165309e5cSBrian Somers /*-
2*4d846d26SWarner Losh * SPDX-License-Identifier: BSD-2-Clause
31de7b4b8SPedro F. Giffuni *
465309e5cSBrian Somers * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
565309e5cSBrian Somers * based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
665309e5cSBrian Somers * Internet Initiative Japan, Inc (IIJ)
765309e5cSBrian Somers * All rights reserved.
8af57ed9fSAtsushi Murai *
965309e5cSBrian Somers * Redistribution and use in source and binary forms, with or without
1065309e5cSBrian Somers * modification, are permitted provided that the following conditions
1165309e5cSBrian Somers * are met:
1265309e5cSBrian Somers * 1. Redistributions of source code must retain the above copyright
1365309e5cSBrian Somers * notice, this list of conditions and the following disclaimer.
1465309e5cSBrian Somers * 2. Redistributions in binary form must reproduce the above copyright
1565309e5cSBrian Somers * notice, this list of conditions and the following disclaimer in the
1665309e5cSBrian Somers * documentation and/or other materials provided with the distribution.
17af57ed9fSAtsushi Murai *
1865309e5cSBrian Somers * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
1965309e5cSBrian Somers * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2065309e5cSBrian Somers * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2165309e5cSBrian Somers * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
2265309e5cSBrian Somers * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2365309e5cSBrian Somers * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2465309e5cSBrian Somers * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2565309e5cSBrian Somers * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2665309e5cSBrian Somers * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2765309e5cSBrian Somers * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2865309e5cSBrian Somers * SUCH DAMAGE.
29af57ed9fSAtsushi Murai */
3065309e5cSBrian Somers
31972a1bcfSBrian Somers #include <sys/param.h>
3275240ed1SBrian Somers #include <netinet/in.h>
33eaa4df37SBrian Somers #include <netinet/in_systm.h>
34eaa4df37SBrian Somers #include <netinet/ip.h>
3530949fd4SBrian Somers #include <sys/socket.h>
361fa665f5SBrian Somers #include <sys/un.h>
3775240ed1SBrian Somers
38f0cdd9c0SBrian Somers #include <stdlib.h>
39eb6e5e05SBrian Somers #include <string.h> /* strlen/memcpy */
406140ba11SBrian Somers #include <termios.h>
4175240ed1SBrian Somers
425d9e6103SBrian Somers #include "layer.h"
4375240ed1SBrian Somers #include "mbuf.h"
4475240ed1SBrian Somers #include "log.h"
4575240ed1SBrian Somers #include "defs.h"
4675240ed1SBrian Somers #include "timer.h"
47af57ed9fSAtsushi Murai #include "fsm.h"
48e2ebb036SBrian Somers #include "auth.h"
49af57ed9fSAtsushi Murai #include "pap.h"
50879ed6faSBrian Somers #include "lqr.h"
51af57ed9fSAtsushi Murai #include "hdlc.h"
521038894eSBrian Somers #include "lcp.h"
535d9e6103SBrian Somers #include "proto.h"
546140ba11SBrian Somers #include "async.h"
556140ba11SBrian Somers #include "throughput.h"
563b0f8d2eSBrian Somers #include "ccp.h"
576140ba11SBrian Somers #include "link.h"
5842d4d396SBrian Somers #include "descriptor.h"
5963b73463SBrian Somers #include "physical.h"
605828db6dSBrian Somers #include "iplist.h"
61eaa4df37SBrian Somers #include "slcompress.h"
6230949fd4SBrian Somers #include "ncpaddr.h"
635828db6dSBrian Somers #include "ipcp.h"
645ca5389aSBrian Somers #include "filter.h"
653b0f8d2eSBrian Somers #include "mp.h"
66972a1bcfSBrian Somers #ifndef NORADIUS
67972a1bcfSBrian Somers #include "radius.h"
68972a1bcfSBrian Somers #endif
