OpenCores
URL https://opencores.org/ocsvn/openrisc_2011-10-31/openrisc_2011-10-31/trunk

Subversion Repositories openrisc_2011-10-31

[/] [openrisc/] [trunk/] [rtos/] [freertos-6.1.1/] [Demo/] [Common/] [ethernet/] [lwIP_132/] [src/] [netif/] [ppp/] [auth.c] - Blame information for rev 606

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 606 jeremybenn 
/*****************************************************************************
2 
* auth.c - Network Authentication and Phase Control program file.
3 
*
4 
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
5 
* Copyright (c) 1997 by Global Election Systems Inc.  All rights reserved.
6 
*
7 
* The authors hereby grant permission to use, copy, modify, distribute,
8 
* and license this software and its documentation for any purpose, provided
9 
* that existing copyright notices are retained in all copies and that this
10 
* notice and the following disclaimer are included verbatim in any
11 
* distributions. No written agreement, license, or royalty fee is required
12 
* for any of the authorized uses.
13 
*
14 
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
15 
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
18 
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 
*
25 
******************************************************************************
26 
* REVISION HISTORY
27 
*
28 
* 03-01-01 Marc Boucher <marc@mbsi.ca>
29 
*   Ported to lwIP.
30 
* 97-12-08 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
31 
*   Ported from public pppd code.
32 
*****************************************************************************/
33 
/*
34 
 * auth.c - PPP authentication and phase control.
35 
 *
36 
 * Copyright (c) 1993 The Australian National University.
37 
 * All rights reserved.
38 
 *
39 
 * Redistribution and use in source and binary forms are permitted
40 
 * provided that the above copyright notice and this paragraph are
41 
 * duplicated in all such forms and that any documentation,
42 
 * advertising materials, and other materials related to such
43 
 * distribution and use acknowledge that the software was developed
44 
 * by the Australian National University.  The name of the University
45 
 * may not be used to endorse or promote products derived from this
46 
 * software without specific prior written permission.
47 
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
48 
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
49 
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
50 
 *
51 
 * Copyright (c) 1989 Carnegie Mellon University.
52 
 * All rights reserved.
53 
 *
54 
 * Redistribution and use in source and binary forms are permitted
55 
 * provided that the above copyright notice and this paragraph are
56 
 * duplicated in all such forms and that any documentation,
57 
 * advertising materials, and other materials related to such
58 
 * distribution and use acknowledge that the software was developed
59 
 * by Carnegie Mellon University.  The name of the
60 
 * University may not be used to endorse or promote products derived
61 
 * from this software without specific prior written permission.
62 
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
63 
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
64 
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
65 
 */
66 
 
67 
#include "lwip/opt.h"
68 
 
69 
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
70 
 
71 
#include "ppp.h"
72 
#include "pppdebug.h"
73 
 
74 
#include "fsm.h"
75 
#include "lcp.h"
76 
#include "pap.h"
77 
#include "chap.h"
78 
#include "auth.h"
79 
#include "ipcp.h"
80 
 
81 
#if CBCP_SUPPORT
82 
#include "cbcp.h"
83 
#endif /* CBCP_SUPPORT */
84 
 
85 
#include <string.h>
86 
 
87 
/*************************/
88 
/*** LOCAL DEFINITIONS ***/
89 
/*************************/
90 
 
91 
/* Bits in auth_pending[] */
92 
#define PAP_WITHPEER    1
93 
#define PAP_PEER        2
94 
#define CHAP_WITHPEER   4
95 
#define CHAP_PEER       8
96 
 
97 
 
98 
/************************/
99 
/*** LOCAL DATA TYPES ***/
100 
/************************/
101 
/* Used for storing a sequence of words.  Usually malloced. */
102 
struct wordlist {
103 
  struct wordlist *next;
104 
  char        word[1];
105 
};
106 
 
107 
 
108 
/***********************************/
109 
/*** LOCAL FUNCTION DECLARATIONS ***/
110 
/***********************************/
111 
extern char *crypt (const char *, const char *);
112 
 
113 
/* Prototypes for procedures local to this file. */
114 
 
115 
static void network_phase (int);
116 
static void check_idle (void *);
117 
static void connect_time_expired (void *);
118 
#if 0
119 
static int  login (char *, char *, char **, int *);
120 
#endif
121 
static void logout (void);
122 
static int  null_login (int);
123 
static int  get_pap_passwd (int, char *, char *);
124 
static int  have_pap_secret (void);
125 
static int  have_chap_secret (char *, char *, u32_t);
126 
static int  ip_addr_check (u32_t, struct wordlist *);
127 
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
128 
static void set_allowed_addrs(int unit, struct wordlist *addrs);
129 
static void free_wordlist (struct wordlist *);
130 
#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
131 
#if CBCP_SUPPORT
132 
static void callback_phase (int);
133 
#endif /* CBCP_SUPPORT */
134 
 
