OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [freertos-6.1.1/] [Demo/] [lwIP_MCF5235_GCC/] [lwip/] [src/] [netif/] [ppp/] [auth.c] - Blame information for rev 583

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 583 jeremybenn
/*****************************************************************************
2
* auth.c - Network Authentication and Phase Control program file.
3
*
4
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
5
* Copyright (c) 1997 by Global Election Systems Inc.  All rights reserved.
6
*
7
* The authors hereby grant permission to use, copy, modify, distribute,
8
* and license this software and its documentation for any purpose, provided
9
* that existing copyright notices are retained in all copies and that this
10
* notice and the following disclaimer are included verbatim in any
11
* distributions. No written agreement, license, or royalty fee is required
12
* for any of the authorized uses.
13
*
14
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
15
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
18
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24
*
25
******************************************************************************
26
* REVISION HISTORY
27
*
28
* 03-01-01 Marc Boucher <marc@mbsi.ca>
29
*   Ported to lwIP.
30
* 97-12-08 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
31
*   Ported from public pppd code.
32
*****************************************************************************/
33
/*
34
 * auth.c - PPP authentication and phase control.
35
 *
36
 * Copyright (c) 1993 The Australian National University.
37
 * All rights reserved.
38
 *
39
 * Redistribution and use in source and binary forms are permitted
40
 * provided that the above copyright notice and this paragraph are
41
 * duplicated in all such forms and that any documentation,
42
 * advertising materials, and other materials related to such
43
 * distribution and use acknowledge that the software was developed
44
 * by the Australian National University.  The name of the University
45
 * may not be used to endorse or promote products derived from this
46
 * software without specific prior written permission.
47
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
48
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
49
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
50
 *
51
 * Copyright (c) 1989 Carnegie Mellon University.
52
 * All rights reserved.
53
 *
54
 * Redistribution and use in source and binary forms are permitted
55
 * provided that the above copyright notice and this paragraph are
56
 * duplicated in all such forms and that any documentation,
57
 * advertising materials, and other materials related to such
58
 * distribution and use acknowledge that the software was developed
59
 * by Carnegie Mellon University.  The name of the
60
 * University may not be used to endorse or promote products derived
61
 * from this software without specific prior written permission.
62
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
63
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
64
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
65
 */
66
 
67
#include "ppp.h"
68
#if PPP_SUPPORT > 0
69
#include "fsm.h"
70
#include "lcp.h"
71
#include "pap.h"
72
#include "chap.h"
73
#include "auth.h"
74
#include "ipcp.h"
75
 
76
#if CBCP_SUPPORT > 0
77
#include "cbcp.h"
78
#endif
79
 
80
#include "pppdebug.h"
81
 
82
 
83
/*************************/
84
/*** LOCAL DEFINITIONS ***/
85
/*************************/
86
 
87
/* Bits in auth_pending[] */
88
#define PAP_WITHPEER    1
89
#define PAP_PEER    2
90
#define CHAP_WITHPEER   4
91
#define CHAP_PEER   8
92
 
93
 
94
 
95
/************************/
96
/*** LOCAL DATA TYPES ***/
97
/************************/
98
/* Used for storing a sequence of words.  Usually malloced. */
99
struct wordlist {
100
    struct wordlist *next;
101
    char        word[1];
102
};
103
 
104
 
105
 
106
/***********************************/
107
/*** LOCAL FUNCTION DECLARATIONS ***/
108
/***********************************/
109
extern char *crypt (const char *, const char *);
110
 
111
/* Prototypes for procedures local to this file. */
112
 
113
static void network_phase (int);
114
static void check_idle (void *);
115
static void connect_time_expired (void *);
116
#if 0
117
static int  login (char *, char *, char **, int *);
118
#endif
119
static void logout (void);
120
static int  null_login (int);
121
static int  get_pap_passwd (int, char *, char *);
122
static int  have_pap_secret (void);
123
static int  have_chap_secret (char *, char *, u32_t);
124
static int  ip_addr_check (u32_t, struct wordlist *);
125
#if 0 /* PAP_SUPPORT > 0 || CHAP_SUPPORT > 0 */
126
static void set_allowed_addrs(int unit, struct wordlist *addrs);
127
static void free_wordlist (struct wordlist *);
128
#endif
129
#if CBCP_SUPPORT > 0
130
static void callback_phase (int);
131
#endif
132
 
