
68
 
69
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
70
 
71
#include "ppp.h"
72
#include "pppdebug.h"
73
 
74
#include "fsm.h"
75
#include "lcp.h"
76
#include "pap.h"
77
#include "chap.h"
78
#include "auth.h"
79
#include "ipcp.h"
80
 
81
#if CBCP_SUPPORT
82
#include "cbcp.h"
83
#endif /* CBCP_SUPPORT */
84
 
85
#include <string.h>
86
 
87
/*************************/
88
/*** LOCAL DEFINITIONS ***/
89
/*************************/
90
 
91
/* Bits in auth_pending[] */
92
#define PAP_WITHPEER    1
93
#define PAP_PEER        2
94
#define CHAP_WITHPEER   4
95
#define CHAP_PEER       8
96
 
97
 
98
/************************/
99
/*** LOCAL DATA TYPES ***/
100
/************************/
101
/* Used for storing a sequence of words.  Usually malloced. */
102
struct wordlist {
103
  struct wordlist *next;
104
  char        word[1];
105
};
106
 
107
 
108
/***********************************/
109
/*** LOCAL FUNCTION DECLARATIONS ***/
110
/***********************************/
111
extern char *crypt (const char *, const char *);
112
 
113
/* Prototypes for procedures local to this file. */
114
 
115
static void network_phase (int);
116
static void check_idle (void *);
117
static void connect_time_expired (void *);
118
#if 0
119
static int  login (char *, char *, char **, int *);
120
#endif
121
static void logout (void);
122
static int  null_login (int);
123
static int  get_pap_passwd (int, char *, char *);
124
static int  have_pap_secret (void);
125
static int  have_chap_secret (char *, char *, u32_t);
126
static int  ip_addr_check (u32_t, struct wordlist *);
127
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
128
static void set_allowed_addrs(int unit, struct wordlist *addrs);
129
static void free_wordlist (struct wordlist *);
130
#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
131
#if CBCP_SUPPORT
132
static void callback_phase (int);
133
#endif /* CBCP_SUPPORT */
134
 
135
 
136
/******************************/
137
/*** PUBLIC DATA STRUCTURES ***/
138
/******************************/
139
 
140
 
141
/*****************************/
142
/*** LOCAL DATA STRUCTURES ***/
143
/*****************************/
144
#if PAP_SUPPORT || CHAP_SUPPORT
145
/* The name by which the peer authenticated itself to us. */
146
static char peer_authname[MAXNAMELEN];
147
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
148
 
149
/* Records which authentication operations haven't completed yet. */
150
static int auth_pending[NUM_PPP];
151
 
152
/* Set if we have successfully called login() */
153
static int logged_in;
154
 
155
/* Set if we have run the /etc/ppp/auth-up script. */
156
static int did_authup;
157
 
158
/* List of addresses which the peer may use. */
159
static struct wordlist *addresses[NUM_PPP];
160
 
161
/* Number of network protocols which we have opened. */
162
static int num_np_open;
163
 
164
/* Number of network protocols which have come up. */
165
static int num_np_up;
166
 
167
#if PAP_SUPPORT || CHAP_SUPPORT
168
/* Set if we got the contents of passwd[] from the pap-secrets file. */
169
static int passwd_from_file;
170
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
171
 
172
 
173
/***********************************/
174
/*** PUBLIC FUNCTION DEFINITIONS ***/
175
/***********************************/
176
/*
177
 * An Open on LCP has requested a change from Dead to Establish phase.
178
 * Do what's necessary to bring the physical layer up.
179
 */
180
void
181
link_required(int unit)
182
{
183
  LWIP_UNUSED_ARG(unit);
184
 