135 
 
136 
/******************************/
137 
/*** PUBLIC DATA STRUCTURES ***/
138 
/******************************/
139 
 
140 
 
141 
/*****************************/
142 
/*** LOCAL DATA STRUCTURES ***/
143 
/*****************************/
144 
#if PAP_SUPPORT || CHAP_SUPPORT
145 
/* The name by which the peer authenticated itself to us. */
146 
static char peer_authname[MAXNAMELEN];
147 
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
148 
 
149 
/* Records which authentication operations haven't completed yet. */
150 
static int auth_pending[NUM_PPP];
151 
 
152 
/* Set if we have successfully called login() */
153 
static int logged_in;
154 
 
155 
/* Set if we have run the /etc/ppp/auth-up script. */
156 
static int did_authup;
157 
 
158 
/* List of addresses which the peer may use. */
159 
static struct wordlist *addresses[NUM_PPP];
160 
 
161 
/* Number of network protocols which we have opened. */
162 
static int num_np_open;
163 
 
164 
/* Number of network protocols which have come up. */
165 
static int num_np_up;
166 
 
167 
#if PAP_SUPPORT || CHAP_SUPPORT
168 
/* Set if we got the contents of passwd[] from the pap-secrets file. */
169 
static int passwd_from_file;
170 
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
171 
 
172 
 
173 
/***********************************/
174 
/*** PUBLIC FUNCTION DEFINITIONS ***/
175 
/***********************************/
176 
/*
177 
 * An Open on LCP has requested a change from Dead to Establish phase.
178 
 * Do what's necessary to bring the physical layer up.
179 
 */
180 
void
181 
link_required(int unit)
182 
{
183 
  LWIP_UNUSED_ARG(unit);
184 
 
185 
  AUTHDEBUG((LOG_INFO, "link_required: %d\n", unit));
186 
}
187 
 
188 
/*
189 
 * LCP has terminated the link; go to the Dead phase and take the
190 
 * physical layer down.
191 
 */
192 
void
193 
link_terminated(int unit)
194 
{
195 
  AUTHDEBUG((LOG_INFO, "link_terminated: %d\n", unit));
196 
  if (lcp_phase[unit] == PHASE_DEAD) {
197 
    return;
198 
  }
199 
  if (logged_in) {
200 
    logout();
201 
  }
202 
  lcp_phase[unit] = PHASE_DEAD;
203 
  AUTHDEBUG((LOG_NOTICE, "Connection terminated.\n"));
204 
  pppLinkTerminated(unit);
205 
}
206 
 
207 
/*
208 
 * LCP has gone down; it will either die or try to re-establish.
209 
 */
210 
void
211 
link_down(int unit)
212 
{
213 
  int i;
214 
  struct protent *protp;
215 
 
216 
  AUTHDEBUG((LOG_INFO, "link_down: %d\n", unit));
217 
  if (did_authup) {
218 
    /* XXX Do link down processing. */
219 
    did_authup = 0;
220 
  }
221 
  for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
222 
    if (!protp->enabled_flag) {
223 
      continue;
224 
    }
225 
    if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) {
226 
      (*protp->lowerdown)(unit);
227 
    }
228 
    if (protp->protocol < 0xC000 && protp->close != NULL) {
229 
      (*protp->close)(unit, "LCP down");
230 
    }
231 
  }
232 
  num_np_open = 0;
233 
  num_np_up = 0;
234 
  if (lcp_phase[unit] != PHASE_DEAD) {
235 
    lcp_phase[unit] = PHASE_TERMINATE;
236 
  }
237 
  pppLinkDown(unit);
238 
}
239 
 
240 
/*
241 
 * The link is established.
242 
 * Proceed to the Dead, Authenticate or Network phase as appropriate.
243 
 */
244 
void
245 
link_established(int unit)
246 
{
247 
  int auth;
248 
  int i;
249 
  struct protent *protp;
250 
  lcp_options *wo = &lcp_wantoptions[unit];
251 
  lcp_options *go = &lcp_gotoptions[unit];
252 
#if PAP_SUPPORT || CHAP_SUPPORT
253 
  lcp_options *ho = &lcp_hisoptions[unit];
254 
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
255 
 
