xref: /freebsd/usr.sbin/ppp/auth.c (revision 643f49047ececa129a0e3f5e08ff3bfad942cb0c) 
11ae349f5Scvs2svn /*
21ae349f5Scvs2svn  *			PPP Secret Key Module
31ae349f5Scvs2svn  *
41ae349f5Scvs2svn  *	    Written by Toshiharu OHNO (tony-o@iij.ad.jp)
51ae349f5Scvs2svn  *
61ae349f5Scvs2svn  *   Copyright (C) 1994, Internet Initiative Japan, Inc. All rights reserverd.
71ae349f5Scvs2svn  *
81ae349f5Scvs2svn  * Redistribution and use in source and binary forms are permitted
91ae349f5Scvs2svn  * provided that the above copyright notice and this paragraph are
101ae349f5Scvs2svn  * duplicated in all such forms and that any documentation,
111ae349f5Scvs2svn  * advertising materials, and other materials related to such
121ae349f5Scvs2svn  * distribution and use acknowledge that the software was developed
131ae349f5Scvs2svn  * by the Internet Initiative Japan, Inc.  The name of the
141ae349f5Scvs2svn  * IIJ may not be used to endorse or promote products derived
151ae349f5Scvs2svn  * from this software without specific prior written permission.
161ae349f5Scvs2svn  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
171ae349f5Scvs2svn  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
181ae349f5Scvs2svn  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
191ae349f5Scvs2svn  *
20643f4904SBrian Somers  * $Id: auth.c,v 1.27.2.23 1998/04/23 03:22:43 brian Exp $
211ae349f5Scvs2svn  *
221ae349f5Scvs2svn  *	TODO:
231ae349f5Scvs2svn  *		o Implement check against with registered IP addresses.
241ae349f5Scvs2svn  */
252764b86aSBrian Somers #include <sys/types.h>
261ae349f5Scvs2svn #include <netinet/in.h>
27eaa4df37SBrian Somers #include <netinet/in_systm.h>
28eaa4df37SBrian Somers #include <netinet/ip.h>
291ae349f5Scvs2svn 
30d5015272SBrian Somers #include <pwd.h>
311ae349f5Scvs2svn #include <stdio.h>
321ae349f5Scvs2svn #include <string.h>
331ae349f5Scvs2svn #include <unistd.h>
341ae349f5Scvs2svn 
351ae349f5Scvs2svn #include "mbuf.h"
361ae349f5Scvs2svn #include "defs.h"
371ae349f5Scvs2svn #include "timer.h"
381ae349f5Scvs2svn #include "fsm.h"
3929e275ceSBrian Somers #include "iplist.h"
4029e275ceSBrian Somers #include "throughput.h"
41eaa4df37SBrian Somers #include "slcompress.h"
421ae349f5Scvs2svn #include "ipcp.h"
431ae349f5Scvs2svn #include "auth.h"
441ae349f5Scvs2svn #include "systems.h"
456140ba11SBrian Somers #include "lcp.h"
46879ed6faSBrian Somers #include "lqr.h"
476140ba11SBrian Somers #include "hdlc.h"
483b0f8d2eSBrian Somers #include "ccp.h"
496140ba11SBrian Somers #include "link.h"
5042d4d396SBrian Somers #include "descriptor.h"
51b6dec9f0SBrian Somers #include "chat.h"
52455aabc3SBrian Somers #include "lcpproto.h"
535ca5389aSBrian Somers #include "filter.h"
543b0f8d2eSBrian Somers #include "mp.h"
555828db6dSBrian Somers #include "bundle.h"
56455aabc3SBrian Somers 
57455aabc3SBrian Somers const char *
58455aabc3SBrian Somers Auth2Nam(u_short auth)
59455aabc3SBrian Somers {
60455aabc3SBrian Somers   switch (auth) {
61455aabc3SBrian Somers   case PROTO_PAP:
62455aabc3SBrian Somers     return "PAP";
63455aabc3SBrian Somers   case PROTO_CHAP:
64455aabc3SBrian Somers     return "CHAP";
65455aabc3SBrian Somers   case 0:
66455aabc3SBrian Somers     return "none";
67455aabc3SBrian Somers   }
68455aabc3SBrian Somers   return "unknown";
69455aabc3SBrian Somers }
701ae349f5Scvs2svn 
71d5015272SBrian Somers static int
72d5015272SBrian Somers auth_CheckPasswd(const char *name, const char *data, const char *key)
73d5015272SBrian Somers {
74d5015272SBrian Somers   if (!strcmp(data, "*")) {
75d5015272SBrian Somers     /* Then look up the real password database */
76d5015272SBrian Somers     struct passwd *pw;
77d5015272SBrian Somers     int result;
78d5015272SBrian Somers 
79d5015272SBrian Somers     result = (pw = getpwnam(name)) &&