133
 
134
/******************************/
135
/*** PUBLIC DATA STRUCTURES ***/
136
/******************************/
137
 
138
 
139
/*****************************/
140
/*** LOCAL DATA STRUCTURES ***/
141
/*****************************/
142
#if PAP_SUPPORT > 0 || CHAP_SUPPORT > 0
143
/* The name by which the peer authenticated itself to us. */
144
static char peer_authname[MAXNAMELEN];
145
#endif
146
 
147
/* Records which authentication operations haven't completed yet. */
148
static int auth_pending[NUM_PPP];
149
 
150
/* Set if we have successfully called login() */
151
static int logged_in;
152
 
153
/* Set if we have run the /etc/ppp/auth-up script. */
154
static int did_authup;
155
 
156
/* List of addresses which the peer may use. */
157
static struct wordlist *addresses[NUM_PPP];
158
 
159
/* Number of network protocols which we have opened. */
160
static int num_np_open;
161
 
162
/* Number of network protocols which have come up. */
163
static int num_np_up;
164
 
165
#if PAP_SUPPORT > 0 || CHAP_SUPPORT > 0
166
/* Set if we got the contents of passwd[] from the pap-secrets file. */
167
static int passwd_from_file;
168
#endif
169
 
170
 
171
 
172
/***********************************/
173
/*** PUBLIC FUNCTION DEFINITIONS ***/
174
/***********************************/
175
/*
176
 * An Open on LCP has requested a change from Dead to Establish phase.
177
 * Do what's necessary to bring the physical layer up.
178
 */
179
void link_required(int unit)
180
{
181
    AUTHDEBUG((LOG_INFO, "link_required: %d\n", unit));
182
}
183
 
184
/*
185
 * LCP has terminated the link; go to the Dead phase and take the
186
 * physical layer down.
187
 */
188
void link_terminated(int unit)
189
{
190
    AUTHDEBUG((LOG_INFO, "link_terminated: %d\n", unit));
191
 
192
    if (lcp_phase[unit] == PHASE_DEAD)
193
        return;
194
    if (logged_in)
195
        logout();
196
    lcp_phase[unit] = PHASE_DEAD;
197
    AUTHDEBUG((LOG_NOTICE, "Connection terminated.\n"));
198
        pppMainWakeup(unit);
199
}
200
 
201
/*
202
 * LCP has gone down; it will either die or try to re-establish.
203
 */
204
void link_down(int unit)
205
{
206
    int i;
207
    struct protent *protp;
208
 
209
    AUTHDEBUG((LOG_INFO, "link_down: %d\n", unit));
210
    if (did_authup) {
211
        /* XXX Do link down processing. */
212
        did_authup = 0;
213
    }
214
    for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
215
        if (!protp->enabled_flag)
216
            continue;
217
        if (protp->protocol != PPP_LCP && protp->lowerdown != NULL)
218
            (*protp->lowerdown)(unit);
219
        if (protp->protocol < 0xC000 && protp->close != NULL)
220
            (*protp->close)(unit, "LCP down");
221
    }
222
    num_np_open = 0;
223
    num_np_up = 0;
224
    if (lcp_phase[unit] != PHASE_DEAD)
225
        lcp_phase[unit] = PHASE_TERMINATE;
226
        pppMainWakeup(unit);
227
}
228
 
229
/*
230
 * The link is established.
231
 * Proceed to the Dead, Authenticate or Network phase as appropriate.
232
 */
233
void link_established(int unit)
234
{
235
    int auth;
236
    int i;
237
    struct protent *protp;
238
    lcp_options *wo = &lcp_wantoptions[unit];
239
    lcp_options *go = &lcp_gotoptions[unit];
240
#if PAP_SUPPORT > 0 || CHAP_SUPPORT > 0
241
    lcp_options *ho = &lcp_hisoptions[unit];
242
#endif
243
 
