xref: /freebsd/usr.sbin/ppp/auth.c (revision 1ae349f52c53416e04f1d038a8210f1a9fa7db2c) 
11ae349f5Scvs2svn /*
21ae349f5Scvs2svn  *			PPP Secret Key Module
31ae349f5Scvs2svn  *
41ae349f5Scvs2svn  *	    Written by Toshiharu OHNO (tony-o@iij.ad.jp)
51ae349f5Scvs2svn  *
61ae349f5Scvs2svn  *   Copyright (C) 1994, Internet Initiative Japan, Inc. All rights reserverd.
71ae349f5Scvs2svn  *
81ae349f5Scvs2svn  * Redistribution and use in source and binary forms are permitted
91ae349f5Scvs2svn  * provided that the above copyright notice and this paragraph are
101ae349f5Scvs2svn  * duplicated in all such forms and that any documentation,
111ae349f5Scvs2svn  * advertising materials, and other materials related to such
121ae349f5Scvs2svn  * distribution and use acknowledge that the software was developed
131ae349f5Scvs2svn  * by the Internet Initiative Japan, Inc.  The name of the
141ae349f5Scvs2svn  * IIJ may not be used to endorse or promote products derived
151ae349f5Scvs2svn  * from this software without specific prior written permission.
161ae349f5Scvs2svn  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
171ae349f5Scvs2svn  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
181ae349f5Scvs2svn  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
191ae349f5Scvs2svn  *
201ae349f5Scvs2svn  * $Id: auth.c,v 1.26 1998/01/05 01:35:17 brian Exp $
211ae349f5Scvs2svn  *
221ae349f5Scvs2svn  *	TODO:
231ae349f5Scvs2svn  *		o Implement check against with registered IP addresses.
241ae349f5Scvs2svn  */
251ae349f5Scvs2svn #include <sys/param.h>
261ae349f5Scvs2svn #include <netinet/in.h>
271ae349f5Scvs2svn 
281ae349f5Scvs2svn #include <stdio.h>
291ae349f5Scvs2svn #include <string.h>
301ae349f5Scvs2svn #include <unistd.h>
311ae349f5Scvs2svn 
321ae349f5Scvs2svn #include "command.h"
331ae349f5Scvs2svn #include "mbuf.h"
341ae349f5Scvs2svn #include "defs.h"
351ae349f5Scvs2svn #include "timer.h"
361ae349f5Scvs2svn #include "fsm.h"
371ae349f5Scvs2svn #include "ipcp.h"
381ae349f5Scvs2svn #include "loadalias.h"
391ae349f5Scvs2svn #include "vars.h"
401ae349f5Scvs2svn #include "auth.h"
411ae349f5Scvs2svn #include "chat.h"
421ae349f5Scvs2svn #include "systems.h"
431ae349f5Scvs2svn 
441ae349f5Scvs2svn void
451ae349f5Scvs2svn LocalAuthInit()
461ae349f5Scvs2svn {
471ae349f5Scvs2svn   if (!(mode&MODE_DAEMON))
481ae349f5Scvs2svn     /* We're allowed in interactive mode */
491ae349f5Scvs2svn     VarLocalAuth = LOCAL_AUTH;
501ae349f5Scvs2svn   else if (VarHaveLocalAuthKey)
511ae349f5Scvs2svn     VarLocalAuth = *VarLocalAuthKey == '\0' ? LOCAL_AUTH : LOCAL_NO_AUTH;
521ae349f5Scvs2svn   else
531ae349f5Scvs2svn     switch (LocalAuthValidate(SECRETFILE, VarShortHost, "")) {
541ae349f5Scvs2svn     case NOT_FOUND:
551ae349f5Scvs2svn       VarLocalAuth = LOCAL_DENY;
561ae349f5Scvs2svn       break;
571ae349f5Scvs2svn     case VALID:
581ae349f5Scvs2svn       VarLocalAuth = LOCAL_AUTH;
591ae349f5Scvs2svn       break;
601ae349f5Scvs2svn     case INVALID:
611ae349f5Scvs2svn       VarLocalAuth = LOCAL_NO_AUTH;
621ae349f5Scvs2svn       break;
631ae349f5Scvs2svn     }
641ae349f5Scvs2svn }