185
  AUTHDEBUG((LOG_INFO, "link_required: %d\n", unit));
186
}
187
 
188
/*
189
 * LCP has terminated the link; go to the Dead phase and take the
190
 * physical layer down.
191
 */
192
void
193
link_terminated(int unit)
194
{
195
  AUTHDEBUG((LOG_INFO, "link_terminated: %d\n", unit));
196
  if (lcp_phase[unit] == PHASE_DEAD) {
197
    return;
198
  }
199
  if (logged_in) {
200
    logout();
201
  }
202
  lcp_phase[unit] = PHASE_DEAD;
203
  AUTHDEBUG((LOG_NOTICE, "Connection terminated.\n"));
204
  pppLinkTerminated(unit);
205
}
206
 
207
/*
208
 * LCP has gone down; it will either die or try to re-establish.
209
 */
210
void
211
link_down(int unit)
212
{
213
  int i;
214
  struct protent *protp;
215
 
216
  AUTHDEBUG((LOG_INFO, "link_down: %d\n", unit));
217
  if (did_authup) {
218
    /* XXX Do link down processing. */
219
    did_authup = 0;
220
  }
221
  for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
222
    if (!protp->enabled_flag) {
223
      continue;
224
    }
225
    if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) {
226
      (*protp->lowerdown)(unit);
227
    }
228
    if (protp->protocol < 0xC000 && protp->close != NULL) {
229
      (*protp->close)(unit, "LCP down");
230
    }
231
  }
232
  num_np_open = 0;
233
  num_np_up = 0;
234
  if (lcp_phase[unit] != PHASE_DEAD) {
235
    lcp_phase[unit] = PHASE_TERMINATE;
236
  }
237
  pppLinkDown(unit);
238
}
239
 
240
/*
241
 * The link is established.
242
 * Proceed to the Dead, Authenticate or Network phase as appropriate.
243
 */
244
void
245
link_established(int unit)
246
{
247
  int auth;
248
  int i;
249
  struct protent *protp;
250
  lcp_options *wo = &lcp_wantoptions[unit];
251
  lcp_options *go = &lcp_gotoptions[unit];
252
#if PAP_SUPPORT || CHAP_SUPPORT
253
  lcp_options *ho = &lcp_hisoptions[unit];
254
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
255
 
256
  AUTHDEBUG((LOG_INFO, "link_established: %d\n", unit));
257
  /*
258
   * Tell higher-level protocols that LCP is up.
259
   */
260
  for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
261
    if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL) {
262
      (*protp->lowerup)(unit);
263
    }
264
  }
265
  if (ppp_settings.auth_required && !(go->neg_chap || go->neg_upap)) {
266
    /*
267
     * We wanted the peer to authenticate itself, and it refused:
268
     * treat it as though it authenticated with PAP using a username
269
     * of "" and a password of "".  If that's not OK, boot it out.
270
     */
271
    if (!wo->neg_upap || !null_login(unit)) {
272
      AUTHDEBUG((LOG_WARNING, "peer refused to authenticate\n"));
273
      lcp_close(unit, "peer refused to authenticate");
274
      return;
275
    }
276
  }
277
 
278
  lcp_phase[unit] = PHASE_AUTHENTICATE;
279
  auth = 0;
280
#if CHAP_SUPPORT
281
  if (go->neg_chap) {
282
    ChapAuthPeer(unit, ppp_settings.our_name, go->chap_mdtype);
283
    auth |= CHAP_PEER;
284
  }
285
#endif /* CHAP_SUPPORT */
286
#if PAP_SUPPORT && CHAP_SUPPORT
287
  else
288
#endif /* PAP_SUPPORT && CHAP_SUPPORT */
289
#if PAP_SUPPORT
290
  if (go->neg_upap) {
291
    upap_authpeer(unit);
292
    auth |= PAP_PEER;
293
  }
294
#endif /* PAP_SUPPORT */
295
#if CHAP_SUPPORT
296
  if (ho->neg_chap) {
297
    ChapAuthWithPeer(unit, ppp_settings.user, ho->chap_mdtype);
298
    auth |= CHAP_WITHPEER;
299
  }
300
#endif /* CHAP_SUPPORT */
301
#if PAP_SUPPORT && CHAP_SUPPORT
302
  else
303
#endif /* PAP_SUPPORT && CHAP_SUPPORT */
304
#if PAP_SUPPORT
305
  if (ho->neg_upap) {
306
    if (ppp_settings.passwd[0] == 0) {
307
      passwd_from_file = 1;
308
      if (!get_pap_passwd(unit, ppp_settings.user, ppp_settings.passwd)) {
309
        AUTHDEBUG((LOG_ERR, "No secret found for PAP login\n"));
310
      }
311
    }
312
    upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd);
313
    auth |= PAP_WITHPEER;
314
  }
315
#endif /* PAP_SUPPORT */
316
  auth_pending[unit] = auth;
317
 