244
    AUTHDEBUG((LOG_INFO, "link_established: %d\n", unit));
245
    /*
246
     * Tell higher-level protocols that LCP is up.
247
     */
248
    for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i)
249
        if (protp->protocol != PPP_LCP && protp->enabled_flag
250
                && protp->lowerup != NULL)
251
            (*protp->lowerup)(unit);
252
 
253
    if (ppp_settings.auth_required && !(go->neg_chap || go->neg_upap)) {
254
        /*
255
         * We wanted the peer to authenticate itself, and it refused:
256
         * treat it as though it authenticated with PAP using a username
257
         * of "" and a password of "".  If that's not OK, boot it out.
258
         */
259
        if (!wo->neg_upap || !null_login(unit)) {
260
            AUTHDEBUG((LOG_WARNING, "peer refused to authenticate\n"));
261
            lcp_close(unit, "peer refused to authenticate");
262
            return;
263
        }
264
    }
265
 
266
    lcp_phase[unit] = PHASE_AUTHENTICATE;
267
    auth = 0;
268
#if CHAP_SUPPORT > 0
269
    if (go->neg_chap) {
270
        ChapAuthPeer(unit, ppp_settings.our_name, go->chap_mdtype);
271
        auth |= CHAP_PEER;
272
    }
273
#endif
274
#if PAP_SUPPORT > 0 && CHAP_SUPPORT > 0
275
    else
276
#endif
277
#if PAP_SUPPORT > 0
278
    if (go->neg_upap) {
279
        upap_authpeer(unit);
280
        auth |= PAP_PEER;
281
    }
282
#endif
283
#if CHAP_SUPPORT > 0
284
    if (ho->neg_chap) {
285
        ChapAuthWithPeer(unit, ppp_settings.user, ho->chap_mdtype);
286
        auth |= CHAP_WITHPEER;
287
    }
288
#endif
289
#if PAP_SUPPORT > 0 && CHAP_SUPPORT > 0
290
    else
291
#endif
292
#if PAP_SUPPORT > 0
293
    if (ho->neg_upap) {
294
        if (ppp_settings.passwd[0] == 0) {
295
            passwd_from_file = 1;
296
            if (!get_pap_passwd(unit, ppp_settings.user, ppp_settings.passwd))
297
                AUTHDEBUG((LOG_ERR, "No secret found for PAP login\n"));
298
        }
299
        upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd);
300
        auth |= PAP_WITHPEER;
301
    }
302
#endif
303
    auth_pending[unit] = auth;
304
 
305
    if (!auth)
306
        network_phase(unit);
307
}
308
 
309
 
310
/*
311
 * The peer has failed to authenticate himself using `protocol'.
312
 */
313
void auth_peer_fail(int unit, u16_t protocol)
314
{
315
    AUTHDEBUG((LOG_INFO, "auth_peer_fail: %d proto=%X\n", unit, protocol));
316
    /*
317
     * Authentication failure: take the link down
318
     */
319
    lcp_close(unit, "Authentication failed");
320
}
321
 
322
 
323
#if PAP_SUPPORT > 0 || CHAP_SUPPORT > 0
324
/*
325
 * The peer has been successfully authenticated using `protocol'.
326
 */
327
void auth_peer_success(int unit, u16_t protocol, char *name, int namelen)
328
{
329
    int pbit;
330
 
331
    AUTHDEBUG((LOG_INFO, "auth_peer_success: %d proto=%X\n", unit, protocol));
332
    switch (protocol) {
333
    case PPP_CHAP:
334
        pbit = CHAP_PEER;
335
        break;
336
    case PPP_PAP:
337
        pbit = PAP_PEER;
338
        break;
339
    default:
340
        AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n",
341
               protocol));
342
        return;
343
    }
344
 