256 
  AUTHDEBUG((LOG_INFO, "link_established: %d\n", unit));
257 
  /*
258 
   * Tell higher-level protocols that LCP is up.
259 
   */
260 
  for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
261 
    if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL) {
262 
      (*protp->lowerup)(unit);
263 
    }
264 
  }
265 
  if (ppp_settings.auth_required && !(go->neg_chap || go->neg_upap)) {
266 
    /*
267 
     * We wanted the peer to authenticate itself, and it refused:
268 
     * treat it as though it authenticated with PAP using a username
269 
     * of "" and a password of "".  If that's not OK, boot it out.
270 
     */
271 
    if (!wo->neg_upap || !null_login(unit)) {
272 
      AUTHDEBUG((LOG_WARNING, "peer refused to authenticate\n"));
273 
      lcp_close(unit, "peer refused to authenticate");
274 
      return;
275 
    }
276 
  }
277 
 
278 
  lcp_phase[unit] = PHASE_AUTHENTICATE;
279 
  auth = 0;
280 
#if CHAP_SUPPORT
281 
  if (go->neg_chap) {
282 
    ChapAuthPeer(unit, ppp_settings.our_name, go->chap_mdtype);
283 
    auth |= CHAP_PEER;
284 
  }
285 
#endif /* CHAP_SUPPORT */
286 
#if PAP_SUPPORT && CHAP_SUPPORT
287 
  else
288 
#endif /* PAP_SUPPORT && CHAP_SUPPORT */
289 
#if PAP_SUPPORT
290 
  if (go->neg_upap) {
291 
    upap_authpeer(unit);
292 
    auth |= PAP_PEER;
293 
  }
294 
#endif /* PAP_SUPPORT */
295 
#if CHAP_SUPPORT
296 
  if (ho->neg_chap) {
297 
    ChapAuthWithPeer(unit, ppp_settings.user, ho->chap_mdtype);
298 
    auth |= CHAP_WITHPEER;
299 
  }
300 
#endif /* CHAP_SUPPORT */
301 
#if PAP_SUPPORT && CHAP_SUPPORT
302 
  else
303 
#endif /* PAP_SUPPORT && CHAP_SUPPORT */
304 
#if PAP_SUPPORT
305 
  if (ho->neg_upap) {
306 
    if (ppp_settings.passwd[0] == 0) {
307 
      passwd_from_file = 1;
308 
      if (!get_pap_passwd(unit, ppp_settings.user, ppp_settings.passwd)) {
309 
        AUTHDEBUG((LOG_ERR, "No secret found for PAP login\n"));
310 
      }
311 
    }
312 
    upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd);
313 
    auth |= PAP_WITHPEER;
314 
  }
315 
#endif /* PAP_SUPPORT */
316 
  auth_pending[unit] = auth;
317 
 
318 
  if (!auth) {
319 
    network_phase(unit);
320 
  }
321 
}
322 
 
323 
/*
324 
 * The peer has failed to authenticate himself using `protocol'.
325 
 */
326 
void
327 
auth_peer_fail(int unit, u16_t protocol)
328 
{
329 
  LWIP_UNUSED_ARG(protocol);
330 
 
331 
  AUTHDEBUG((LOG_INFO, "auth_peer_fail: %d proto=%X\n", unit, protocol));
332 
  /*
333 
   * Authentication failure: take the link down
334 
   */
335 
  lcp_close(unit, "Authentication failed");
336 
}
337 
 
338 
 
339 
#if PAP_SUPPORT || CHAP_SUPPORT
340 
/*
341 
 * The peer has been successfully authenticated using `protocol'.
342 
 */
343 
void
344 
auth_peer_success(int unit, u16_t protocol, char *name, int namelen)
345 
{
346 
  int pbit;
347 
 
348 
  AUTHDEBUG((LOG_INFO, "auth_peer_success: %d proto=%X\n", unit, protocol));
349 
  switch (protocol) {
350 
    case PPP_CHAP:
351 
      pbit = CHAP_PEER;
352 
      break;
353 
    case PPP_PAP:
354 
      pbit = PAP_PEER;
355 
      break;
356 
    default:
357 
      AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol));
358 
      return;
359 
  }
360 
 
361 
  /*
362 
   * Save the authenticated name of the peer for later.
363 
   */
364 
  if (namelen > sizeof(peer_authname) - 1) {
365 
    namelen = sizeof(peer_authname) - 1;
366 
  }
367 
  BCOPY(name, peer_authname, namelen);
368 
  peer_authname[namelen] = 0;
369 
 
