xref: /freebsd/usr.sbin/ppp/pap.c (revision 32c7dde816fd1d738a48af82bf490307cb7b4739)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
5  *          based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
6  *                           Internet Initiative Japan, Inc (IIJ)
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  *
30  * $FreeBSD$
31  */
32 
33 #include <sys/param.h>
34 #include <netinet/in.h>
35 #include <netinet/in_systm.h>
36 #include <netinet/ip.h>
37 #include <sys/socket.h>
38 #include <sys/un.h>
39 
40 #include <stdlib.h>
41 #include <string.h>		/* strlen/memcpy */
42 #include <termios.h>
43 
44 #include "layer.h"
45 #include "mbuf.h"
46 #include "log.h"
47 #include "defs.h"
48 #include "timer.h"
49 #include "fsm.h"
50 #include "auth.h"
51 #include "pap.h"
52 #include "lqr.h"
53 #include "hdlc.h"
54 #include "lcp.h"
55 #include "proto.h"
56 #include "async.h"
57 #include "throughput.h"
58 #include "ccp.h"
59 #include "link.h"
60 #include "descriptor.h"
61 #include "physical.h"
62 #include "iplist.h"
63 #include "slcompress.h"
64 #include "ncpaddr.h"
65 #include "ipcp.h"
66 #include "filter.h"
67 #include "mp.h"
68 #ifndef NORADIUS
69 #include "radius.h"
70 #endif
71 #include "ipv6cp.h"
72 #include "ncp.h"
73 #include "bundle.h"
74 #include "chat.h"
75 #include "chap.h"
76 #include "cbcp.h"
77 #include "datalink.h"
78 
79 static const char * const papcodes[] = {
80   "???", "REQUEST", "SUCCESS", "FAILURE"
81 };
82 #define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1)
83 
84 static void
85 pap_Req(struct authinfo *authp)
86 {
87   struct bundle *bundle = authp->physical->dl->bundle;
88   struct fsmheader lh;
89   struct mbuf *bp;
90   u_char *cp;
91   int namelen, keylen, plen;
92 
93   namelen = strlen(bundle->cfg.auth.name);
94   keylen = strlen(bundle->cfg.auth.key);
95   plen = namelen + keylen + 2;
96   log_Printf(LogDEBUG, "pap_Req: namelen = %d, keylen = %d\n", namelen, keylen);
97   log_Printf(LogPHASE, "Pap Output: %s ********\n", bundle->cfg.auth.name);
98   if (*bundle->cfg.auth.name == '\0')
99     log_Printf(LogWARN, "Sending empty PAP authname!\n");
100   lh.code = PAP_REQUEST;
101   lh.id = authp->id;
102   lh.length = htons(plen + sizeof(struct fsmheader));
103   bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
104   memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
105   cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
106   *cp++ = namelen;
107   memcpy(cp, bundle->cfg.auth.name, namelen);
108   cp += namelen;
109   *cp++ = keylen;
110   memcpy(cp, bundle->cfg.auth.key, keylen);
111   link_PushPacket(&authp->physical->link, bp, bundle,
112                   LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
113 }
114 
115 static void
116 SendPapCode(struct authinfo *authp, int code, const char *message)
117 {
118   struct fsmheader lh;
119   struct mbuf *bp;
120   u_char *cp;
121   int plen, mlen;
122 
123   lh.code = code;
124   lh.id = authp->id;
125   mlen = strlen(message);
126   plen = mlen + 1;
127   lh.length = htons(plen + sizeof(struct fsmheader));
128   bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
129   memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
130   cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
131   /*
132    * If our message is longer than 255 bytes, truncate the length to
133    * 255 and send the entire message anyway.  Maybe the other end will
134    * display it... (see pap_Input() !)
135    */
136   *cp++ = mlen > 255 ? 255 : mlen;
137   memcpy(cp, message, mlen);
138   log_Printf(LogPHASE, "Pap Output: %s\n", papcodes[code]);
139 
140   link_PushPacket(&authp->physical->link, bp, authp->physical->dl->bundle,
141                   LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
142 }
143 
144 static void
145 pap_Success(struct authinfo *authp)
146 {
147   struct bundle *bundle = authp->physical->dl->bundle;
148 
149   datalink_GotAuthname(authp->physical->dl, authp->in.name);
150 #ifndef NORADIUS
151   if (*bundle->radius.cfg.file && bundle->radius.repstr)
152     SendPapCode(authp, PAP_ACK, bundle->radius.repstr);
153   else
154 #endif
155     SendPapCode(authp, PAP_ACK, "Greetings!!");
156   authp->physical->link.lcp.auth_ineed = 0;
157   if (Enabled(bundle, OPT_UTMP))
158     physical_Login(authp->physical, authp->in.name);
159 
160   if (authp->physical->link.lcp.auth_iwait == 0)
161     /*
162      * Either I didn't need to authenticate, or I've already been
163      * told that I got the answer right.