318
  if (!auth) {
319
    network_phase(unit);
320
  }
321
}
322
 
323
/*
324
 * The peer has failed to authenticate himself using `protocol'.
325
 */
326
void
327
auth_peer_fail(int unit, u16_t protocol)
328
{
329
  LWIP_UNUSED_ARG(protocol);
330
 
331
  AUTHDEBUG((LOG_INFO, "auth_peer_fail: %d proto=%X\n", unit, protocol));
332
  /*
333
   * Authentication failure: take the link down
334
   */
335
  lcp_close(unit, "Authentication failed");
336
}
337
 
338
 
339
#if PAP_SUPPORT || CHAP_SUPPORT
340
/*
341
 * The peer has been successfully authenticated using `protocol'.
342
 */
343
void
344
auth_peer_success(int unit, u16_t protocol, char *name, int namelen)
345
{
346
  int pbit;
347
 
348
  AUTHDEBUG((LOG_INFO, "auth_peer_success: %d proto=%X\n", unit, protocol));
349
  switch (protocol) {
350
    case PPP_CHAP:
351
      pbit = CHAP_PEER;
352
      break;
353
    case PPP_PAP:
354
      pbit = PAP_PEER;
355
      break;
356
    default:
357
      AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol));
358
      return;
359
  }
360
 
361
  /*
362
   * Save the authenticated name of the peer for later.
363
   */
364
  if (namelen > sizeof(peer_authname) - 1) {
365
    namelen = sizeof(peer_authname) - 1;
366
  }
367
  BCOPY(name, peer_authname, namelen);
368
  peer_authname[namelen] = 0;
369
 
370
  /*
371
   * If there is no more authentication still to be done,
372
   * proceed to the network (or callback) phase.
373
   */
374
  if ((auth_pending[unit] &= ~pbit) == 0) {
375
    network_phase(unit);
376
  }
377
}
378
 
379
/*
380
 * We have failed to authenticate ourselves to the peer using `protocol'.
381
 */
382
void
383
auth_withpeer_fail(int unit, u16_t protocol)
384
{
385
  int errCode = PPPERR_AUTHFAIL;
386
 
387
  LWIP_UNUSED_ARG(protocol);
388
 
389
  AUTHDEBUG((LOG_INFO, "auth_withpeer_fail: %d proto=%X\n", unit, protocol));
390
  if (passwd_from_file) {
391
    BZERO(ppp_settings.passwd, MAXSECRETLEN);
392
  }
393
  /*
394
   * XXX Warning: the unit number indicates the interface which is
395
   * not necessarily the PPP connection.  It works here as long
396
   * as we are only supporting PPP interfaces.
397
   */
398
  pppIOCtl(unit, PPPCTLS_ERRCODE, &errCode);
399
 
400
  /*
401
   * We've failed to authenticate ourselves to our peer.
402
   * He'll probably take the link down, and there's not much
403
   * we can do except wait for that.
404
   */
405
}
406
 
407
/*
408
 * We have successfully authenticated ourselves with the peer using `protocol'.
409
 */
410
void
411
auth_withpeer_success(int unit, u16_t protocol)
412
{
413
  int pbit;
414
 