345
    /*
346
     * Save the authenticated name of the peer for later.
347
     */
348
    if (namelen > sizeof(peer_authname) - 1)
349
        namelen = sizeof(peer_authname) - 1;
350
    BCOPY(name, peer_authname, namelen);
351
    peer_authname[namelen] = 0;
352
 
353
    /*
354
     * If there is no more authentication still to be done,
355
     * proceed to the network (or callback) phase.
356
     */
357
    if ((auth_pending[unit] &= ~pbit) == 0)
358
        network_phase(unit);
359
}
360
 
361
/*
362
 * We have failed to authenticate ourselves to the peer using `protocol'.
363
 */
364
void auth_withpeer_fail(int unit, u16_t protocol)
365
{
366
    int errCode = PPPERR_AUTHFAIL;
367
 
368
    AUTHDEBUG((LOG_INFO, "auth_withpeer_fail: %d proto=%X\n", unit, protocol));
369
    if (passwd_from_file)
370
        BZERO(ppp_settings.passwd, MAXSECRETLEN);
371
    /*
372
     * XXX Warning: the unit number indicates the interface which is
373
     * not necessarily the PPP connection.  It works here as long
374
     * as we are only supporting PPP interfaces.
375
     */
376
    pppIOCtl(unit, PPPCTLS_ERRCODE, &errCode);
377
 
378
    /*
379
     * We've failed to authenticate ourselves to our peer.
380
     * He'll probably take the link down, and there's not much
381
     * we can do except wait for that.
382
     */
383
}
384
 
385
/*
386
 * We have successfully authenticated ourselves with the peer using `protocol'.
387
 */
388
void auth_withpeer_success(int unit, u16_t protocol)
389
{
390
    int pbit;
391
 
392
    AUTHDEBUG((LOG_INFO, "auth_withpeer_success: %d proto=%X\n", unit, protocol));
393
    switch (protocol) {
394
    case PPP_CHAP:
395
        pbit = CHAP_WITHPEER;
396
        break;
397
    case PPP_PAP:
398
        if (passwd_from_file)
399
            BZERO(ppp_settings.passwd, MAXSECRETLEN);
400
        pbit = PAP_WITHPEER;
401
        break;
402
    default:
403
        AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n",
404
               protocol));
405
        pbit = 0;
406
    }
407
 
408
    /*
409
     * If there is no more authentication still being done,
410
     * proceed to the network (or callback) phase.
411
     */
412
    if ((auth_pending[unit] &= ~pbit) == 0)
413
        network_phase(unit);
414
}
415
#endif
416
 
417
 
418
/*
419
 * np_up - a network protocol has come up.
420
 */
421
void np_up(int unit, u16_t proto)
422
{
423
    AUTHDEBUG((LOG_INFO, "np_up: %d proto=%X\n", unit, proto));
424
    if (num_np_up == 0) {
425
        AUTHDEBUG((LOG_INFO, "np_up: maxconnect=%d idle_time_limit=%d\n",ppp_settings.maxconnect,ppp_settings.idle_time_limit));
426
        /*
427
         * At this point we consider that the link has come up successfully.
428
         */
429
        if (ppp_settings.idle_time_limit > 0)
430
            TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit);
431
 
432
        /*
433
         * Set a timeout to close the connection once the maximum
434
         * connect time has expired.
435
         */
436
        if (ppp_settings.maxconnect > 0)
437
            TIMEOUT(connect_time_expired, 0, ppp_settings.maxconnect);
438
    }
439
    ++num_np_up;
440
}
441
 
442
/*
443
 * np_down - a network protocol has gone down.
444
 */
445
void np_down(int unit, u16_t proto)
446
{
447
    AUTHDEBUG((LOG_INFO, "np_down: %d proto=%X\n", unit, proto));
448
    if (--num_np_up == 0 && ppp_settings.idle_time_limit > 0) {
449
        UNTIMEOUT(check_idle, NULL);
450
    }
451
}
452
 
