xref: /freebsd/usr.sbin/ppp/auth.c (revision 02f2e93b60c2b91feac8f45c4c889a5a8e40d8a2) 
1 /*
2  *			PPP Secret Key Module
3  *
4  *	    Written by Toshiharu OHNO (tony-o@iij.ad.jp)
5  *
6  *   Copyright (C) 1994, Internet Initiative Japan, Inc. All rights reserverd.
7  *
8  * Redistribution and use in source and binary forms are permitted
9  * provided that the above copyright notice and this paragraph are
10  * duplicated in all such forms and that any documentation,
11  * advertising materials, and other materials related to such
12  * distribution and use acknowledge that the software was developed
13  * by the Internet Initiative Japan, Inc.  The name of the
14  * IIJ may not be used to endorse or promote products derived
15  * from this software without specific prior written permission.
16  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
18  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
19  *
20  * $Id: auth.c,v 1.17 1997/09/09 21:51:38 brian Exp $
21  *
22  *	TODO:
23  *		o Implement check against with registered IP addresses.
24  */
25 #include <sys/param.h>
26 #include <netinet/in.h>
27 
28 #include <stdio.h>
29 #include <string.h>
30 #include <unistd.h>
31 
32 #include "mbuf.h"
33 #include "log.h"
34 #include "defs.h"
35 #include "timer.h"
36 #include "fsm.h"
37 #include "lcpproto.h"
38 #include "ipcp.h"
39 #include "loadalias.h"
40 #include "command.h"
41 #include "vars.h"
42 #include "filter.h"
43 #include "auth.h"
44 #include "chat.h"
45 #include "systems.h"
46 
47 void
48 LocalAuthInit()
49 {
50   char *p;
51 
52   if (gethostname(VarShortHost, sizeof(VarShortHost))) {
53     VarLocalAuth = LOCAL_DENY;
54     return;
55   }
56 
57   p = strchr(VarShortHost, '.');
58   if (p)
59     *p = '\0';
60 
61   if (!(mode&(MODE_AUTO|MODE_DEDICATED|MODE_DIRECT)))
62     /* We're allowed in interactive and direct */
63     VarLocalAuth = LOCAL_AUTH;
64   else
65     VarLocalAuth = LocalAuthValidate(SECRETFILE, VarShortHost, "")
66       == NOT_FOUND ?  LOCAL_DENY : LOCAL_NO_AUTH;
67 }
68 
69 LOCAL_AUTH_VALID
70 LocalAuthValidate(char *fname, char *system, char *key)
71 {
72   FILE *fp;
73   int n;
74   char *vector[3];
75   char buff[200];
76   LOCAL_AUTH_VALID rc;
77 
78   rc = NOT_FOUND;		/* No system entry */
79   fp = OpenSecret(fname);
80   if (fp == NULL)
81     return (rc);
82   while (fgets(buff, sizeof(buff), fp)) {
83     if (buff[0] == '#')
84       continue;
85     buff[strlen(buff) - 1] = 0;
86     memset(vector, '\0', sizeof(vector));
87     n = MakeArgs(buff, vector, VECSIZE(vector));
88     if (n < 1)
89       continue;
90     if (strcmp(vector[0], system) == 0) {
91       if ((vector[1] == (char *) NULL && (key == NULL || *key == '\0')) ||
92           (vector[1] != (char *) NULL && strcmp(vector[1], key) == 0)) {
93 	rc = VALID;		/* Valid   */
94       } else {
95 	rc = INVALID;		/* Invalid */
96       }
97       break;
98     }
99   }
100   CloseSecret(fp);
101   return (rc);
102 }
103 
104 int
105 AuthValidate(char *fname, char *system, char *key)
106 {
107   FILE *fp;
108   int n;
109   char *vector[4];
110   char buff[200];
111   char passwd[100];
112 
113   fp = OpenSecret(fname);
114   if (fp == NULL)
115     return (0);
116   while (fgets(buff, sizeof(buff), fp)) {
117     if (buff[0] == '#')
118       continue;
119     buff[strlen(buff) - 1] = 0;
120     memset(vector, '\0', sizeof(vector));
121     n = MakeArgs(buff, vector, VECSIZE(vector));
122     if (n < 2)
123       continue;
124     if (strcmp(vector[0], system) == 0) {
125       ExpandString(vector[1], passwd, sizeof(passwd), 0);
126       if (strcmp(passwd, key) == 0) {
127 	CloseSecret(fp);
128 	memset(&DefHisAddress, '\0', sizeof(DefHisAddress));
129 	n -= 2;
130 	if (n > 0) {
131 	  if (ParseAddr(n--, &vector[2],
132 			&DefHisAddress.ipaddr,
133 			&DefHisAddress.mask,
134 			&DefHisAddress.width) == 0) {
135 	    return (0);		/* Invalid */
136 	  }
137 	}
138 	IpcpInit();
139 	return (1);		/* Valid */
140       }
141     }
142   }
143   CloseSecret(fp);
144   return (0);			/* Invalid */
145 }
146 
147 char *
148 AuthGetSecret(char *fname, char *system, int len, int setaddr)
149 {
150   FILE *fp;
151   int n;
152   char *vector[4];
153   char buff[200];
154   static char passwd[100];
155 
156   fp = OpenSecret(fname);
157   if (fp == NULL)
158     return (NULL);
159   while (fgets(buff, sizeof(buff), fp)) {
160     if (buff[0] == '#')
161       continue;
162     buff[strlen(buff) - 1] = 0;
163     memset(vector, '\0', sizeof(vector));
164     n = MakeArgs(buff, vector, VECSIZE(vector));
165     if (n < 2)
166       continue;
167     if (strlen(vector[0]) == len && strncmp(vector[0], system, len) == 0) {
168       ExpandString(vector[1], passwd, sizeof(passwd), 0);
169       if (setaddr) {
170 	memset(&DefHisAddress, '\0', sizeof(DefHisAddress));
171       }
172       n -= 2;
173       if (n > 0 && setaddr) {
174 	LogPrintf(LogDEBUG, "AuthGetSecret: n = %d, %s\n", n, vector[2]);
175 	if (ParseAddr(n--, &vector[2],
176 		      &DefHisAddress.ipaddr,
177 		      &DefHisAddress.mask,
178 		      &DefHisAddress.width) != 0)
179 	  IpcpInit();
180       }
181       return (passwd);
182     }
183   }
184   CloseSecret(fp);
185   return (NULL);		/* Invalid */
186 }
187 
188 static void
189 AuthTimeout(struct authinfo *authp)
190 {
191   struct pppTimer *tp;
192 
193   tp = &authp->authtimer;
194   StopTimer(tp);
195   if (--authp->retry > 0) {
196     StartTimer(tp);
197     (authp->ChallengeFunc) (++authp->id);
198   }
199 }
200 
201 void
202 StartAuthChallenge(struct authinfo *authp)
203 {
204   struct pppTimer *tp;
205 
206   tp = &authp->authtimer;
207   StopTimer(tp);
208   tp->func = AuthTimeout;
209   tp->load = VarRetryTimeout * SECTICKS;
210   tp->state = TIMER_STOPPED;
211   tp->arg = (void *) authp;
212   StartTimer(tp);
213   authp->retry = 3;
214   authp->id = 1;
215   (authp->ChallengeFunc) (authp->id);
216 }
217 
218 void
219 StopAuthTimer(struct authinfo *authp)
220 {
221   StopTimer(&authp->authtimer);
222 }
223