xref: /freebsd/usr.sbin/ppp/auth.c (revision b6e82f33ef84ba5eedb0db2e24525e9d0f661b91) 
1af57ed9fSAtsushi Murai /*
2af57ed9fSAtsushi Murai  *			PPP Secret Key Module
3af57ed9fSAtsushi Murai  *
4af57ed9fSAtsushi Murai  *	    Written by Toshiharu OHNO (tony-o@iij.ad.jp)
5af57ed9fSAtsushi Murai  *
6af57ed9fSAtsushi Murai  *   Copyright (C) 1994, Internet Initiative Japan, Inc. All rights reserverd.
7af57ed9fSAtsushi Murai  *
8af57ed9fSAtsushi Murai  * Redistribution and use in source and binary forms are permitted
9af57ed9fSAtsushi Murai  * provided that the above copyright notice and this paragraph are
10af57ed9fSAtsushi Murai  * duplicated in all such forms and that any documentation,
11af57ed9fSAtsushi Murai  * advertising materials, and other materials related to such
12af57ed9fSAtsushi Murai  * distribution and use acknowledge that the software was developed
13af57ed9fSAtsushi Murai  * by the Internet Initiative Japan, Inc.  The name of the
14af57ed9fSAtsushi Murai  * IIJ may not be used to endorse or promote products derived
15af57ed9fSAtsushi Murai  * from this software without specific prior written permission.
16af57ed9fSAtsushi Murai  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
17af57ed9fSAtsushi Murai  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
18af57ed9fSAtsushi Murai  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
19af57ed9fSAtsushi Murai  *
20b6e82f33SBrian Somers  * $Id: auth.c,v 1.23 1997/11/17 00:42:37 brian Exp $
21af57ed9fSAtsushi Murai  *
22af57ed9fSAtsushi Murai  *	TODO:
23c3899f8dSAtsushi Murai  *		o Implement check against with registered IP addresses.
24af57ed9fSAtsushi Murai  */
2575240ed1SBrian Somers #include <sys/param.h>
2675240ed1SBrian Somers #include <netinet/in.h>
2775240ed1SBrian Somers 
2875240ed1SBrian Somers #include <stdio.h>
2975240ed1SBrian Somers #include <string.h>
3075240ed1SBrian Somers #include <unistd.h>
3175240ed1SBrian Somers 
32b6e82f33SBrian Somers #include "command.h"
3375240ed1SBrian Somers #include "mbuf.h"
3475240ed1SBrian Somers #include "log.h"
3575240ed1SBrian Somers #include "defs.h"
3675240ed1SBrian Somers #include "timer.h"
37af57ed9fSAtsushi Murai #include "fsm.h"
3853c9f6c0SAtsushi Murai #include "lcpproto.h"
39af57ed9fSAtsushi Murai #include "ipcp.h"
406ed9fb2fSBrian Somers #include "loadalias.h"
4153c9f6c0SAtsushi Murai #include "vars.h"
42ed6a16c1SPoul-Henning Kamp #include "filter.h"
4353c9f6c0SAtsushi Murai #include "auth.h"
44ed6a16c1SPoul-Henning Kamp #include "chat.h"
4575240ed1SBrian Somers #include "systems.h"
46af57ed9fSAtsushi Murai 
47683cef3cSBrian Somers void
48944f7098SBrian Somers LocalAuthInit()
49ed6a16c1SPoul-Henning Kamp {
5012ef29a8SBrian Somers   if (!(mode&MODE_DAEMON))
5112ef29a8SBrian Somers     /* We're allowed in interactive mode */