453
/*
454
 * np_finished - a network protocol has finished using the link.
455
 */
456
void np_finished(int unit, u16_t proto)
457
{
458
    AUTHDEBUG((LOG_INFO, "np_finished: %d proto=%X\n", unit, proto));
459
    if (--num_np_open <= 0) {
460
        /* no further use for the link: shut up shop. */
461
        lcp_close(0, "No network protocols running");
462
    }
463
}
464
 
465
/*
466
 * auth_reset - called when LCP is starting negotiations to recheck
467
 * authentication options, i.e. whether we have appropriate secrets
468
 * to use for authenticating ourselves and/or the peer.
469
 */
470
void auth_reset(int unit)
471
{
472
    lcp_options *go = &lcp_gotoptions[unit];
473
    lcp_options *ao = &lcp_allowoptions[0];
474
    ipcp_options *ipwo = &ipcp_wantoptions[0];
475
    u32_t remote;
476
 
477
    AUTHDEBUG((LOG_INFO, "auth_reset: %d\n", unit));
478
    ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(unit, NULL, NULL));
479
    ao->neg_chap = !ppp_settings.refuse_chap && ppp_settings.passwd[0] != 0 /*have_chap_secret(ppp_settings.user, ppp_settings.remote_name, (u32_t)0)*/;
480
 
481
    if (go->neg_upap && !have_pap_secret())
482
        go->neg_upap = 0;
483
    if (go->neg_chap) {
484
        remote = ipwo->accept_remote? 0: ipwo->hisaddr;
485
        if (!have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote))
486
            go->neg_chap = 0;
487
    }
488
}
489
 
490
 
491
#if PAP_SUPPORT > 0
492
/*
493
 * check_passwd - Check the user name and passwd against the PAP secrets
494
 * file.  If requested, also check against the system password database,
495
 * and login the user if OK.
496
 *
497
 * returns:
498
 *  UPAP_AUTHNAK: Authentication failed.
499
 *  UPAP_AUTHACK: Authentication succeeded.
500
 * In either case, msg points to an appropriate message.
501
 */
502
int check_passwd(
503
        int unit,
504
        char *auser,
505
        int userlen,
506
        char *apasswd,
507
        int passwdlen,
508
        char **msg,
509
        int *msglen
510
)
511
{
512
#if 1
513
        *msg = (char *) 0;
514
        return UPAP_AUTHACK;     /* XXX Assume all entries OK. */
515
#else
516
    int ret = 0;
517
    struct wordlist *addrs = NULL;
518
    char passwd[256], user[256];
519
    char secret[MAXWORDLEN];
520
    static u_short attempts = 0;
521
 
522
    /*
523
     * Make copies of apasswd and auser, then null-terminate them.
524
     */
525
    BCOPY(apasswd, passwd, passwdlen);
526
    passwd[passwdlen] = '\0';
527
    BCOPY(auser, user, userlen);
528
    user[userlen] = '\0';
529
    *msg = (char *) 0;
530
 
531
    /* XXX Validate user name and password. */
532
    ret = UPAP_AUTHACK;     /* XXX Assume all entries OK. */
533
 
534
    if (ret == UPAP_AUTHNAK) {
535
        if (*msg == (char *) 0)
536
            *msg = "Login incorrect";
537
        *msglen = strlen(*msg);
538
        /*
539
         * Frustrate passwd stealer programs.
540
         * Allow 10 tries, but start backing off after 3 (stolen from login).
541
         * On 10'th, drop the connection.
542
         */
543
        if (attempts++ >= 10) {
544
            AUTHDEBUG((LOG_WARNING, "%d LOGIN FAILURES BY %s\n", attempts, user));
545
            /*ppp_panic("Excess Bad Logins");*/
546
        }
547
        if (attempts > 3) {
548
            sys_msleep((attempts - 3) * 5);
549
        }
550
        if (addrs != NULL) {
551
            free_wordlist(addrs);
552
        }
553
    } else {
554
        attempts = 0;           /* Reset count */
555
        if (*msg == (char *) 0)
556
            *msg = "Login ok";
557
        *msglen = strlen(*msg);
558
        set_allowed_addrs(unit, addrs);
559
    }
560
 
