xref: /freebsd/usr.sbin/ppp/pap.c (revision 5521ff5a4d1929056e7ffc982fac3341ca54df7c) 
1 /*-
2  * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
3  *          based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
4  *                           Internet Initiative Japan, Inc (IIJ)
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  *
28  * $FreeBSD$
29  */
30 
31 #include <sys/param.h>
32 #include <netinet/in.h>
33 #include <netinet/in_systm.h>
34 #include <netinet/ip.h>
35 #include <sys/un.h>
36 
37 #include <stdlib.h>
38 #include <string.h>		/* strlen/memcpy */
39 #include <termios.h>
40 
41 #include "layer.h"
42 #include "mbuf.h"
43 #include "log.h"
44 #include "defs.h"
45 #include "timer.h"
46 #include "fsm.h"
47 #include "auth.h"
48 #include "pap.h"
49 #include "lqr.h"
50 #include "hdlc.h"
51 #include "lcp.h"
52 #include "proto.h"
53 #include "async.h"
54 #include "throughput.h"
55 #include "ccp.h"
56 #include "link.h"
57 #include "descriptor.h"
58 #include "physical.h"
59 #include "iplist.h"
60 #include "slcompress.h"
61 #include "ipcp.h"
62 #include "filter.h"
63 #include "mp.h"
64 #ifndef NORADIUS
65 #include "radius.h"
66 #endif
67 #include "bundle.h"
68 #include "chat.h"
69 #include "chap.h"
70 #include "cbcp.h"
71 #include "datalink.h"
72 
73 static const char * const papcodes[] = {
74   "???", "REQUEST", "SUCCESS", "FAILURE"
75 };
76 #define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1)
77 
78 static void
79 pap_Req(struct authinfo *authp)
80 {
81   struct bundle *bundle = authp->physical->dl->bundle;
82   struct fsmheader lh;
83   struct mbuf *bp;
84   u_char *cp;
85   int namelen, keylen, plen;
86 
87   namelen = strlen(bundle->cfg.auth.name);
88   keylen = strlen(bundle->cfg.auth.key);
89   plen = namelen + keylen + 2;
90   log_Printf(LogDEBUG, "pap_Req: namelen = %d, keylen = %d\n", namelen, keylen);
91   log_Printf(LogPHASE, "Pap Output: %s ********\n", bundle->cfg.auth.name);
92   if (*bundle->cfg.auth.name == '\0')
93     log_Printf(LogWARN, "Sending empty PAP authname!\n");
94   lh.code = PAP_REQUEST;
95   lh.id = authp->id;
96   lh.length = htons(plen + sizeof(struct fsmheader));
97   bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
98   memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
99   cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
100   *cp++ = namelen;
101   memcpy(cp, bundle->cfg.auth.name, namelen);
102   cp += namelen;
103   *cp++ = keylen;
104   memcpy(cp, bundle->cfg.auth.key, keylen);
105   link_PushPacket(&authp->physical->link, bp, bundle,
106                   LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
107 }
108 
109 static void
110 SendPapCode(struct authinfo *authp, int code, const char *message)
111 {
112   struct fsmheader lh;
113   struct mbuf *bp;
114   u_char *cp;
115   int plen, mlen;
116 
117   lh.code = code;
118   lh.id = authp->id;
119   mlen = strlen(message);
120   plen = mlen + 1;
121   lh.length = htons(plen + sizeof(struct fsmheader));
122   bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
123   memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
124   cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
125   /*
126    * If our message is longer than 255 bytes, truncate the length to
127    * 255 and send the entire message anyway.  Maybe the other end will
128    * display it... (see pap_Input() !)
129    */
130   *cp++ = mlen > 255 ? 255 : mlen;
131   memcpy(cp, message, mlen);
132   log_Printf(LogPHASE, "Pap Output: %s\n", papcodes[code]);
133 
134   link_PushPacket(&authp->physical->link, bp, authp->physical->dl->bundle,
135                   LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
136 }
137 
138 static void
139 pap_Success(struct authinfo *authp)
140 {
141   datalink_GotAuthname(authp->physical->dl, authp->in.name);
142   SendPapCode(authp, PAP_ACK, "Greetings!!");
143   authp->physical->link.lcp.auth_ineed = 0;
144   if (Enabled(authp->physical->dl->bundle, OPT_UTMP))
145     physical_Login(authp->physical, authp->in.name);
146 
147   if (authp->physical->link.lcp.auth_iwait == 0)
148     /*
149      * Either I didn't need to authenticate, or I've already been
150      * told that I got the answer right.