370 
  /*
371 
   * If there is no more authentication still to be done,
372 
   * proceed to the network (or callback) phase.
373 
   */
374 
  if ((auth_pending[unit] &= ~pbit) == 0) {
375 
    network_phase(unit);
376 
  }
377 
}
378 
 
379 
/*
380 
 * We have failed to authenticate ourselves to the peer using `protocol'.
381 
 */
382 
void
383 
auth_withpeer_fail(int unit, u16_t protocol)
384 
{
385 
  int errCode = PPPERR_AUTHFAIL;
386 
 
387 
  LWIP_UNUSED_ARG(protocol);
388 
 
389 
  AUTHDEBUG((LOG_INFO, "auth_withpeer_fail: %d proto=%X\n", unit, protocol));
390 
  if (passwd_from_file) {
391 
    BZERO(ppp_settings.passwd, MAXSECRETLEN);
392 
  }
393 
  /*
394 
   * XXX Warning: the unit number indicates the interface which is
395 
   * not necessarily the PPP connection.  It works here as long
396 
   * as we are only supporting PPP interfaces.
397 
   */
398 
  pppIOCtl(unit, PPPCTLS_ERRCODE, &errCode);
399 
 
400 
  /*
401 
   * We've failed to authenticate ourselves to our peer.
402 
   * He'll probably take the link down, and there's not much
403 
   * we can do except wait for that.
404 
   */
405 
}
406 
 
407 
/*
408 
 * We have successfully authenticated ourselves with the peer using `protocol'.
409 
 */
410 
void
411 
auth_withpeer_success(int unit, u16_t protocol)
412 
{
413 
  int pbit;
414 
 
415 
  AUTHDEBUG((LOG_INFO, "auth_withpeer_success: %d proto=%X\n", unit, protocol));
416 
  switch (protocol) {
417 
    case PPP_CHAP:
418 
      pbit = CHAP_WITHPEER;
419 
      break;
420 
    case PPP_PAP:
421 
      if (passwd_from_file) {
422 
        BZERO(ppp_settings.passwd, MAXSECRETLEN);
423 
      }
424 
      pbit = PAP_WITHPEER;
425 
      break;
426 
    default:
427 
      AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol));
428 
      pbit = 0;
429 
  }
430 
 
431 
  /*
432 
   * If there is no more authentication still being done,
433 
   * proceed to the network (or callback) phase.
434 
   */
435 
  if ((auth_pending[unit] &= ~pbit) == 0) {
436 
    network_phase(unit);
437 
  }
438 
}
439 
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
440 
 
441 
 
442 
/*
443 
 * np_up - a network protocol has come up.
444 
 */
445 
void
446 
np_up(int unit, u16_t proto)
447 
{
448 
  LWIP_UNUSED_ARG(unit);
449 
  LWIP_UNUSED_ARG(proto);
450 
 
451 
  AUTHDEBUG((LOG_INFO, "np_up: %d proto=%X\n", unit, proto));
452 
  if (num_np_up == 0) {
453 
    AUTHDEBUG((LOG_INFO, "np_up: maxconnect=%d idle_time_limit=%d\n",ppp_settings.maxconnect,ppp_settings.idle_time_limit));
454 
    /*
455 
     * At this point we consider that the link has come up successfully.
456 
     */
457 
    if (ppp_settings.idle_time_limit > 0) {
458 
      TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit);
459 
    }
460 
 
461 
    /*
462 
     * Set a timeout to close the connection once the maximum
463 
     * connect time has expired.
464 
     */
465 
    if (ppp_settings.maxconnect > 0) {
466 
      TIMEOUT(connect_time_expired, 0, ppp_settings.maxconnect);
467 
    }
468 
  }
469 
  ++num_np_up;
470 
}
471 
 
472 
/*
473 
 * np_down - a network protocol has gone down.
474 
 */
475 
void
476 
np_down(int unit, u16_t proto)
477 
{
478 
  LWIP_UNUSED_ARG(unit);
479 
  LWIP_UNUSED_ARG(proto);
480 
 
481 
  AUTHDEBUG((LOG_INFO, "np_down: %d proto=%X\n", unit, proto));
482 
  if (--num_np_up == 0 && ppp_settings.idle_time_limit > 0) {
483 
    UNTIMEOUT(check_idle, NULL);
484 
  }
485 
}
486 
 