6930949fd4SBrian Somers #include "ipv6cp.h"
7030949fd4SBrian Somers #include "ncp.h"
71455aabc3SBrian Somers #include "bundle.h"
72e2ebb036SBrian Somers #include "chat.h"
73e2ebb036SBrian Somers #include "chap.h"
7492b09558SBrian Somers #include "cbcp.h"
75e2ebb036SBrian Somers #include "datalink.h"
76af57ed9fSAtsushi Murai
77182c898aSBrian Somers static const char * const papcodes[] = {
78182c898aSBrian Somers "???", "REQUEST", "SUCCESS", "FAILURE"
79182c898aSBrian Somers };
80f0cdd9c0SBrian Somers #define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1)
81af57ed9fSAtsushi Murai
82f0cdd9c0SBrian Somers static void
pap_Req(struct authinfo * authp)83f0cdd9c0SBrian Somers pap_Req(struct authinfo *authp)
84af57ed9fSAtsushi Murai {
85f0cdd9c0SBrian Somers struct bundle *bundle = authp->physical->dl->bundle;
86af57ed9fSAtsushi Murai struct fsmheader lh;
87af57ed9fSAtsushi Murai struct mbuf *bp;
88af57ed9fSAtsushi Murai u_char *cp;
89af57ed9fSAtsushi Murai int namelen, keylen, plen;
90af57ed9fSAtsushi Murai
91f0cdd9c0SBrian Somers namelen = strlen(bundle->cfg.auth.name);
92f0cdd9c0SBrian Somers keylen = strlen(bundle->cfg.auth.key);
93af57ed9fSAtsushi Murai plen = namelen + keylen + 2;
94f0cdd9c0SBrian Somers log_Printf(LogDEBUG, "pap_Req: namelen = %d, keylen = %d\n", namelen, keylen);
95f0cdd9c0SBrian Somers log_Printf(LogPHASE, "Pap Output: %s ********\n", bundle->cfg.auth.name);
96f0cdd9c0SBrian Somers if (*bundle->cfg.auth.name == '\0')
9793280d73SBrian Somers log_Printf(LogWARN, "Sending empty PAP authname!\n");
98af57ed9fSAtsushi Murai lh.code = PAP_REQUEST;
99f0cdd9c0SBrian Somers lh.id = authp->id;
100af57ed9fSAtsushi Murai lh.length = htons(plen + sizeof(struct fsmheader));
10126af0ae9SBrian Somers bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
10275240ed1SBrian Somers memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
103af57ed9fSAtsushi Murai cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
104af57ed9fSAtsushi Murai *cp++ = namelen;
105f0cdd9c0SBrian Somers memcpy(cp, bundle->cfg.auth.name, namelen);
106af57ed9fSAtsushi Murai cp += namelen;
107af57ed9fSAtsushi Murai *cp++ = keylen;
108f0cdd9c0SBrian Somers memcpy(cp, bundle->cfg.auth.key, keylen);
109442f8495SBrian Somers link_PushPacket(&authp->physical->link, bp, bundle,
110442f8495SBrian Somers LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
111af57ed9fSAtsushi Murai }
112af57ed9fSAtsushi Murai
113af57ed9fSAtsushi Murai static void
SendPapCode(struct authinfo * authp,int code,const char * message)114f0cdd9c0SBrian Somers SendPapCode(struct authinfo *authp, int code, const char *message)
115af57ed9fSAtsushi Murai {
116af57ed9fSAtsushi Murai struct fsmheader lh;
117af57ed9fSAtsushi Murai struct mbuf *bp;
118af57ed9fSAtsushi Murai u_char *cp;
119af57ed9fSAtsushi Murai int plen, mlen;
120af57ed9fSAtsushi Murai
121af57ed9fSAtsushi Murai lh.code = code;
122f0cdd9c0SBrian Somers lh.id = authp->id;
123af57ed9fSAtsushi Murai mlen = strlen(message);
124af57ed9fSAtsushi Murai plen = mlen + 1;
125af57ed9fSAtsushi Murai lh.length = htons(plen + sizeof(struct fsmheader));
12626af0ae9SBrian Somers bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
12775240ed1SBrian Somers memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
128af57ed9fSAtsushi Murai cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
129b5c3c9aeSBrian Somers /*
130b5c3c9aeSBrian Somers * If our message is longer than 255 bytes, truncate the length to
131b5c3c9aeSBrian Somers * 255 and send the entire message anyway. Maybe the other end will
132b5c3c9aeSBrian Somers * display it... (see pap_Input() !)