561
    BZERO(passwd, sizeof(passwd));
562
    BZERO(secret, sizeof(secret));
563
 
564
    return ret;
565
#endif
566
}
567
#endif
568
 
569
 
570
/*
571
 * auth_ip_addr - check whether the peer is authorized to use
572
 * a given IP address.  Returns 1 if authorized, 0 otherwise.
573
 */
574
int auth_ip_addr(int unit, u32_t addr)
575
{
576
    return ip_addr_check(addr, addresses[unit]);
577
}
578
 
579
/*
580
 * bad_ip_adrs - return 1 if the IP address is one we don't want
581
 * to use, such as an address in the loopback net or a multicast address.
582
 * addr is in network byte order.
583
 */
584
int bad_ip_adrs(u32_t addr)
585
{
586
    addr = ntohl(addr);
587
    return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
588
        || IN_MULTICAST(addr) || IN_BADCLASS(addr);
589
}
590
 
591
 
592
#if CHAP_SUPPORT > 0
593
/*
594
 * get_secret - open the CHAP secret file and return the secret
595
 * for authenticating the given client on the given server.
596
 * (We could be either client or server).
597
 */
598
int get_secret(
599
    int unit,
600
    char *client,
601
    char *server,
602
    char *secret,
603
    int *secret_len,
604
    int save_addrs
605
)
606
{
607
#if 1
608
    int len;
609
    struct wordlist *addrs;
610
 
611
    addrs = NULL;
612
 
613
    if(!client || !client[0] || strcmp(client, ppp_settings.user)) {
614
        return 0;
615
    }
616
 
617
    len = strlen(ppp_settings.passwd);
618
    if (len > MAXSECRETLEN) {
619
        AUTHDEBUG((LOG_ERR, "Secret for %s on %s is too long\n", client, server));
620
        len = MAXSECRETLEN;
621
    }
622
    BCOPY(ppp_settings.passwd, secret, len);
623
    *secret_len = len;
624
 
625
    return 1;
626
#else
627
    int ret = 0, len;
628
    struct wordlist *addrs;
629
    char secbuf[MAXWORDLEN];
630
 
631
    addrs = NULL;
632
    secbuf[0] = 0;
633
 
634
    /* XXX Find secret. */
635
    if (ret < 0)
636
        return 0;
637
 
638
    if (save_addrs)
639
        set_allowed_addrs(unit, addrs);
640
 
641
    len = strlen(secbuf);
642
    if (len > MAXSECRETLEN) {
643
        AUTHDEBUG((LOG_ERR, "Secret for %s on %s is too long\n", client, server));
644
        len = MAXSECRETLEN;
645
    }
646
    BCOPY(secbuf, secret, len);
647
    BZERO(secbuf, sizeof(secbuf));
648
    *secret_len = len;
649
 
650
    return 1;
651
#endif
652
}
653
#endif
654
 
655
 
656
#if 0 /* UNUSED */
657
/*
658
 * auth_check_options - called to check authentication options.
659
 */
660
void auth_check_options(void)
661
{
662
    lcp_options *wo = &lcp_wantoptions[0];
663
    int can_auth;
664
    ipcp_options *ipwo = &ipcp_wantoptions[0];
665
    u32_t remote;
666
 
667
    /* Default our_name to hostname, and user to our_name */
668
    if (ppp_settings.our_name[0] == 0 || ppp_settings.usehostname)
669
        strcpy(ppp_settings.our_name, ppp_settings.hostname);
670
    if (ppp_settings.user[0] == 0)
671
        strcpy(ppp_settings.user, ppp_settings.our_name);
672
 
673
    /* If authentication is required, ask peer for CHAP or PAP. */
674
    if (ppp_settings.auth_required && !wo->neg_chap && !wo->neg_upap) {
675
        wo->neg_chap = 1;
676
        wo->neg_upap = 1;
677
    }
678
 