487 
/*
488 
 * np_finished - a network protocol has finished using the link.
489 
 */
490 
void
491 
np_finished(int unit, u16_t proto)
492 
{
493 
  LWIP_UNUSED_ARG(unit);
494 
  LWIP_UNUSED_ARG(proto);
495 
 
496 
  AUTHDEBUG((LOG_INFO, "np_finished: %d proto=%X\n", unit, proto));
497 
  if (--num_np_open <= 0) {
498 
    /* no further use for the link: shut up shop. */
499 
    lcp_close(0, "No network protocols running");
500 
  }
501 
}
502 
 
503 
/*
504 
 * auth_reset - called when LCP is starting negotiations to recheck
505 
 * authentication options, i.e. whether we have appropriate secrets
506 
 * to use for authenticating ourselves and/or the peer.
507 
 */
508 
void
509 
auth_reset(int unit)
510 
{
511 
  lcp_options *go = &lcp_gotoptions[unit];
512 
  lcp_options *ao = &lcp_allowoptions[0];
513 
  ipcp_options *ipwo = &ipcp_wantoptions[0];
514 
  u32_t remote;
515 
 
516 
  AUTHDEBUG((LOG_INFO, "auth_reset: %d\n", unit));
517 
  ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(unit, NULL, NULL));
518 
  ao->neg_chap = !ppp_settings.refuse_chap && ppp_settings.passwd[0] != 0 /*have_chap_secret(ppp_settings.user, ppp_settings.remote_name, (u32_t)0)*/;
519 
 
520 
  if (go->neg_upap && !have_pap_secret()) {
521 
    go->neg_upap = 0;
522 
  }
523 
  if (go->neg_chap) {
524 
    remote = ipwo->accept_remote? 0: ipwo->hisaddr;
525 
    if (!have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote)) {
526 
      go->neg_chap = 0;
527 
    }
528 
  }
529 
}
530 
 
531 
#if PAP_SUPPORT
532 
/*
533 
 * check_passwd - Check the user name and passwd against the PAP secrets
534 
 * file.  If requested, also check against the system password database,
535 
 * and login the user if OK.
536 
 *
537 
 * returns:
538 
 *  UPAP_AUTHNAK: Authentication failed.
539 
 *  UPAP_AUTHACK: Authentication succeeded.
540 
 * In either case, msg points to an appropriate message.
541 
 */
542 
int
543 
check_passwd( int unit, char *auser, int userlen, char *apasswd, int passwdlen, char **msg, int *msglen)
544 
{
545 
#if 1
546 
  LWIP_UNUSED_ARG(unit);
547 
  LWIP_UNUSED_ARG(auser);
548 
  LWIP_UNUSED_ARG(userlen);
549 
  LWIP_UNUSED_ARG(apasswd);
550 
  LWIP_UNUSED_ARG(passwdlen);
551 
  LWIP_UNUSED_ARG(msglen);
552 
  *msg = (char *) 0;
553 
  return UPAP_AUTHACK;     /* XXX Assume all entries OK. */
554 
#else
555 
  int ret = 0;
556 
  struct wordlist *addrs = NULL;
557 
  char passwd[256], user[256];
558 
  char secret[MAXWORDLEN];
559 
  static u_short attempts = 0;
560 
 
561 
  /*
562 
   * Make copies of apasswd and auser, then null-terminate them.
563 
   */
564 
  BCOPY(apasswd, passwd, passwdlen);
565 
  passwd[passwdlen] = '\0';
566 
  BCOPY(auser, user, userlen);
567 
  user[userlen] = '\0';
568 
  *msg = (char *) 0;
569 
 
570 
  /* XXX Validate user name and password. */
571 
  ret = UPAP_AUTHACK;     /* XXX Assume all entries OK. */
572 
 
573 
  if (ret == UPAP_AUTHNAK) {
574 
    if (*msg == (char *) 0) {
575 
      *msg = "Login incorrect";
576 
    }
577 
    *msglen = strlen(*msg);
578 
    /*
579 
     * Frustrate passwd stealer programs.
580 
     * Allow 10 tries, but start backing off after 3 (stolen from login).
581 
     * On 10'th, drop the connection.
582 
     */
583 
    if (attempts++ >= 10) {
584 
      AUTHDEBUG((LOG_WARNING, "%d LOGIN FAILURES BY %s\n", attempts, user));
585 
      /*ppp_panic("Excess Bad Logins");*/
586 
    }
587 
    if (attempts > 3) {
588 
      sys_msleep((attempts - 3) * 5);
589 
    }
590 
    if (addrs != NULL) {
591 
      free_wordlist(addrs);
592 
    }
593 
  } else {
594 
    attempts = 0; /* Reset count */
595 
    if (*msg == (char *) 0) {
596 
      *msg = "Login ok";
597 
    }
598 
    *msglen = strlen(*msg);
599 
    set_allowed_addrs(unit, addrs);
600 
  }
601 
 