133b5c3c9aeSBrian Somers */
134b5c3c9aeSBrian Somers *cp++ = mlen > 255 ? 255 : mlen;
13575240ed1SBrian Somers memcpy(cp, message, mlen);
136dd7e2610SBrian Somers log_Printf(LogPHASE, "Pap Output: %s\n", papcodes[code]);
137f0cdd9c0SBrian Somers
1385d9e6103SBrian Somers link_PushPacket(&authp->physical->link, bp, authp->physical->dl->bundle,
139442f8495SBrian Somers LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
140af57ed9fSAtsushi Murai }
141af57ed9fSAtsushi Murai
142f0cdd9c0SBrian Somers static void
pap_Success(struct authinfo * authp)143f0cdd9c0SBrian Somers pap_Success(struct authinfo *authp)
144af57ed9fSAtsushi Murai {
145ff8e577bSBrian Somers struct bundle *bundle = authp->physical->dl->bundle;
146ff8e577bSBrian Somers
147f0cdd9c0SBrian Somers datalink_GotAuthname(authp->physical->dl, authp->in.name);
148ff8e577bSBrian Somers #ifndef NORADIUS
149ff8e577bSBrian Somers if (*bundle->radius.cfg.file && bundle->radius.repstr)
150ff8e577bSBrian Somers SendPapCode(authp, PAP_ACK, bundle->radius.repstr);
151ff8e577bSBrian Somers else
152ff8e577bSBrian Somers #endif
153f0cdd9c0SBrian Somers SendPapCode(authp, PAP_ACK, "Greetings!!");
154f0cdd9c0SBrian Somers authp->physical->link.lcp.auth_ineed = 0;
155ff8e577bSBrian Somers if (Enabled(bundle, OPT_UTMP))
156f0cdd9c0SBrian Somers physical_Login(authp->physical, authp->in.name);
157af57ed9fSAtsushi Murai
158f0cdd9c0SBrian Somers if (authp->physical->link.lcp.auth_iwait == 0)
159455aabc3SBrian Somers /*
160455aabc3SBrian Somers * Either I didn't need to authenticate, or I've already been
161455aabc3SBrian Somers * told that I got the answer right.
162455aabc3SBrian Somers */
163f0cdd9c0SBrian Somers datalink_AuthOk(authp->physical->dl);
164af57ed9fSAtsushi Murai }
165f0cdd9c0SBrian Somers
166f0cdd9c0SBrian Somers static void
pap_Failure(struct authinfo * authp)167f0cdd9c0SBrian Somers pap_Failure(struct authinfo *authp)
168f0cdd9c0SBrian Somers {
169f0cdd9c0SBrian Somers SendPapCode(authp, PAP_NAK, "Login incorrect");
170f0cdd9c0SBrian Somers datalink_AuthNotOk(authp->physical->dl);
171f0cdd9c0SBrian Somers }
172f0cdd9c0SBrian Somers
173f0cdd9c0SBrian Somers void
pap_Init(struct authinfo * pap,struct physical * p)174f0cdd9c0SBrian Somers pap_Init(struct authinfo *pap, struct physical *p)
175f0cdd9c0SBrian Somers {
176f0cdd9c0SBrian Somers auth_Init(pap, p, pap_Req, pap_Success, pap_Failure);
177f0cdd9c0SBrian Somers }
178f0cdd9c0SBrian Somers
1795d9e6103SBrian Somers struct mbuf *
pap_Input(struct bundle * bundle,struct link * l,struct mbuf * bp)1805d9e6103SBrian Somers pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