164      */
165     datalink_AuthOk(authp->physical->dl);
166 }
167 
168 static void
169 pap_Failure(struct authinfo *authp)
170 {
171   SendPapCode(authp, PAP_NAK, "Login incorrect");
172   datalink_AuthNotOk(authp->physical->dl);
173 }
174 
175 void
176 pap_Init(struct authinfo *pap, struct physical *p)
177 {
178   auth_Init(pap, p, pap_Req, pap_Success, pap_Failure);
179 }
180 
181 struct mbuf *
182 pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
183 {
184   struct physical *p = link2physical(l);
185   struct authinfo *authp = &p->dl->pap;
186   u_char nlen, klen, *key;
187   const char *txt;
188   int txtlen;
189 
190   if (p == NULL) {
191     log_Printf(LogERROR, "pap_Input: Not a physical link - dropped\n");
192     m_freem(bp);
193     return NULL;
194   }
195 
196   if (bundle_Phase(bundle) != PHASE_NETWORK &&
197       bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
198     log_Printf(LogPHASE, "Unexpected pap input - dropped !\n");
199     m_freem(bp);
200     return NULL;
201   }
202 
203   if ((bp = auth_ReadHeader(authp, bp)) == NULL &&
204       ntohs(authp->in.hdr.length) == 0) {
205     log_Printf(LogWARN, "Pap Input: Truncated header !\n");
206     return NULL;
207   }
208 
209   if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {
210     log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code);
211     m_freem(bp);
212     return NULL;
213   }
214 
215   if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id &&
216       Enabled(bundle, OPT_IDCHECK)) {
217     /* Wrong conversation dude ! */
218     log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n",
219                papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id);
220     m_freem(bp);
221     return NULL;
222   }
223   m_settype(bp, MB_PAPIN);
224   authp->id = authp->in.hdr.id;		/* We respond with this id */
225 
226   if (bp) {
227     bp = mbuf_Read(bp, &nlen, 1);
228     if (authp->in.hdr.code == PAP_ACK) {
229       /*
230        * Don't restrict the length of our acknowledgement freetext to
231        * nlen (a one-byte length).  Show the rest of the ack packet
232        * instead.  This isn't really part of the protocol.....
233        */
234       bp = m_pullup(bp);
235       txt = MBUF_CTOP(bp);
236       txtlen = m_length(bp);
237     } else {
238       bp = auth_ReadName(authp, bp, nlen);
239       txt = authp->in.name;
240       txtlen = strlen(authp->in.name);
241     }
242   } else {
243     txt = "";
244     txtlen = 0;
245   }
246 
247   log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n",
248              papcodes[authp->in.hdr.code], txtlen, txt);
249 
250   switch (authp->in.hdr.code) {
251     case PAP_REQUEST:
252       if (bp == NULL) {
253         log_Printf(LogPHASE, "Pap Input: No key given !\n");
254         break;
255       }
256       bp = mbuf_Read(bp, &klen, 1);
257       if (m_length(bp) < klen) {
258         log_Printf(LogERROR, "Pap Input: Truncated key !\n");
259         break;
260       }
261       if ((key = malloc(klen+1)) == NULL) {
262         log_Printf(LogERROR, "Pap Input: Out of memory !\n");
263         break;
264       }
265       bp = mbuf_Read(bp, key, klen);
266       key[klen] = '\0';
267 
268 #ifndef NORADIUS
269       if (*bundle->radius.cfg.file) {
270         if (!radius_Authenticate(&bundle->radius, authp, authp->in.name,
271                                  key, strlen(key), NULL, 0))
272           pap_Failure(authp);
273       } else
274 #endif
275       if (auth_Validate(bundle, authp->in.name, key))
276         pap_Success(authp);
277       else
278         pap_Failure(authp);
279 
280       free(key);
281       break;
282 
283     case PAP_ACK:
284       auth_StopTimer(authp);
285       if (p->link.lcp.auth_iwait == PROTO_PAP) {
286         p->link.lcp.auth_iwait = 0;
287         if (p->link.lcp.auth_ineed == 0)
288           /*
289            * We've succeeded in our ``login''
290            * If we're not expecting  the peer to authenticate (or he already
291            * has), proceed to network phase.
292            */
293           datalink_AuthOk(p->dl);
294       }
295       break;
296 
297     case PAP_NAK:
298       auth_StopTimer(authp);
299       datalink_AuthNotOk(p->dl);
300       break;
301   }
302 
303   m_freem(bp);
304   return NULL;
305 }
306