415
  AUTHDEBUG((LOG_INFO, "auth_withpeer_success: %d proto=%X\n", unit, protocol));
416
  switch (protocol) {
417
    case PPP_CHAP:
418
      pbit = CHAP_WITHPEER;
419
      break;
420
    case PPP_PAP:
421
      if (passwd_from_file) {
422
        BZERO(ppp_settings.passwd, MAXSECRETLEN);
423
      }
424
      pbit = PAP_WITHPEER;
425
      break;
426
    default:
427
      AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol));
428
      pbit = 0;
429
  }
430
 
431
  /*
432
   * If there is no more authentication still being done,
433
   * proceed to the network (or callback) phase.
434
   */
435
  if ((auth_pending[unit] &= ~pbit) == 0) {
436
    network_phase(unit);
437
  }
438
}
439
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
440
 
441
 
442
/*
443
 * np_up - a network protocol has come up.
444
 */
445
void
446
np_up(int unit, u16_t proto)
447
{
448
  LWIP_UNUSED_ARG(unit);
449
  LWIP_UNUSED_ARG(proto);
450
 
451
  AUTHDEBUG((LOG_INFO, "np_up: %d proto=%X\n", unit, proto));
452
  if (num_np_up == 0) {
453
    AUTHDEBUG((LOG_INFO, "np_up: maxconnect=%d idle_time_limit=%d\n",ppp_settings.maxconnect,ppp_settings.idle_time_limit));
454
    /*
455
     * At this point we consider that the link has come up successfully.
456
     */
457
    if (ppp_settings.idle_time_limit > 0) {
458
      TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit);
459
    }
460
 
461
    /*
462
     * Set a timeout to close the connection once the maximum
463
     * connect time has expired.
464
     */
465
    if (ppp_settings.maxconnect > 0) {
466
      TIMEOUT(connect_time_expired, 0, ppp_settings.maxconnect);
467
    }
468
  }
469
  ++num_np_up;
470
}
471
 
472
/*
473
 * np_down - a network protocol has gone down.
474
 */
475
void
476
np_down(int unit, u16_t proto)
477
{
478
  LWIP_UNUSED_ARG(unit);
479
  LWIP_UNUSED_ARG(proto);
480
 
481
  AUTHDEBUG((LOG_INFO, "np_down: %d proto=%X\n", unit, proto));
482
  if (--num_np_up == 0 && ppp_settings.idle_time_limit > 0) {
483
    UNTIMEOUT(check_idle, NULL);
484
  }
485
}
486
 
487
/*
488
 * np_finished - a network protocol has finished using the link.
489
 */
490
void
491
np_finished(int unit, u16_t proto)
492
{
493
  LWIP_UNUSED_ARG(unit);
494
  LWIP_UNUSED_ARG(proto);
495
 
496
  AUTHDEBUG((LOG_INFO, "np_finished: %d proto=%X\n", unit, proto));
497
  if (--num_np_open <= 0) {
498
    /* no further use for the link: shut up shop. */
499
    lcp_close(0, "No network protocols running");
500
  }
501
}
502
 
503
/*
504
 * auth_reset - called when LCP is starting negotiations to recheck
505
 * authentication options, i.e. whether we have appropriate secrets
506
 * to use for authenticating ourselves and/or the peer.
507
 */
508
void
509
auth_reset(int unit)
510
{
511
  lcp_options *go = &lcp_gotoptions[unit];
512
  lcp_options *ao = &lcp_allowoptions[0];
513
  ipcp_options *ipwo = &ipcp_wantoptions[0];
514
  u32_t remote;
515
 
516
  AUTHDEBUG((LOG_INFO, "auth_reset: %d\n", unit));
517
  ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(unit, NULL, NULL));
518
  ao->neg_chap = !ppp_settings.refuse_chap && ppp_settings.passwd[0] != 0 /*have_chap_secret(ppp_settings.user, ppp_settings.remote_name, (u32_t)0)*/;
519
 