52d40f8a5aSBrian Somers     VarLocalAuth = LOCAL_AUTH;
538ea8442cSBrian Somers   else if (VarHaveLocalAuthKey)
548ea8442cSBrian Somers     VarLocalAuth = *VarLocalAuthKey == '\0' ? LOCAL_AUTH : LOCAL_NO_AUTH;
55d40f8a5aSBrian Somers   else
56d025849cSBrian Somers     switch (LocalAuthValidate(SECRETFILE, VarShortHost, "")) {
57d025849cSBrian Somers     case NOT_FOUND:
58d025849cSBrian Somers       VarLocalAuth = LOCAL_DENY;
59d025849cSBrian Somers       break;
60d025849cSBrian Somers     case VALID:
61d025849cSBrian Somers       VarLocalAuth = LOCAL_AUTH;
62d025849cSBrian Somers       break;
63d025849cSBrian Somers     case INVALID:
64d025849cSBrian Somers       VarLocalAuth = LOCAL_NO_AUTH;
65d025849cSBrian Somers       break;
66d025849cSBrian Somers     }
6753c9f6c0SAtsushi Murai }
6853c9f6c0SAtsushi Murai 
6953c9f6c0SAtsushi Murai LOCAL_AUTH_VALID
70b6e82f33SBrian Somers LocalAuthValidate(const char *fname, const char *system, const char *key)
71944f7098SBrian Somers {
7253c9f6c0SAtsushi Murai   FILE *fp;
7353c9f6c0SAtsushi Murai   int n;
74683cef3cSBrian Somers   char *vector[3];
7586e02934SBrian Somers   char buff[LINE_LEN];
7653c9f6c0SAtsushi Murai   LOCAL_AUTH_VALID rc;
7753c9f6c0SAtsushi Murai 
7853c9f6c0SAtsushi Murai   rc = NOT_FOUND;		/* No system entry */
7953c9f6c0SAtsushi Murai   fp = OpenSecret(fname);
8053c9f6c0SAtsushi Murai   if (fp == NULL)
8153c9f6c0SAtsushi Murai     return (rc);
8253c9f6c0SAtsushi Murai   while (fgets(buff, sizeof(buff), fp)) {
8353c9f6c0SAtsushi Murai     if (buff[0] == '#')
8453c9f6c0SAtsushi Murai       continue;
8553c9f6c0SAtsushi Murai     buff[strlen(buff) - 1] = 0;
8675240ed1SBrian Somers     memset(vector, '\0', sizeof(vector));
87e68d210eSBrian Somers     n = MakeArgs(buff, vector, VECSIZE(vector));
8853c9f6c0SAtsushi Murai     if (n < 1)
8953c9f6c0SAtsushi Murai       continue;
9053c9f6c0SAtsushi Murai     if (strcmp(vector[0], system) == 0) {
91683cef3cSBrian Somers       if ((vector[1] == (char *) NULL && (key == NULL || *key == '\0')) ||
92683cef3cSBrian Somers           (vector[1] != (char *) NULL && strcmp(vector[1], key) == 0)) {
9353c9f6c0SAtsushi Murai 	rc = VALID;		/* Valid   */
9453c9f6c0SAtsushi Murai       } else {
9553c9f6c0SAtsushi Murai 	rc = INVALID;		/* Invalid */
9653c9f6c0SAtsushi Murai       }
9753c9f6c0SAtsushi Murai       break;
9853c9f6c0SAtsushi Murai     }
9953c9f6c0SAtsushi Murai   }
10053c9f6c0SAtsushi Murai   CloseSecret(fp);
10153c9f6c0SAtsushi Murai   return (rc);
10253c9f6c0SAtsushi Murai }
10353c9f6c0SAtsushi Murai 
104af57ed9fSAtsushi Murai int
105b6e82f33SBrian Somers AuthValidate(const char *fname, const char *system, const char *key)
106af57ed9fSAtsushi Murai {
107af57ed9fSAtsushi Murai   FILE *fp;
108af57ed9fSAtsushi Murai   int n;