602 
  BZERO(passwd, sizeof(passwd));
603 
  BZERO(secret, sizeof(secret));
604 
 
605 
  return ret;
606 
#endif
607 
}
608 
#endif /* PAP_SUPPORT */
609 
 
610 
 
611 
/*
612 
 * auth_ip_addr - check whether the peer is authorized to use
613 
 * a given IP address.  Returns 1 if authorized, 0 otherwise.
614 
 */
615 
int
616 
auth_ip_addr(int unit, u32_t addr)
617 
{
618 
  return ip_addr_check(addr, addresses[unit]);
619 
}
620 
 
621 
/*
622 
 * bad_ip_adrs - return 1 if the IP address is one we don't want
623 
 * to use, such as an address in the loopback net or a multicast address.
624 
 * addr is in network byte order.
625 
 */
626 
int
627 
bad_ip_adrs(u32_t addr)
628 
{
629 
  addr = ntohl(addr);
630 
  return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
631 
      || IN_MULTICAST(addr) || IN_BADCLASS(addr);
632 
}
633 
 
634 
 
635 
#if CHAP_SUPPORT
636 
/*
637 
 * get_secret - open the CHAP secret file and return the secret
638 
 * for authenticating the given client on the given server.
639 
 * (We could be either client or server).
640 
 */
641 
int get_secret( int unit, char *client, char *server, char *secret, int *secret_len, int save_addrs)
642 
{
643 
#if 1
644 
  int len;
645 
  struct wordlist *addrs;
646 
 
647 
  LWIP_UNUSED_ARG(unit);
648 
  LWIP_UNUSED_ARG(server);
649 
  LWIP_UNUSED_ARG(save_addrs);
650 
 
651 
  addrs = NULL;
652 
 
653 
  if(!client || !client[0] || strcmp(client, ppp_settings.user)) {
654 
    return 0;
655 
  }
656 
 
657 
  len = strlen(ppp_settings.passwd);
658 
  if (len > MAXSECRETLEN) {
659 
    AUTHDEBUG((LOG_ERR, "Secret for %s on %s is too long\n", client, server));
660 
    len = MAXSECRETLEN;
661 
  }
662 
 
663 
  BCOPY(ppp_settings.passwd, secret, len);
664 
  *secret_len = len;
665 
 
666 
  return 1;
667 
#else
668 
  int ret = 0, len;
669 
  struct wordlist *addrs;
670 
  char secbuf[MAXWORDLEN];
671 
 
672 
  addrs = NULL;
673 
  secbuf[0] = 0;
674 
 
675 
  /* XXX Find secret. */
676 
  if (ret < 0) {
677 
    return 0;
678 
  }
679 
 
680 
  if (save_addrs) {
681 
    set_allowed_addrs(unit, addrs);
682 
  }
683 
 
684 
  len = strlen(secbuf);
685 
  if (len > MAXSECRETLEN) {
686 
    AUTHDEBUG((LOG_ERR, "Secret for %s on %s is too long\n", client, server));
687 
    len = MAXSECRETLEN;
688 
  }
689 
 
690 
  BCOPY(secbuf, secret, len);
691 
  BZERO(secbuf, sizeof(secbuf));
692 
  *secret_len = len;
693 
 
694 
  return 1;
695 
#endif
696 
}
697 
#endif /* CHAP_SUPPORT */
698 
 
699 
 
700 
#if 0 /* UNUSED */
701 
/*
702 
 * auth_check_options - called to check authentication options.
703 
 */
704 
void
705 
auth_check_options(void)
706 
{
707 
  lcp_options *wo = &lcp_wantoptions[0];
708 
  int can_auth;
709 
  ipcp_options *ipwo = &ipcp_wantoptions[0];
710 
  u32_t remote;
711 
 
712 
  /* Default our_name to hostname, and user to our_name */
713 
  if (ppp_settings.our_name[0] == 0 || ppp_settings.usehostname) {
714 
      strcpy(ppp_settings.our_name, ppp_settings.hostname);
715 
  }
716 
 
717 
  if (ppp_settings.user[0] == 0) {
718 
    strcpy(ppp_settings.user, ppp_settings.our_name);
719 
  }
720 
 