520
  if (go->neg_upap && !have_pap_secret()) {
521
    go->neg_upap = 0;
522
  }
523
  if (go->neg_chap) {
524
    remote = ipwo->accept_remote? 0: ipwo->hisaddr;
525
    if (!have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote)) {
526
      go->neg_chap = 0;
527
    }
528
  }
529
}
530
 
531
#if PAP_SUPPORT
532
/*
533
 * check_passwd - Check the user name and passwd against the PAP secrets
534
 * file.  If requested, also check against the system password database,
535
 * and login the user if OK.
536
 *
537
 * returns:
538
 *  UPAP_AUTHNAK: Authentication failed.
539
 *  UPAP_AUTHACK: Authentication succeeded.
540
 * In either case, msg points to an appropriate message.
541
 */
542
int
543
check_passwd( int unit, char *auser, int userlen, char *apasswd, int passwdlen, char **msg, int *msglen)
544
{
545
#if 1
546
  LWIP_UNUSED_ARG(unit);
547
  LWIP_UNUSED_ARG(auser);
548
  LWIP_UNUSED_ARG(userlen);
549
  LWIP_UNUSED_ARG(apasswd);
550
  LWIP_UNUSED_ARG(passwdlen);
551
  LWIP_UNUSED_ARG(msglen);
552
  *msg = (char *) 0;
553
  return UPAP_AUTHACK;     /* XXX Assume all entries OK. */
554
#else
555
  int ret = 0;
556
  struct wordlist *addrs = NULL;
557
  char passwd[256], user[256];
558
  char secret[MAXWORDLEN];
559
  static u_short attempts = 0;
560
 
561
  /*
562
   * Make copies of apasswd and auser, then null-terminate them.
563
   */
564
  BCOPY(apasswd, passwd, passwdlen);
565
  passwd[passwdlen] = '\0';
566
  BCOPY(auser, user, userlen);
567
  user[userlen] = '\0';
568
  *msg = (char *) 0;
569
 
570
  /* XXX Validate user name and password. */
571
  ret = UPAP_AUTHACK;     /* XXX Assume all entries OK. */
572
 
573
  if (ret == UPAP_AUTHNAK) {
574
    if (*msg == (char *) 0) {
575
      *msg = "Login incorrect";
576
    }
577
    *msglen = strlen(*msg);
578
    /*
579
     * Frustrate passwd stealer programs.
580
     * Allow 10 tries, but start backing off after 3 (stolen from login).
581
     * On 10'th, drop the connection.
582
     */
583
    if (attempts++ >= 10) {
584
      AUTHDEBUG((LOG_WARNING, "%d LOGIN FAILURES BY %s\n", attempts, user));
585
      /*ppp_panic("Excess Bad Logins");*/
586
    }
587
    if (attempts > 3) {
588
      sys_msleep((attempts - 3) * 5);
589
    }
590
    if (addrs != NULL) {
591
      free_wordlist(addrs);
592
    }
593
  } else {
594
    attempts = 0; /* Reset count */
595
    if (*msg == (char *) 0) {
596
      *msg = "Login ok";
597
    }
598
    *msglen = strlen(*msg);
599
    set_allowed_addrs(unit, addrs);
600
  }
601
 
602
  BZERO(passwd, sizeof(passwd));
603
  BZERO(secret, sizeof(secret));
604
 
605
  return ret;
606
#endif
607
}
608
#endif /* PAP_SUPPORT */
609
 
610
 
611
/*
612
 * auth_ip_addr - check whether the peer is authorized to use
613
 * a given IP address.  Returns 1 if authorized, 0 otherwise.
614
 */
615
int
616
auth_ip_addr(int unit, u32_t addr)
617
{
618
  return ip_addr_check(addr, addresses[unit]);
619
}
620
 