80d5015272SBrian Somers              !strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd);
81d5015272SBrian Somers     endpwent();
82d5015272SBrian Somers     return result;
83d5015272SBrian Somers   }
84d5015272SBrian Somers 
85d5015272SBrian Somers   return !strcmp(data, key);
86d5015272SBrian Somers }
87d5015272SBrian Somers 
881ae349f5Scvs2svn int
89643f4904SBrian Somers AuthSelect(struct bundle *bundle, const char *name, struct physical *physical)
901ae349f5Scvs2svn {
911ae349f5Scvs2svn   FILE *fp;
921ae349f5Scvs2svn   int n;
931ae349f5Scvs2svn   char *vector[5];
941ae349f5Scvs2svn   char buff[LINE_LEN];
951ae349f5Scvs2svn 
96643f4904SBrian Somers   if (*name == '\0') {
97643f4904SBrian Somers     ipcp_Setup(&bundle->ncp.ipcp);
98643f4904SBrian Somers     return 1;
99643f4904SBrian Somers   }
100643f4904SBrian Somers 
101643f4904SBrian Somers   fp = OpenSecret(SECRETFILE);
102d5015272SBrian Somers   if (fp != NULL) {
1031ae349f5Scvs2svn     while (fgets(buff, sizeof buff, fp)) {
1041ae349f5Scvs2svn       if (buff[0] == '#')
1051ae349f5Scvs2svn         continue;
1061ae349f5Scvs2svn       buff[strlen(buff) - 1] = 0;
1071ae349f5Scvs2svn       memset(vector, '\0', sizeof vector);
1081ae349f5Scvs2svn       n = MakeArgs(buff, vector, VECSIZE(vector));
1091ae349f5Scvs2svn       if (n < 2)
1101ae349f5Scvs2svn         continue;
111643f4904SBrian Somers       if (strcmp(vector[0], name) == 0)
1121ae349f5Scvs2svn 	CloseSecret(fp);
113643f4904SBrian Somers /*
114643f4904SBrian Somers 	memset(&bundle->ncp.ipcp.cfg.peer_range, '\0',
115643f4904SBrian Somers                sizeof bundle->ncp.ipcp.cfg.peer_range);
116643f4904SBrian Somers */
1177a6f8720SBrian Somers 	if (n > 2 && !UseHisaddr(bundle, vector[2], 1))
118643f4904SBrian Somers 	  return 0;
1195828db6dSBrian Somers 	ipcp_Setup(&bundle->ncp.ipcp);
1201ae349f5Scvs2svn 	if (n > 3)
12149052c95SBrian Somers 	  bundle_SetLabel(bundle, vector[3]);
122d5015272SBrian Somers 	return 1;		/* Valid */
123643f4904SBrian Somers     }
124d5015272SBrian Somers     CloseSecret(fp);
125643f4904SBrian Somers   }
126643f4904SBrian Somers 
127643f4904SBrian Somers #ifndef NOPASSWDAUTH
128643f4904SBrian Somers   /* Let 'em in anyway - they must have been in the passwd file */
129643f4904SBrian Somers   ipcp_Setup(&bundle->ncp.ipcp);
130643f4904SBrian Somers   return 1;
131643f4904SBrian Somers #else
132643f4904SBrian Somers   /* Disappeared from ppp.secret ? */
133643f4904SBrian Somers   return 0;
134643f4904SBrian Somers #endif
135643f4904SBrian Somers }
136643f4904SBrian Somers 
137643f4904SBrian Somers int
138643f4904SBrian Somers AuthValidate(struct bundle *bundle, const char *system,
139643f4904SBrian Somers              const char *key, struct physical *physical)
140643f4904SBrian Somers {
141643f4904SBrian Somers   /* Used by PAP routines */
142643f4904SBrian Somers 
143643f4904SBrian Somers   FILE *fp;
144643f4904SBrian Somers   int n;
145643f4904SBrian Somers   char *vector[5];
146643f4904SBrian Somers   char buff[LINE_LEN];
147643f4904SBrian Somers 
148643f4904SBrian Somers   fp = OpenSecret(SECRETFILE);
149643f4904SBrian Somers   if (fp != NULL) {
150643f4904SBrian Somers     while (fgets(buff, sizeof buff, fp)) {
151643f4904SBrian Somers       if (buff[0] == '#')
152643f4904SBrian Somers         continue;
153643f4904SBrian Somers       buff[strlen(buff) - 1] = 0;
154643f4904SBrian Somers       memset(vector, '\0', sizeof vector);
155643f4904SBrian Somers       n = MakeArgs(buff, vector, VECSIZE(vector));
156643f4904SBrian Somers       if (n < 2)
157643f4904SBrian Somers         continue;
158643f4904SBrian Somers       if (strcmp(vector[0], system) == 0) {
159643f4904SBrian Somers 	CloseSecret(fp);
160643f4904SBrian Somers         return auth_CheckPasswd(vector[0], vector[1], key);
1611ae349f5Scvs2svn       }
1621ae349f5Scvs2svn     }