651ae349f5Scvs2svn 
661ae349f5Scvs2svn LOCAL_AUTH_VALID
671ae349f5Scvs2svn LocalAuthValidate(const char *fname, const char *system, const char *key)
681ae349f5Scvs2svn {
691ae349f5Scvs2svn   FILE *fp;
701ae349f5Scvs2svn   int n;
711ae349f5Scvs2svn   char *vector[3];
721ae349f5Scvs2svn   char buff[LINE_LEN];
731ae349f5Scvs2svn   LOCAL_AUTH_VALID rc;
741ae349f5Scvs2svn 
751ae349f5Scvs2svn   rc = NOT_FOUND;		/* No system entry */
761ae349f5Scvs2svn   fp = OpenSecret(fname);
771ae349f5Scvs2svn   if (fp == NULL)
781ae349f5Scvs2svn     return (rc);
791ae349f5Scvs2svn   while (fgets(buff, sizeof buff, fp)) {
801ae349f5Scvs2svn     if (buff[0] == '#')
811ae349f5Scvs2svn       continue;
821ae349f5Scvs2svn     buff[strlen(buff) - 1] = 0;
831ae349f5Scvs2svn     memset(vector, '\0', sizeof vector);
841ae349f5Scvs2svn     n = MakeArgs(buff, vector, VECSIZE(vector));
851ae349f5Scvs2svn     if (n < 1)
861ae349f5Scvs2svn       continue;
871ae349f5Scvs2svn     if (strcmp(vector[0], system) == 0) {
881ae349f5Scvs2svn       if ((vector[1] == (char *) NULL && (key == NULL || *key == '\0')) ||
891ae349f5Scvs2svn           (vector[1] != (char *) NULL && strcmp(vector[1], key) == 0)) {
901ae349f5Scvs2svn 	rc = VALID;		/* Valid   */
911ae349f5Scvs2svn       } else {
921ae349f5Scvs2svn 	rc = INVALID;		/* Invalid */
931ae349f5Scvs2svn       }
941ae349f5Scvs2svn       break;
951ae349f5Scvs2svn     }
961ae349f5Scvs2svn   }
971ae349f5Scvs2svn   CloseSecret(fp);
981ae349f5Scvs2svn   return (rc);
991ae349f5Scvs2svn }
1001ae349f5Scvs2svn 
1011ae349f5Scvs2svn int
1021ae349f5Scvs2svn AuthValidate(const char *fname, const char *system, const char *key)
1031ae349f5Scvs2svn {
1041ae349f5Scvs2svn   FILE *fp;
1051ae349f5Scvs2svn   int n;
1061ae349f5Scvs2svn   char *vector[5];
1071ae349f5Scvs2svn   char buff[LINE_LEN];
1081ae349f5Scvs2svn   char passwd[100];
1091ae349f5Scvs2svn 
1101ae349f5Scvs2svn   fp = OpenSecret(fname);
1111ae349f5Scvs2svn   if (fp == NULL)
1121ae349f5Scvs2svn     return (0);
1131ae349f5Scvs2svn   while (fgets(buff, sizeof buff, fp)) {
1141ae349f5Scvs2svn     if (buff[0] == '#')
1151ae349f5Scvs2svn       continue;
1161ae349f5Scvs2svn     buff[strlen(buff) - 1] = 0;
1171ae349f5Scvs2svn     memset(vector, '\0', sizeof vector);
1181ae349f5Scvs2svn     n = MakeArgs(buff, vector, VECSIZE(vector));
1191ae349f5Scvs2svn     if (n < 2)
1201ae349f5Scvs2svn       continue;
1211ae349f5Scvs2svn     if (strcmp(vector[0], system) == 0) {
1221ae349f5Scvs2svn       ExpandString(vector[1], passwd, sizeof passwd, 0);
1231ae349f5Scvs2svn       if (strcmp(passwd, key) == 0) {
1241ae349f5Scvs2svn 	CloseSecret(fp);
1251ae349f5Scvs2svn 	if (n > 2 && !UseHisaddr(vector[2], 1))
1261ae349f5Scvs2svn 	    return (0);
1271ae349f5Scvs2svn 	IpcpInit();
1281ae349f5Scvs2svn 	if (n > 3)
1291ae349f5Scvs2svn 	  SetLabel(vector[3]);
1301ae349f5Scvs2svn 	return (1);		/* Valid */
1311ae349f5Scvs2svn       }
1321ae349f5Scvs2svn     }
1331ae349f5Scvs2svn   }
1341ae349f5Scvs2svn   CloseSecret(fp);
1351ae349f5Scvs2svn   return (0);			/* Invalid */
1361ae349f5Scvs2svn }
1371ae349f5Scvs2svn 
1381ae349f5Scvs2svn char *