621
/*
622
 * bad_ip_adrs - return 1 if the IP address is one we don't want
623
 * to use, such as an address in the loopback net or a multicast address.
624
 * addr is in network byte order.
625
 */
626
int
627
bad_ip_adrs(u32_t addr)
628
{
629
  addr = ntohl(addr);
630
  return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
631
      || IN_MULTICAST(addr) || IN_BADCLASS(addr);
632
}
633
 
634
 
635
#if CHAP_SUPPORT
636
/*
637
 * get_secret - open the CHAP secret file and return the secret
638
 * for authenticating the given client on the given server.
639
 * (We could be either client or server).
640
 */
641
int get_secret( int unit, char *client, char *server, char *secret, int *secret_len, int save_addrs)
642
{
643
#if 1
644
  int len;
645
  struct wordlist *addrs;
646
 
647
  LWIP_UNUSED_ARG(unit);
648
  LWIP_UNUSED_ARG(server);
649
  LWIP_UNUSED_ARG(save_addrs);
650
 
651
  addrs = NULL;
652
 
653
  if(!client || !client[0] || strcmp(client, ppp_settings.user)) {
654
    return 0;
655
  }
656
 
657
  len = strlen(ppp_settings.passwd);
658
  if (len > MAXSECRETLEN) {
659
    AUTHDEBUG((LOG_ERR, "Secret for %s on %s is too long\n", client, server));
660
    len = MAXSECRETLEN;
661
  }
662
 
663
  BCOPY(ppp_settings.passwd, secret, len);
664
  *secret_len = len;
665
 
666
  return 1;
667
#else
668
  int ret = 0, len;
669
  struct wordlist *addrs;
670
  char secbuf[MAXWORDLEN];
671
 
672
  addrs = NULL;
673
  secbuf[0] = 0;
674
 
675
  /* XXX Find secret. */
676
  if (ret < 0) {
677
    return 0;
678
  }
679
 
680
  if (save_addrs) {
681
    set_allowed_addrs(unit, addrs);
682
  }
683
 
684
  len = strlen(secbuf);
685
  if (len > MAXSECRETLEN) {
686
    AUTHDEBUG((LOG_ERR, "Secret for %s on %s is too long\n", client, server));
687
    len = MAXSECRETLEN;
688
  }
689
 
690
  BCOPY(secbuf, secret, len);
691
  BZERO(secbuf, sizeof(secbuf));
692
  *secret_len = len;
693
 
694
  return 1;
695
#endif
696
}
697
#endif /* CHAP_SUPPORT */
698
 
699
 
700
#if 0 /* UNUSED */
701
/*
702
 * auth_check_options - called to check authentication options.
703
 */
704
void
705
auth_check_options(void)
706
{
707
  lcp_options *wo = &lcp_wantoptions[0];
708
  int can_auth;
709
  ipcp_options *ipwo = &ipcp_wantoptions[0];
710
  u32_t remote;
711
 
712
  /* Default our_name to hostname, and user to our_name */
713
  if (ppp_settings.our_name[0] == 0 || ppp_settings.usehostname) {
714
      strcpy(ppp_settings.our_name, ppp_settings.hostname);
715
  }
716
 
717
  if (ppp_settings.user[0] == 0) {
718
    strcpy(ppp_settings.user, ppp_settings.our_name);
719
  }
720
 
721
  /* If authentication is required, ask peer for CHAP or PAP. */
722
  if (ppp_settings.auth_required && !wo->neg_chap && !wo->neg_upap) {
723
    wo->neg_chap = 1;
724
    wo->neg_upap = 1;
725
  }
726
 
727
  /*
728
   * Check whether we have appropriate secrets to use
729
   * to authenticate the peer.
730
   */
731
  can_auth = wo->neg_upap && have_pap_secret();
732
  if (!can_auth && wo->neg_chap) {
733
    remote = ipwo->accept_remote? 0: ipwo->hisaddr;
734
    can_auth = have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote);
735
  }
736
 