721 
  /* If authentication is required, ask peer for CHAP or PAP. */
722 
  if (ppp_settings.auth_required && !wo->neg_chap && !wo->neg_upap) {
723 
    wo->neg_chap = 1;
724 
    wo->neg_upap = 1;
725 
  }
726 
 
727 
  /*
728 
   * Check whether we have appropriate secrets to use
729 
   * to authenticate the peer.
730 
   */
731 
  can_auth = wo->neg_upap && have_pap_secret();
732 
  if (!can_auth && wo->neg_chap) {
733 
    remote = ipwo->accept_remote? 0: ipwo->hisaddr;
734 
    can_auth = have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote);
735 
  }
736 
 
737 
  if (ppp_settings.auth_required && !can_auth) {
738 
    ppp_panic("No auth secret");
739 
  }
740 
}
741 
#endif
742 
 
743 
 
744 
/**********************************/
745 
/*** LOCAL FUNCTION DEFINITIONS ***/
746 
/**********************************/
747 
/*
748 
 * Proceed to the network phase.
749 
 */
750 
static void
751 
network_phase(int unit)
752 
{
753 
  int i;
754 
  struct protent *protp;
755 
  lcp_options *go = &lcp_gotoptions[unit];
756 
 
757 
  /*
758 
   * If the peer had to authenticate, run the auth-up script now.
759 
   */
760 
  if ((go->neg_chap || go->neg_upap) && !did_authup) {
761 
    /* XXX Do setup for peer authentication. */
762 
    did_authup = 1;
763 
  }
764 
 
765 
#if CBCP_SUPPORT
766 
  /*
767 
   * If we negotiated callback, do it now.
768 
   */
769 
  if (go->neg_cbcp) {
770 
    lcp_phase[unit] = PHASE_CALLBACK;
771 
    (*cbcp_protent.open)(unit);
772 
    return;
773 
  }
774 
#endif /* CBCP_SUPPORT */
775 
 
776 
  lcp_phase[unit] = PHASE_NETWORK;
777 
  for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
778 
    if (protp->protocol < 0xC000 && protp->enabled_flag && protp->open != NULL) {
779 
      (*protp->open)(unit);
780 
      if (protp->protocol != PPP_CCP) {
781 
        ++num_np_open;
782 
      }
783 
    }
784 
  }
785 
 
786 
  if (num_np_open == 0) {
787 
    /* nothing to do */
788 
    lcp_close(0, "No network protocols running");
789 
  }
790 
}
791 
 
792 
/*
793 
 * check_idle - check whether the link has been idle for long
794 
 * enough that we can shut it down.
795 
 */
796 
static void
797 
check_idle(void *arg)
798 
{
799 
  struct ppp_idle idle;
800 
  u_short itime;
801 
 
802 
  LWIP_UNUSED_ARG(arg);
803 
  if (!get_idle_time(0, &idle)) {
804 
    return;
805 
  }
806 
  itime = LWIP_MIN(idle.xmit_idle, idle.recv_idle);
807 
  if (itime >= ppp_settings.idle_time_limit) {
808 
    /* link is idle: shut it down. */
809 
    AUTHDEBUG((LOG_INFO, "Terminating connection due to lack of activity.\n"));
810 
    lcp_close(0, "Link inactive");
811 
  } else {
812 
    TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit - itime);
813 
  }
814 
}
815 
 
816 
/*
817 
 * connect_time_expired - log a message and close the connection.
818 
 */
819 
static void
820 
connect_time_expired(void *arg)
821 
{
822 
  LWIP_UNUSED_ARG(arg);
823 
 
824 
  AUTHDEBUG((LOG_INFO, "Connect time expired\n"));
825 
  lcp_close(0, "Connect time expired");   /* Close connection */
826 
}
827 
 
828 
#if 0
829 
/*
830 
 * login - Check the user name and password against the system
831 
 * password database, and login the user if OK.
832 
 *
833 
 * returns:
834 
 *  UPAP_AUTHNAK: Login failed.
835 
 *  UPAP_AUTHACK: Login succeeded.
836 
 * In either case, msg points to an appropriate message.
837 
 */
838 
static int
839 
login(char *user, char *passwd, char **msg, int *msglen)
840 
{
841 
  /* XXX Fail until we decide that we want to support logins. */
842 
  return (UPAP_AUTHNAK);
843 
}
844 
#endif
845 
 
846 
/*
847 
 * logout - Logout the user.
848 
 */
849 
static void
850 
logout(void)
851 
{
852 
  logged_in = 0;
853 
}
854 
 