181f0cdd9c0SBrian Somers {
1825d9e6103SBrian Somers struct physical *p = link2physical(l);
183f0cdd9c0SBrian Somers struct authinfo *authp = &p->dl->pap;
184f0cdd9c0SBrian Somers u_char nlen, klen, *key;
185b5c3c9aeSBrian Somers const char *txt;
186b5c3c9aeSBrian Somers int txtlen;
187f0cdd9c0SBrian Somers
1885d9e6103SBrian Somers if (p == NULL) {
1895d9e6103SBrian Somers log_Printf(LogERROR, "pap_Input: Not a physical link - dropped\n");
19026af0ae9SBrian Somers m_freem(bp);
1915d9e6103SBrian Somers return NULL;
1925d9e6103SBrian Somers }
1935d9e6103SBrian Somers
1945d9e6103SBrian Somers if (bundle_Phase(bundle) != PHASE_NETWORK &&
1955d9e6103SBrian Somers bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
19629b873f3SBrian Somers log_Printf(LogPHASE, "Unexpected pap input - dropped !\n");
19726af0ae9SBrian Somers m_freem(bp);
1985d9e6103SBrian Somers return NULL;
19929b873f3SBrian Somers }
20029b873f3SBrian Somers
201b7ff18adSBrian Somers if ((bp = auth_ReadHeader(authp, bp)) == NULL &&
202b7ff18adSBrian Somers ntohs(authp->in.hdr.length) == 0) {
203b7ff18adSBrian Somers log_Printf(LogWARN, "Pap Input: Truncated header !\n");
2045d9e6103SBrian Somers return NULL;
205b7ff18adSBrian Somers }
206f0cdd9c0SBrian Somers
207f0cdd9c0SBrian Somers if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {
208f0cdd9c0SBrian Somers log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code);
20926af0ae9SBrian Somers m_freem(bp);
2105d9e6103SBrian Somers return NULL;
211f0cdd9c0SBrian Somers }
212f0cdd9c0SBrian Somers
213f0cdd9c0SBrian Somers if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id &&
2145d9e6103SBrian Somers Enabled(bundle, OPT_IDCHECK)) {
215f0cdd9c0SBrian Somers /* Wrong conversation dude ! */
216f0cdd9c0SBrian Somers log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n",
217f0cdd9c0SBrian Somers papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id);
21826af0ae9SBrian Somers m_freem(bp);
2195d9e6103SBrian Somers return NULL;
220f0cdd9c0SBrian Somers }
22126af0ae9SBrian Somers m_settype(bp, MB_PAPIN);
222f0cdd9c0SBrian Somers authp->id = authp->in.hdr.id; /* We respond with this id */
223f0cdd9c0SBrian Somers
224f0cdd9c0SBrian Somers if (bp) {
225f0cdd9c0SBrian Somers bp = mbuf_Read(bp, &nlen, 1);
226b5c3c9aeSBrian Somers if (authp->in.hdr.code == PAP_ACK) {
227b5c3c9aeSBrian Somers /*
228b5c3c9aeSBrian Somers * Don't restrict the length of our acknowledgement freetext to
229b5c3c9aeSBrian Somers * nlen (a one-byte length). Show the rest of the ack packet
230b5c3c9aeSBrian Somers * instead. This isn't really part of the protocol.....