737
  if (ppp_settings.auth_required && !can_auth) {
738
    ppp_panic("No auth secret");
739
  }
740
}
741
#endif
742
 
743
 
744
/**********************************/
745
/*** LOCAL FUNCTION DEFINITIONS ***/
746
/**********************************/
747
/*
748
 * Proceed to the network phase.
749
 */
750
static void
751
network_phase(int unit)
752
{
753
  int i;
754
  struct protent *protp;
755
  lcp_options *go = &lcp_gotoptions[unit];
756
 
757
  /*
758
   * If the peer had to authenticate, run the auth-up script now.
759
   */
760
  if ((go->neg_chap || go->neg_upap) && !did_authup) {
761
    /* XXX Do setup for peer authentication. */
762
    did_authup = 1;
763
  }
764
 
765
#if CBCP_SUPPORT
766
  /*
767
   * If we negotiated callback, do it now.
768
   */
769
  if (go->neg_cbcp) {
770
    lcp_phase[unit] = PHASE_CALLBACK;
771
    (*cbcp_protent.open)(unit);
772
    return;
773
  }
774
#endif /* CBCP_SUPPORT */
775
 
776
  lcp_phase[unit] = PHASE_NETWORK;
777
  for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
778
    if (protp->protocol < 0xC000 && protp->enabled_flag && protp->open != NULL) {
779
      (*protp->open)(unit);
780
      if (protp->protocol != PPP_CCP) {
781
        ++num_np_open;
782
      }
783
    }
784
  }
785
 
786
  if (num_np_open == 0) {
787
    /* nothing to do */
788
    lcp_close(0, "No network protocols running");
789
  }
790
}
791
 
792
/*
793
 * check_idle - check whether the link has been idle for long
794
 * enough that we can shut it down.
795
 */
796
static void
797
check_idle(void *arg)
798
{
799
  struct ppp_idle idle;
800
  u_short itime;
801
 
802
  LWIP_UNUSED_ARG(arg);
803
  if (!get_idle_time(0, &idle)) {
804
    return;
805
  }
806
  itime = LWIP_MIN(idle.xmit_idle, idle.recv_idle);
807
  if (itime >= ppp_settings.idle_time_limit) {
808
    /* link is idle: shut it down. */
809
    AUTHDEBUG((LOG_INFO, "Terminating connection due to lack of activity.\n"));
810
    lcp_close(0, "Link inactive");
811
  } else {
812
    TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit - itime);
813
  }
814
}
815
 
816
/*
817
 * connect_time_expired - log a message and close the connection.
818
 */
819
static void
820
connect_time_expired(void *arg)
821
{
822
  LWIP_UNUSED_ARG(arg);
823
 
824
  AUTHDEBUG((LOG_INFO, "Connect time expired\n"));
825
  lcp_close(0, "Connect time expired");   /* Close connection */
826
}
827
 
828
#if 0
829
/*
830
 * login - Check the user name and password against the system
831
 * password database, and login the user if OK.
832
 *
833
 * returns:
834
 *  UPAP_AUTHNAK: Login failed.
835
 *  UPAP_AUTHACK: Login succeeded.
836
 * In either case, msg points to an appropriate message.
837
 */
838
static int
839
login(char *user, char *passwd, char **msg, int *msglen)
840
{
841
  /* XXX Fail until we decide that we want to support logins. */
842
  return (UPAP_AUTHNAK);
843
}
844
#endif
845
 
846
/*
847
 * logout - Logout the user.
848
 */
849
static void
850
logout(void)
851
{
852
  logged_in = 0;
853
}
854
 
855
/*
856
 * null_login - Check if a username of "" and a password of "" are
857
 * acceptable, and iff so, set the list of acceptable IP addresses
858
 * and return 1.
859
 */
860
static int
861
null_login(int unit)
862
{
863
  LWIP_UNUSED_ARG(unit);
864
  /* XXX Fail until we decide that we want to support logins. */
865
  return 0;
866
}
867
 