679
    /*
680
     * Check whether we have appropriate secrets to use
681
     * to authenticate the peer.
682
     */
683
    can_auth = wo->neg_upap && have_pap_secret();
684
    if (!can_auth && wo->neg_chap) {
685
        remote = ipwo->accept_remote? 0: ipwo->hisaddr;
686
        can_auth = have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote);
687
    }
688
 
689
    if (ppp_settings.auth_required && !can_auth) {
690
        ppp_panic("No auth secret");
691
    }
692
}
693
#endif
694
 
695
 
696
/**********************************/
697
/*** LOCAL FUNCTION DEFINITIONS ***/
698
/**********************************/
699
/*
700
 * Proceed to the network phase.
701
 */
702
static void network_phase(int unit)
703
{
704
    int i;
705
    struct protent *protp;
706
    lcp_options *go = &lcp_gotoptions[unit];
707
 
708
    /*
709
     * If the peer had to authenticate, run the auth-up script now.
710
     */
711
    if ((go->neg_chap || go->neg_upap) && !did_authup) {
712
        /* XXX Do setup for peer authentication. */
713
        did_authup = 1;
714
    }
715
 
716
#if CBCP_SUPPORT > 0
717
    /*
718
     * If we negotiated callback, do it now.
719
     */
720
    if (go->neg_cbcp) {
721
        lcp_phase[unit] = PHASE_CALLBACK;
722
        (*cbcp_protent.open)(unit);
723
        return;
724
    }
725
#endif
726
 
727
    lcp_phase[unit] = PHASE_NETWORK;
728
    for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i)
729
        if (protp->protocol < 0xC000 && protp->enabled_flag
730
                && protp->open != NULL) {
731
            (*protp->open)(unit);
732
            if (protp->protocol != PPP_CCP)
733
                ++num_np_open;
734
        }
735
 
736
    if (num_np_open == 0)
737
        /* nothing to do */
738
        lcp_close(0, "No network protocols running");
739
}
740
 
741
/*
742
 * check_idle - check whether the link has been idle for long
743
 * enough that we can shut it down.
744
 */
745
static void check_idle(void *arg)
746
{
747
    struct ppp_idle idle;
748
    u_short itime;
749
 
750
        (void)arg;
751
    if (!get_idle_time(0, &idle))
752
        return;
753
    itime = LWIP_MIN(idle.xmit_idle, idle.recv_idle);
754
    if (itime >= ppp_settings.idle_time_limit) {
755
        /* link is idle: shut it down. */
756
        AUTHDEBUG((LOG_INFO, "Terminating connection due to lack of activity.\n"));
757
        lcp_close(0, "Link inactive");
758
    } else {
759
        TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit - itime);
760
    }
761
}
762
 
763
/*
764
 * connect_time_expired - log a message and close the connection.
765
 */
766
static void connect_time_expired(void *arg)
767
{
768
        (void)arg;
769
 
770
    AUTHDEBUG((LOG_INFO, "Connect time expired\n"));
771
    lcp_close(0, "Connect time expired");   /* Close connection */
772
}
773
 
774
#if 0
775
/*
776
 * login - Check the user name and password against the system
777
 * password database, and login the user if OK.
778
 *
779
 * returns:
780
 *  UPAP_AUTHNAK: Login failed.
781
 *  UPAP_AUTHACK: Login succeeded.
782
 * In either case, msg points to an appropriate message.
783
 */
784
static int login(char *user, char *passwd, char **msg, int *msglen)
785
{
786
    /* XXX Fail until we decide that we want to support logins. */
787
    return (UPAP_AUTHNAK);
788
}
789
#endif
790
 
791
/*
792
 * logout - Logout the user.
793
 */
794
static void logout(void)
795
{
796
    logged_in = 0;
797
}
798
 