109683cef3cSBrian Somers   char *vector[4];
11086e02934SBrian Somers   char buff[LINE_LEN];
111af57ed9fSAtsushi Murai   char passwd[100];
112af57ed9fSAtsushi Murai 
113af57ed9fSAtsushi Murai   fp = OpenSecret(fname);
114af57ed9fSAtsushi Murai   if (fp == NULL)
115af57ed9fSAtsushi Murai     return (0);
116af57ed9fSAtsushi Murai   while (fgets(buff, sizeof(buff), fp)) {
117af57ed9fSAtsushi Murai     if (buff[0] == '#')
118af57ed9fSAtsushi Murai       continue;
119af57ed9fSAtsushi Murai     buff[strlen(buff) - 1] = 0;
12075240ed1SBrian Somers     memset(vector, '\0', sizeof(vector));
121e68d210eSBrian Somers     n = MakeArgs(buff, vector, VECSIZE(vector));
122af57ed9fSAtsushi Murai     if (n < 2)
123af57ed9fSAtsushi Murai       continue;
124af57ed9fSAtsushi Murai     if (strcmp(vector[0], system) == 0) {
12599c02d39SWarner Losh       ExpandString(vector[1], passwd, sizeof(passwd), 0);
126af57ed9fSAtsushi Murai       if (strcmp(passwd, key) == 0) {
127af57ed9fSAtsushi Murai 	CloseSecret(fp);
12875240ed1SBrian Somers 	memset(&DefHisAddress, '\0', sizeof(DefHisAddress));
129af57ed9fSAtsushi Murai 	n -= 2;
130af57ed9fSAtsushi Murai 	if (n > 0) {
131b6e82f33SBrian Somers 	  if (ParseAddr(n--, (char const *const *)(vector+2),
132274e766cSBrian Somers 			&DefHisAddress.ipaddr,
133274e766cSBrian Somers 			&DefHisAddress.mask,
134274e766cSBrian Somers 			&DefHisAddress.width) == 0) {
135274e766cSBrian Somers 	    return (0);		/* Invalid */
136274e766cSBrian Somers 	  }
137af57ed9fSAtsushi Murai 	}
138af57ed9fSAtsushi Murai 	IpcpInit();
139af57ed9fSAtsushi Murai 	return (1);		/* Valid */
140af57ed9fSAtsushi Murai       }
141af57ed9fSAtsushi Murai     }
142af57ed9fSAtsushi Murai   }
143af57ed9fSAtsushi Murai   CloseSecret(fp);
144af57ed9fSAtsushi Murai   return (0);			/* Invalid */
145af57ed9fSAtsushi Murai }
146af57ed9fSAtsushi Murai 
147af57ed9fSAtsushi Murai char *
148b6e82f33SBrian Somers AuthGetSecret(const char *fname, const char *system, int len, int setaddr)
149af57ed9fSAtsushi Murai {
150af57ed9fSAtsushi Murai   FILE *fp;
151af57ed9fSAtsushi Murai   int n;
152683cef3cSBrian Somers   char *vector[4];
15386e02934SBrian Somers   char buff[LINE_LEN];
154af57ed9fSAtsushi Murai   static char passwd[100];
155af57ed9fSAtsushi Murai 
156af57ed9fSAtsushi Murai   fp = OpenSecret(fname);
157af57ed9fSAtsushi Murai   if (fp == NULL)
158af57ed9fSAtsushi Murai     return (NULL);
159af57ed9fSAtsushi Murai   while (fgets(buff, sizeof(buff), fp)) {
160af57ed9fSAtsushi Murai     if (buff[0] == '#')
161af57ed9fSAtsushi Murai       continue;
162af57ed9fSAtsushi Murai     buff[strlen(buff) - 1] = 0;
16375240ed1SBrian Somers     memset(vector, '\0', sizeof(vector));
164e68d210eSBrian Somers     n = MakeArgs(buff, vector, VECSIZE(vector));
165af57ed9fSAtsushi Murai     if (n < 2)