1391ae349f5Scvs2svn AuthGetSecret(const char *fname, const char *system, int len, int setaddr)
1401ae349f5Scvs2svn {
1411ae349f5Scvs2svn   FILE *fp;
1421ae349f5Scvs2svn   int n;
1431ae349f5Scvs2svn   char *vector[5];
1441ae349f5Scvs2svn   char buff[LINE_LEN];
1451ae349f5Scvs2svn   static char passwd[100];
1461ae349f5Scvs2svn 
1471ae349f5Scvs2svn   fp = OpenSecret(fname);
1481ae349f5Scvs2svn   if (fp == NULL)
1491ae349f5Scvs2svn     return (NULL);
1501ae349f5Scvs2svn   while (fgets(buff, sizeof buff, fp)) {
1511ae349f5Scvs2svn     if (buff[0] == '#')
1521ae349f5Scvs2svn       continue;
1531ae349f5Scvs2svn     buff[strlen(buff) - 1] = 0;
1541ae349f5Scvs2svn     memset(vector, '\0', sizeof vector);
1551ae349f5Scvs2svn     n = MakeArgs(buff, vector, VECSIZE(vector));
1561ae349f5Scvs2svn     if (n < 2)
1571ae349f5Scvs2svn       continue;
1581ae349f5Scvs2svn     if (strlen(vector[0]) == len && strncmp(vector[0], system, len) == 0) {
1591ae349f5Scvs2svn       ExpandString(vector[1], passwd, sizeof passwd, 0);
1601ae349f5Scvs2svn       if (setaddr) {
1611ae349f5Scvs2svn 	memset(&DefHisAddress, '\0', sizeof DefHisAddress);
1621ae349f5Scvs2svn       }
1631ae349f5Scvs2svn       if (n > 2 && setaddr)
1641ae349f5Scvs2svn 	if (UseHisaddr(vector[2], 1))
1651ae349f5Scvs2svn           IpcpInit();
1661ae349f5Scvs2svn         else
1671ae349f5Scvs2svn           return NULL;
1681ae349f5Scvs2svn       if (n > 3)
1691ae349f5Scvs2svn         SetLabel(vector[3]);
1701ae349f5Scvs2svn       return (passwd);
1711ae349f5Scvs2svn     }
1721ae349f5Scvs2svn   }
1731ae349f5Scvs2svn   CloseSecret(fp);
1741ae349f5Scvs2svn   return (NULL);		/* Invalid */
1751ae349f5Scvs2svn }
1761ae349f5Scvs2svn 
1771ae349f5Scvs2svn static void
1781ae349f5Scvs2svn AuthTimeout(void *vauthp)
1791ae349f5Scvs2svn {
1801ae349f5Scvs2svn   struct pppTimer *tp;
1811ae349f5Scvs2svn   struct authinfo *authp = (struct authinfo *)vauthp;
1821ae349f5Scvs2svn 
1831ae349f5Scvs2svn   tp = &authp->authtimer;
1841ae349f5Scvs2svn   StopTimer(tp);
1851ae349f5Scvs2svn   if (--authp->retry > 0) {
1861ae349f5Scvs2svn     StartTimer(tp);
1871ae349f5Scvs2svn     (authp->ChallengeFunc) (++authp->id);
1881ae349f5Scvs2svn   }
1891ae349f5Scvs2svn }
1901ae349f5Scvs2svn 
1911ae349f5Scvs2svn void
1921ae349f5Scvs2svn StartAuthChallenge(struct authinfo *authp)
1931ae349f5Scvs2svn {
1941ae349f5Scvs2svn   struct pppTimer *tp;
1951ae349f5Scvs2svn 
1961ae349f5Scvs2svn   tp = &authp->authtimer;
1971ae349f5Scvs2svn   StopTimer(tp);
1981ae349f5Scvs2svn   tp->func = AuthTimeout;
1991ae349f5Scvs2svn   tp->load = VarRetryTimeout * SECTICKS;
2001ae349f5Scvs2svn   tp->state = TIMER_STOPPED;
2011ae349f5Scvs2svn   tp->arg = (void *) authp;
2021ae349f5Scvs2svn   StartTimer(tp);
2031ae349f5Scvs2svn   authp->retry = 3;
2041ae349f5Scvs2svn   authp->id = 1;
2051ae349f5Scvs2svn   (authp->ChallengeFunc) (authp->id);
2061ae349f5Scvs2svn }
2071ae349f5Scvs2svn 
2081ae349f5Scvs2svn void
2091ae349f5Scvs2svn StopAuthTimer(struct authinfo *authp)
2101ae349f5Scvs2svn {
2111ae349f5Scvs2svn   StopTimer(&authp->authtimer);
2121ae349f5Scvs2svn }
213