231b5c3c9aeSBrian Somers */
23226af0ae9SBrian Somers bp = m_pullup(bp);
233b5c3c9aeSBrian Somers txt = MBUF_CTOP(bp);
23426af0ae9SBrian Somers txtlen = m_length(bp);
235b5c3c9aeSBrian Somers } else {
236f0cdd9c0SBrian Somers bp = auth_ReadName(authp, bp, nlen);
237b5c3c9aeSBrian Somers txt = authp->in.name;
238b5c3c9aeSBrian Somers txtlen = strlen(authp->in.name);
239b5c3c9aeSBrian Somers }
240b5c3c9aeSBrian Somers } else {
241b5c3c9aeSBrian Somers txt = "";
242b5c3c9aeSBrian Somers txtlen = 0;
243f0cdd9c0SBrian Somers }
244f0cdd9c0SBrian Somers
245b5c3c9aeSBrian Somers log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n",
246b5c3c9aeSBrian Somers papcodes[authp->in.hdr.code], txtlen, txt);
247f0cdd9c0SBrian Somers
248f0cdd9c0SBrian Somers switch (authp->in.hdr.code) {
249f0cdd9c0SBrian Somers case PAP_REQUEST:
250f0cdd9c0SBrian Somers if (bp == NULL) {
251f0cdd9c0SBrian Somers log_Printf(LogPHASE, "Pap Input: No key given !\n");
252af57ed9fSAtsushi Murai break;
253f0cdd9c0SBrian Somers }
254f0cdd9c0SBrian Somers bp = mbuf_Read(bp, &klen, 1);
25526af0ae9SBrian Somers if (m_length(bp) < klen) {
256f0cdd9c0SBrian Somers log_Printf(LogERROR, "Pap Input: Truncated key !\n");
257f0cdd9c0SBrian Somers break;
258f0cdd9c0SBrian Somers }
259f0cdd9c0SBrian Somers if ((key = malloc(klen+1)) == NULL) {
260f0cdd9c0SBrian Somers log_Printf(LogERROR, "Pap Input: Out of memory !\n");
261f0cdd9c0SBrian Somers break;
262f0cdd9c0SBrian Somers }
263f0cdd9c0SBrian Somers bp = mbuf_Read(bp, key, klen);
264f0cdd9c0SBrian Somers key[klen] = '\0';
265f0cdd9c0SBrian Somers
266f0cdd9c0SBrian Somers #ifndef NORADIUS
267a16061b2SBrian Somers if (*bundle->radius.cfg.file) {
268a16061b2SBrian Somers if (!radius_Authenticate(&bundle->radius, authp, authp->in.name,
269250be50bSBrian Somers key, strlen(key), NULL, 0))
270a16061b2SBrian Somers pap_Failure(authp);
271a16061b2SBrian Somers } else
272f0cdd9c0SBrian Somers #endif
273057f1760SBrian Somers if (auth_Validate(bundle, authp->in.name, key))
274f0cdd9c0SBrian Somers pap_Success(authp);
275f0cdd9c0SBrian Somers else
276f0cdd9c0SBrian Somers pap_Failure(authp);
277f0cdd9c0SBrian Somers
278f0cdd9c0SBrian Somers free(key);
279f0cdd9c0SBrian Somers break;
280f0cdd9c0SBrian Somers
281af57ed9fSAtsushi Murai case PAP_ACK:
282f0cdd9c0SBrian Somers auth_StopTimer(authp);
283f0cdd9c0SBrian Somers if (p->link.lcp.auth_iwait == PROTO_PAP) {
284f0cdd9c0SBrian Somers p->link.lcp.auth_iwait = 0;
285f0cdd9c0SBrian Somers if (p->link.lcp.auth_ineed == 0)
286455aabc3SBrian Somers /*
287455aabc3SBrian Somers * We've succeeded in our ``login''
288455aabc3SBrian Somers * If we're not expecting the peer to authenticate (or he already
289455aabc3SBrian Somers * has), proceed to network phase.
290455aabc3SBrian Somers */
291f0cdd9c0SBrian Somers datalink_AuthOk(p->dl);
292af57ed9fSAtsushi Murai }
293af57ed9fSAtsushi Murai break;
294f0cdd9c0SBrian Somers
295af57ed9fSAtsushi Murai case PAP_NAK:
296f0cdd9c0SBrian Somers auth_StopTimer(authp);
297f0cdd9c0SBrian Somers datalink_AuthNotOk(p->dl);
298af57ed9fSAtsushi Murai break;
299af57ed9fSAtsushi Murai }
300f0cdd9c0SBrian Somers
30126af0ae9SBrian Somers m_freem(bp);
3025d9e6103SBrian Somers return NULL;
303af57ed9fSAtsushi Murai }
304