1631ae349f5Scvs2svn     CloseSecret(fp);
164d5015272SBrian Somers   }
165d5015272SBrian Somers 
166d5015272SBrian Somers #ifndef NOPASSWDAUTH
1671342caedSBrian Somers   if (Enabled(bundle, OPT_PASSWDAUTH))
168d5015272SBrian Somers     return auth_CheckPasswd(system, "*", key);
169d5015272SBrian Somers #endif
170d5015272SBrian Somers 
171d5015272SBrian Somers   return 0;			/* Invalid */
1721ae349f5Scvs2svn }
1731ae349f5Scvs2svn 
1741ae349f5Scvs2svn char *
175643f4904SBrian Somers AuthGetSecret(struct bundle *bundle, const char *system, int len,
176643f4904SBrian Somers               struct physical *physical)
1771ae349f5Scvs2svn {
178d5015272SBrian Somers   /* Used by CHAP routines */
179d5015272SBrian Somers 
1801ae349f5Scvs2svn   FILE *fp;
1811ae349f5Scvs2svn   int n;
1821ae349f5Scvs2svn   char *vector[5];
183d5015272SBrian Somers   static char buff[LINE_LEN];
1841ae349f5Scvs2svn 
185643f4904SBrian Somers   fp = OpenSecret(SECRETFILE);
1861ae349f5Scvs2svn   if (fp == NULL)
1871ae349f5Scvs2svn     return (NULL);
188d5015272SBrian Somers 
1891ae349f5Scvs2svn   while (fgets(buff, sizeof buff, fp)) {
1901ae349f5Scvs2svn     if (buff[0] == '#')
1911ae349f5Scvs2svn       continue;
1921ae349f5Scvs2svn     buff[strlen(buff) - 1] = 0;
1931ae349f5Scvs2svn     memset(vector, '\0', sizeof vector);
1941ae349f5Scvs2svn     n = MakeArgs(buff, vector, VECSIZE(vector));
1951ae349f5Scvs2svn     if (n < 2)
1961ae349f5Scvs2svn       continue;
1971ae349f5Scvs2svn     if (strlen(vector[0]) == len && strncmp(vector[0], system, len) == 0) {
198643f4904SBrian Somers       CloseSecret(fp);
199d5015272SBrian Somers       return vector[1];
2001ae349f5Scvs2svn     }
2011ae349f5Scvs2svn   }
2021ae349f5Scvs2svn   CloseSecret(fp);
2031ae349f5Scvs2svn   return (NULL);		/* Invalid */
2041ae349f5Scvs2svn }
2051ae349f5Scvs2svn 
2061ae349f5Scvs2svn static void
2071ae349f5Scvs2svn AuthTimeout(void *vauthp)
2081ae349f5Scvs2svn {
2091ae349f5Scvs2svn   struct authinfo *authp = (struct authinfo *)vauthp;
2101ae349f5Scvs2svn 
211e2ebb036SBrian Somers   StopTimer(&authp->authtimer);
2121ae349f5Scvs2svn   if (--authp->retry > 0) {
213e2ebb036SBrian Somers     StartTimer(&authp->authtimer);
214e2ebb036SBrian Somers     (*authp->ChallengeFunc)(authp, ++authp->id, authp->physical);
2151ae349f5Scvs2svn   }
2161ae349f5Scvs2svn }
2171ae349f5Scvs2svn 
2181ae349f5Scvs2svn void
219e2ebb036SBrian Somers authinfo_Init(struct authinfo *authinfo)
2201ae349f5Scvs2svn {
221e2ebb036SBrian Somers   memset(authinfo, '\0', sizeof(struct authinfo));
222cd9647a1SBrian Somers   authinfo->cfg.fsmretry = DEF_FSMRETRY;
223e2ebb036SBrian Somers }
2241ae349f5Scvs2svn 
225e2ebb036SBrian Somers void
226e2ebb036SBrian Somers StartAuthChallenge(struct authinfo *authp, struct physical *physical,
227e2ebb036SBrian Somers                    void (*fn)(struct authinfo *, int, struct physical *))
228e2ebb036SBrian Somers {
229e2ebb036SBrian Somers   authp->ChallengeFunc = fn;
23063b73463SBrian Somers   authp->physical = physical;
231e2ebb036SBrian Somers   StopTimer(&authp->authtimer);
232e2ebb036SBrian Somers   authp->authtimer.func = AuthTimeout;
2333b0f8d2eSBrian Somers   authp->authtimer.name = "auth";
234cd9647a1SBrian Somers   authp->authtimer.load = authp->cfg.fsmretry * SECTICKS;
235e2ebb036SBrian Somers   authp->authtimer.arg = (void *) authp;
2361ae349f5Scvs2svn   authp->retry = 3;
2371ae349f5Scvs2svn   authp->id = 1;
238e2ebb036SBrian Somers   (*authp->ChallengeFunc)(authp, authp->id, physical);
239e2ebb036SBrian Somers   StartTimer(&authp->authtimer);
2401ae349f5Scvs2svn }
2411ae349f5Scvs2svn 
2421ae349f5Scvs2svn void
2431ae349f5Scvs2svn StopAuthTimer(struct authinfo *authp)
2441ae349f5Scvs2svn {
2451ae349f5Scvs2svn   StopTimer(&authp->authtimer);
24663b73463SBrian Somers   authp->physical = NULL;
2471ae349f5Scvs2svn }
248