855 
/*
856 
 * null_login - Check if a username of "" and a password of "" are
857 
 * acceptable, and iff so, set the list of acceptable IP addresses
858 
 * and return 1.
859 
 */
860 
static int
861 
null_login(int unit)
862 
{
863 
  LWIP_UNUSED_ARG(unit);
864 
  /* XXX Fail until we decide that we want to support logins. */
865 
  return 0;
866 
}
867 
 
868 
/*
869 
 * get_pap_passwd - get a password for authenticating ourselves with
870 
 * our peer using PAP.  Returns 1 on success, 0 if no suitable password
871 
 * could be found.
872 
 */
873 
static int
874 
get_pap_passwd(int unit, char *user, char *passwd)
875 
{
876 
  LWIP_UNUSED_ARG(unit);
877 
/* normally we would reject PAP if no password is provided,
878 
   but this causes problems with some providers (like CHT in Taiwan)
879 
   who incorrectly request PAP and expect a bogus/empty password, so
880 
   always provide a default user/passwd of "none"/"none"
881 
*/
882 
  if(user) {
883 
    strcpy(user, "none");
884 
  }
885 
  if(passwd) {
886 
    strcpy(passwd, "none");
887 
  }
888 
  return 1;
889 
}
890 
 
891 
/*
892 
 * have_pap_secret - check whether we have a PAP file with any
893 
 * secrets that we could possibly use for authenticating the peer.
894 
 */
895 
static int
896 
have_pap_secret(void)
897 
{
898 
  /* XXX Fail until we set up our passwords. */
899 
  return 0;
900 
}
901 
 
902 
/*
903 
 * have_chap_secret - check whether we have a CHAP file with a
904 
 * secret that we could possibly use for authenticating `client'
905 
 * on `server'.  Either can be the null string, meaning we don't
906 
 * know the identity yet.
907 
 */
908 
static int
909 
have_chap_secret(char *client, char *server, u32_t remote)
910 
{
911 
  LWIP_UNUSED_ARG(client);
912 
  LWIP_UNUSED_ARG(server);
913 
  LWIP_UNUSED_ARG(remote);
914 
  /* XXX Fail until we set up our passwords. */
915 
  return 0;
916 
}
917 
 
918 
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
919 
/*
920 
 * set_allowed_addrs() - set the list of allowed addresses.
921 
 */
922 
static void
923 
set_allowed_addrs(int unit, struct wordlist *addrs)
924 
{
925 
  if (addresses[unit] != NULL) {
926 
    free_wordlist(addresses[unit]);
927 
  }
928 
  addresses[unit] = addrs;
929 
 
930 
#if 0
931 
  /*
932 
   * If there's only one authorized address we might as well
933 
   * ask our peer for that one right away
934 
   */
935 
  if (addrs != NULL && addrs->next == NULL) {
936 
    char *p = addrs->word;
937 
    struct ipcp_options *wo = &ipcp_wantoptions[unit];
938 
    u32_t a;
939 
    struct hostent *hp;
940 
 
941 
    if (wo->hisaddr == 0 && *p != '!' && *p != '-' && strchr(p, '/') == NULL) {
942 
      hp = gethostbyname(p);
943 
      if (hp != NULL && hp->h_addrtype == AF_INET) {
944 
        a = *(u32_t *)hp->h_addr;
945 
      } else {
946 
        a = inet_addr(p);
947 
      }
948 
      if (a != (u32_t) -1) {
949 
        wo->hisaddr = a;
950 
      }
951 
    }
952 
  }
953 
#endif
954 
}
955 
#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
956 
 
957 
static int
958 
ip_addr_check(u32_t addr, struct wordlist *addrs)
959 
{
960 
  /* don't allow loopback or multicast address */
961 
  if (bad_ip_adrs(addr)) {
962 
    return 0;
963 
  }
964 
 
965 
  if (addrs == NULL) {
966 
    return !ppp_settings.auth_required; /* no addresses authorized */
967 
  }
968 
 
969 
  /* XXX All other addresses allowed. */
970 
  return 1;
971 
}
972 
 
973 
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
974 
/*
975 
 * free_wordlist - release memory allocated for a wordlist.
976 
 */
977 
static void
978 
free_wordlist(struct wordlist *wp)
979 
{
980 
  struct wordlist *next;
981 
 
982 
  while (wp != NULL) {
983 
    next = wp->next;
984 
    free(wp);
985 
    wp = next;
986 
  }
987 
}
988 
#endif  /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
989 
 
990 
#endif /* PPP_SUPPORT */

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.