868
/*
869
 * get_pap_passwd - get a password for authenticating ourselves with
870
 * our peer using PAP.  Returns 1 on success, 0 if no suitable password
871
 * could be found.
872
 */
873
static int
874
get_pap_passwd(int unit, char *user, char *passwd)
875
{
876
  LWIP_UNUSED_ARG(unit);
877
/* normally we would reject PAP if no password is provided,
878
   but this causes problems with some providers (like CHT in Taiwan)
879
   who incorrectly request PAP and expect a bogus/empty password, so
880
   always provide a default user/passwd of "none"/"none"
881
*/
882
  if(user) {
883
    strcpy(user, "none");
884
  }
885
  if(passwd) {
886
    strcpy(passwd, "none");
887
  }
888
  return 1;
889
}
890
 
891
/*
892
 * have_pap_secret - check whether we have a PAP file with any
893
 * secrets that we could possibly use for authenticating the peer.
894
 */
895
static int
896
have_pap_secret(void)
897
{
898
  /* XXX Fail until we set up our passwords. */
899
  return 0;
900
}
901
 
902
/*
903
 * have_chap_secret - check whether we have a CHAP file with a
904
 * secret that we could possibly use for authenticating `client'
905
 * on `server'.  Either can be the null string, meaning we don't
906
 * know the identity yet.
907
 */
908
static int
909
have_chap_secret(char *client, char *server, u32_t remote)
910
{
911
  LWIP_UNUSED_ARG(client);
912
  LWIP_UNUSED_ARG(server);
913
  LWIP_UNUSED_ARG(remote);
914
  /* XXX Fail until we set up our passwords. */
915
  return 0;
916
}
917
 
918
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
919
/*
920
 * set_allowed_addrs() - set the list of allowed addresses.
921
 */
922
static void
923
set_allowed_addrs(int unit, struct wordlist *addrs)
924
{
925
  if (addresses[unit] != NULL) {
926
    free_wordlist(addresses[unit]);
927
  }
928
  addresses[unit] = addrs;
929
 
930
#if 0
931
  /*
932
   * If there's only one authorized address we might as well
933
   * ask our peer for that one right away
934
   */
935
  if (addrs != NULL && addrs->next == NULL) {
936
    char *p = addrs->word;
937
    struct ipcp_options *wo = &ipcp_wantoptions[unit];
938
    u32_t a;
939
    struct hostent *hp;
940
 
941
    if (wo->hisaddr == 0 && *p != '!' && *p != '-' && strchr(p, '/') == NULL) {
942
      hp = gethostbyname(p);
943
      if (hp != NULL && hp->h_addrtype == AF_INET) {
944
        a = *(u32_t *)hp->h_addr;
945
      } else {
946
        a = inet_addr(p);
947
      }
948
      if (a != (u32_t) -1) {
949
        wo->hisaddr = a;
950
      }
951
    }
952
  }
953
#endif
954
}
955
#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
956
 
957
static int
958
ip_addr_check(u32_t addr, struct wordlist *addrs)
959
{
960
  /* don't allow loopback or multicast address */
961
  if (bad_ip_adrs(addr)) {
962
    return 0;
963
  }
964
 
965
  if (addrs == NULL) {
966
    return !ppp_settings.auth_required; /* no addresses authorized */
967
  }
968
 
969
  /* XXX All other addresses allowed. */
970
  return 1;
971
}
972
 
973
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
974
/*
975
 * free_wordlist - release memory allocated for a wordlist.
976
 */
977
static void
978
free_wordlist(struct wordlist *wp)
979
{
980
  struct wordlist *next;
981
 
982
  while (wp != NULL) {
983
    next = wp->next;
984
    free(wp);
985
    wp = next;
986
  }
987
}
988
#endif  /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
989
 
990
#endif /* PPP_SUPPORT */

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.