151      */
152     datalink_AuthOk(authp->physical->dl);
153 }
154 
155 static void
156 pap_Failure(struct authinfo *authp)
157 {
158   SendPapCode(authp, PAP_NAK, "Login incorrect");
159   datalink_AuthNotOk(authp->physical->dl);
160 }
161 
162 void
163 pap_Init(struct authinfo *pap, struct physical *p)
164 {
165   auth_Init(pap, p, pap_Req, pap_Success, pap_Failure);
166 }
167 
168 struct mbuf *
169 pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
170 {
171   struct physical *p = link2physical(l);
172   struct authinfo *authp = &p->dl->pap;
173   u_char nlen, klen, *key;
174   const char *txt;
175   int txtlen;
176 
177   if (p == NULL) {
178     log_Printf(LogERROR, "pap_Input: Not a physical link - dropped\n");
179     m_freem(bp);
180     return NULL;
181   }
182 
183   if (bundle_Phase(bundle) != PHASE_NETWORK &&
184       bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
185     log_Printf(LogPHASE, "Unexpected pap input - dropped !\n");
186     m_freem(bp);
187     return NULL;
188   }
189 
190   if ((bp = auth_ReadHeader(authp, bp)) == NULL &&
191       ntohs(authp->in.hdr.length) == 0) {
192     log_Printf(LogWARN, "Pap Input: Truncated header !\n");
193     return NULL;
194   }
195 
196   if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {
197     log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code);
198     m_freem(bp);
199     return NULL;
200   }
201 
202   if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id &&
203       Enabled(bundle, OPT_IDCHECK)) {
204     /* Wrong conversation dude ! */
205     log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n",
206                papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id);
207     m_freem(bp);
208     return NULL;
209   }
210   m_settype(bp, MB_PAPIN);
211   authp->id = authp->in.hdr.id;		/* We respond with this id */
212 
213   if (bp) {
214     bp = mbuf_Read(bp, &nlen, 1);
215     if (authp->in.hdr.code == PAP_ACK) {
216       /*
217        * Don't restrict the length of our acknowledgement freetext to
218        * nlen (a one-byte length).  Show the rest of the ack packet
219        * instead.  This isn't really part of the protocol.....
220        */
221       bp = m_pullup(bp);
222       txt = MBUF_CTOP(bp);
223       txtlen = m_length(bp);
224     } else {
225       bp = auth_ReadName(authp, bp, nlen);
226       txt = authp->in.name;
227       txtlen = strlen(authp->in.name);
228     }
229   } else {
230     txt = "";
231     txtlen = 0;
232   }
233 
234   log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n",
235              papcodes[authp->in.hdr.code], txtlen, txt);
236 
237   switch (authp->in.hdr.code) {
238     case PAP_REQUEST:
239       if (bp == NULL) {
240         log_Printf(LogPHASE, "Pap Input: No key given !\n");
241         break;
242       }
243       bp = mbuf_Read(bp, &klen, 1);
244       if (m_length(bp) < klen) {
245         log_Printf(LogERROR, "Pap Input: Truncated key !\n");
246         break;
247       }
248       if ((key = malloc(klen+1)) == NULL) {
249         log_Printf(LogERROR, "Pap Input: Out of memory !\n");
250         break;
251       }
252       bp = mbuf_Read(bp, key, klen);
253       key[klen] = '\0';
254 
255 #ifndef NORADIUS
256       if (*bundle->radius.cfg.file)
257         radius_Authenticate(&bundle->radius, authp, authp->in.name,
258                             key, strlen(key), NULL, 0);
259       else
260 #endif
261       if (auth_Validate(bundle, authp->in.name, key, p))
262         pap_Success(authp);
263       else
264         pap_Failure(authp);
265 
266       free(key);
267       break;
268 
269     case PAP_ACK:
270       auth_StopTimer(authp);
271       if (p->link.lcp.auth_iwait == PROTO_PAP) {
272         p->link.lcp.auth_iwait = 0;
273         if (p->link.lcp.auth_ineed == 0)
274           /*
275            * We've succeeded in our ``login''
276            * If we're not expecting  the peer to authenticate (or he already
277            * has), proceed to network phase.
278            */
279           datalink_AuthOk(p->dl);
280       }
281       break;
282 
283     case PAP_NAK:
284       auth_StopTimer(authp);
285       datalink_AuthNotOk(p->dl);
286       break;
287   }
288 
289   m_freem(bp);
290   return NULL;
291 }
292