166af57ed9fSAtsushi Murai       continue;
167af57ed9fSAtsushi Murai     if (strlen(vector[0]) == len && strncmp(vector[0], system, len) == 0) {
16899c02d39SWarner Losh       ExpandString(vector[1], passwd, sizeof(passwd), 0);
169af57ed9fSAtsushi Murai       if (setaddr) {
17075240ed1SBrian Somers 	memset(&DefHisAddress, '\0', sizeof(DefHisAddress));
171af57ed9fSAtsushi Murai       }
172af57ed9fSAtsushi Murai       n -= 2;
173af57ed9fSAtsushi Murai       if (n > 0 && setaddr) {
174927145beSBrian Somers 	LogPrintf(LogDEBUG, "AuthGetSecret: n = %d, %s\n", n, vector[2]);
175b6e82f33SBrian Somers 	if (ParseAddr(n--, (char const *const *)(vector+2),
176274e766cSBrian Somers 		      &DefHisAddress.ipaddr,
177274e766cSBrian Somers 		      &DefHisAddress.mask,
178274e766cSBrian Somers 		      &DefHisAddress.width) != 0)
179af57ed9fSAtsushi Murai 	  IpcpInit();
180af57ed9fSAtsushi Murai       }
181af57ed9fSAtsushi Murai       return (passwd);
182af57ed9fSAtsushi Murai     }
183af57ed9fSAtsushi Murai   }
184af57ed9fSAtsushi Murai   CloseSecret(fp);
185af57ed9fSAtsushi Murai   return (NULL);		/* Invalid */
186af57ed9fSAtsushi Murai }
18753c9f6c0SAtsushi Murai 
18853c9f6c0SAtsushi Murai static void
189b6e82f33SBrian Somers AuthTimeout(void *vauthp)
19053c9f6c0SAtsushi Murai {
19153c9f6c0SAtsushi Murai   struct pppTimer *tp;
192b6e82f33SBrian Somers   struct authinfo *authp = (struct authinfo *)vauthp;
19353c9f6c0SAtsushi Murai 
19453c9f6c0SAtsushi Murai   tp = &authp->authtimer;
19553c9f6c0SAtsushi Murai   StopTimer(tp);
19653c9f6c0SAtsushi Murai   if (--authp->retry > 0) {
19753c9f6c0SAtsushi Murai     StartTimer(tp);
19853c9f6c0SAtsushi Murai     (authp->ChallengeFunc) (++authp->id);
19953c9f6c0SAtsushi Murai   }
20053c9f6c0SAtsushi Murai }
20153c9f6c0SAtsushi Murai 
20253c9f6c0SAtsushi Murai void
203944f7098SBrian Somers StartAuthChallenge(struct authinfo *authp)
20453c9f6c0SAtsushi Murai {
20553c9f6c0SAtsushi Murai   struct pppTimer *tp;
20653c9f6c0SAtsushi Murai 
20753c9f6c0SAtsushi Murai   tp = &authp->authtimer;
20853c9f6c0SAtsushi Murai   StopTimer(tp);
20953c9f6c0SAtsushi Murai   tp->func = AuthTimeout;
21053c9f6c0SAtsushi Murai   tp->load = VarRetryTimeout * SECTICKS;
21153c9f6c0SAtsushi Murai   tp->state = TIMER_STOPPED;
21253c9f6c0SAtsushi Murai   tp->arg = (void *) authp;
21353c9f6c0SAtsushi Murai   StartTimer(tp);
21453c9f6c0SAtsushi Murai   authp->retry = 3;
21553c9f6c0SAtsushi Murai   authp->id = 1;
21653c9f6c0SAtsushi Murai   (authp->ChallengeFunc) (authp->id);
21753c9f6c0SAtsushi Murai }
21853c9f6c0SAtsushi Murai 
21953c9f6c0SAtsushi Murai void
220944f7098SBrian Somers StopAuthTimer(struct authinfo *authp)
22153c9f6c0SAtsushi Murai {
22253c9f6c0SAtsushi Murai   StopTimer(&authp->authtimer);
22353c9f6c0SAtsushi Murai }
224