799
 
800
/*
801
 * null_login - Check if a username of "" and a password of "" are
802
 * acceptable, and iff so, set the list of acceptable IP addresses
803
 * and return 1.
804
 */
805
static int null_login(int unit)
806
{
807
        (void)unit;
808
    /* XXX Fail until we decide that we want to support logins. */
809
    return 0;
810
}
811
 
812
 
813
/*
814
 * get_pap_passwd - get a password for authenticating ourselves with
815
 * our peer using PAP.  Returns 1 on success, 0 if no suitable password
816
 * could be found.
817
 */
818
static int get_pap_passwd(int unit, char *user, char *passwd)
819
{
820
/* normally we would reject PAP if no password is provided,
821
   but this causes problems with some providers (like CHT in Taiwan)
822
   who incorrectly request PAP and expect a bogus/empty password, so
823
   always provide a default user/passwd of "none"/"none"
824
*/
825
    if(user)
826
        strcpy(user,   "none");
827
    if(passwd)
828
        strcpy(passwd, "none");
829
 
830
    return 1;
831
}
832
 
833
 
834
/*
835
 * have_pap_secret - check whether we have a PAP file with any
836
 * secrets that we could possibly use for authenticating the peer.
837
 */
838
static int have_pap_secret(void)
839
{
840
    /* XXX Fail until we set up our passwords. */
841
    return 0;
842
}
843
 
844
 
845
/*
846
 * have_chap_secret - check whether we have a CHAP file with a
847
 * secret that we could possibly use for authenticating `client'
848
 * on `server'.  Either can be the null string, meaning we don't
849
 * know the identity yet.
850
 */
851
static int have_chap_secret(char *client, char *server, u32_t remote)
852
{
853
        (void)client;
854
        (void)server;
855
        (void)remote;
856
    /* XXX Fail until we set up our passwords. */
857
    return 0;
858
}
859
 
860
 
861
#if 0 /* PAP_SUPPORT > 0 || CHAP_SUPPORT > 0 */
862
/*
863
 * set_allowed_addrs() - set the list of allowed addresses.
864
 */
865
static void set_allowed_addrs(int unit, struct wordlist *addrs)
866
{
867
    if (addresses[unit] != NULL)
868
        free_wordlist(addresses[unit]);
869
    addresses[unit] = addrs;
870
 
871
#if 0
872
    /*
873
     * If there's only one authorized address we might as well
874
     * ask our peer for that one right away
875
     */
876
    if (addrs != NULL && addrs->next == NULL) {
877
        char *p = addrs->word;
878
        struct ipcp_options *wo = &ipcp_wantoptions[unit];
879
        u32_t a;
880
        struct hostent *hp;
881
 
882
        if (wo->hisaddr == 0 && *p != '!' && *p != '-'
883
                && strchr(p, '/') == NULL) {
884
            hp = gethostbyname(p);
885
            if (hp != NULL && hp->h_addrtype == AF_INET)
886
                a = *(u32_t *)hp->h_addr;
887
            else
888
                a = inet_addr(p);
889
            if (a != (u32_t) -1)
890
                wo->hisaddr = a;
891
        }
892
    }
893
#endif
894
}
895
#endif
896
 
897
static int ip_addr_check(u32_t addr, struct wordlist *addrs)
898
{
899
 
900
    /* don't allow loopback or multicast address */
901
    if (bad_ip_adrs(addr))
902
        return 0;
903
 
904
    if (addrs == NULL)
905
        return !ppp_settings.auth_required;      /* no addresses authorized */
906
 
907
    /* XXX All other addresses allowed. */
908
    return 1;
909
}
910
 
911
#if 0 /* PAP_SUPPORT > 0 || CHAP_SUPPORT */
912
/*
913
 * free_wordlist - release memory allocated for a wordlist.
914
 */
915
static void free_wordlist(struct wordlist *wp)
916
{
917
    struct wordlist *next;
918
 
919
    while (wp != NULL) {
920
        next = wp->next;
921
        free(wp);
922
        wp = next;
923
    }
924
}
925
#endif
926
 
927
#endif /* PPP_SUPPORT */

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.