xref: /freebsd/usr.sbin/ppp/pap.c (revision 7f3dea244c40159a41ab22da77a434d7c5b5e85a)
1 /*
2  *			PPP PAP Module
3  *
4  *	    Written by Toshiharu OHNO (tony-o@iij.ad.jp)
5  *
6  *   Copyright (C) 1993-94, Internet Initiative Japan, Inc.
7  *		     All rights reserverd.
8  *
9  * Redistribution and use in source and binary forms are permitted
10  * provided that the above copyright notice and this paragraph are
11  * duplicated in all such forms and that any documentation,
12  * advertising materials, and other materials related to such
13  * distribution and use acknowledge that the software was developed
14  * by the Internet Initiative Japan, Inc.  The name of the
15  * IIJ may not be used to endorse or promote products derived
16  * from this software without specific prior written permission.
17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
19  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20  *
21  * $Id: pap.c,v 1.36 1999/06/02 15:59:07 brian Exp $
22  *
23  *	TODO:
24  */
25 #include <sys/param.h>
26 #include <netinet/in.h>
27 #include <netinet/in_systm.h>
28 #include <netinet/ip.h>
29 #include <sys/un.h>
30 
31 #include <stdlib.h>
32 #include <string.h>		/* strlen/memcpy */
33 #include <termios.h>
34 
35 #include "layer.h"
36 #include "mbuf.h"
37 #include "log.h"
38 #include "defs.h"
39 #include "timer.h"
40 #include "fsm.h"
41 #include "lcp.h"
42 #include "auth.h"
43 #include "pap.h"
44 #include "lqr.h"
45 #include "hdlc.h"
46 #include "proto.h"
47 #include "async.h"
48 #include "throughput.h"
49 #include "ccp.h"
50 #include "link.h"
51 #include "descriptor.h"
52 #include "physical.h"
53 #include "iplist.h"
54 #include "slcompress.h"
55 #include "ipcp.h"
56 #include "filter.h"
57 #include "mp.h"
58 #ifndef NORADIUS
59 #include "radius.h"
60 #endif
61 #include "bundle.h"
62 #include "chat.h"
63 #include "chap.h"
64 #include "cbcp.h"
65 #include "datalink.h"
66 
67 static const char *papcodes[] = { "???", "REQUEST", "SUCCESS", "FAILURE" };
68 #define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1)
69 
70 static void
71 pap_Req(struct authinfo *authp)
72 {
73   struct bundle *bundle = authp->physical->dl->bundle;
74   struct fsmheader lh;
75   struct mbuf *bp;
76   u_char *cp;
77   int namelen, keylen, plen;
78 
79   namelen = strlen(bundle->cfg.auth.name);
80   keylen = strlen(bundle->cfg.auth.key);
81   plen = namelen + keylen + 2;
82   log_Printf(LogDEBUG, "pap_Req: namelen = %d, keylen = %d\n", namelen, keylen);
83   log_Printf(LogPHASE, "Pap Output: %s ********\n", bundle->cfg.auth.name);
84   if (*bundle->cfg.auth.name == '\0')
85     log_Printf(LogWARN, "Sending empty PAP authname!\n");
86   lh.code = PAP_REQUEST;
87   lh.id = authp->id;
88   lh.length = htons(plen + sizeof(struct fsmheader));
89   bp = mbuf_Alloc(plen + sizeof(struct fsmheader), MB_PAPOUT);
90   memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
91   cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
92   *cp++ = namelen;
93   memcpy(cp, bundle->cfg.auth.name, namelen);
94   cp += namelen;
95   *cp++ = keylen;
96   memcpy(cp, bundle->cfg.auth.key, keylen);
97   link_PushPacket(&authp->physical->link, bp, bundle, PRI_LINK, PROTO_PAP);
98 }
99 
100 static void
101 SendPapCode(struct authinfo *authp, int code, const char *message)
102 {
103   struct fsmheader lh;
104   struct mbuf *bp;
105   u_char *cp;
106   int plen, mlen;
107 
108   lh.code = code;
109   lh.id = authp->id;
110   mlen = strlen(message);
111   plen = mlen + 1;
112   lh.length = htons(plen + sizeof(struct fsmheader));
113   bp = mbuf_Alloc(plen + sizeof(struct fsmheader), MB_PAPOUT);
114   memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
115   cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
116   *cp++ = mlen;
117   memcpy(cp, message, mlen);
118   log_Printf(LogPHASE, "Pap Output: %s\n", papcodes[code]);
119 
120   link_PushPacket(&authp->physical->link, bp, authp->physical->dl->bundle,
121                   PRI_LINK, PROTO_PAP);
122 }
123 
124 static void
125 pap_Success(struct authinfo *authp)
126 {
127   datalink_GotAuthname(authp->physical->dl, authp->in.name);
128   SendPapCode(authp, PAP_ACK, "Greetings!!");
129   authp->physical->link.lcp.auth_ineed = 0;
130   if (Enabled(authp->physical->dl->bundle, OPT_UTMP))
131     physical_Login(authp->physical, authp->in.name);
132 
133   if (authp->physical->link.lcp.auth_iwait == 0)
134     /*
135      * Either I didn't need to authenticate, or I've already been
136      * told that I got the answer right.
137      */
138     datalink_AuthOk(authp->physical->dl);
139 }
140 
141 static void
142 pap_Failure(struct authinfo *authp)
143 {
144   SendPapCode(authp, PAP_NAK, "Login incorrect");
145   datalink_AuthNotOk(authp->physical->dl);
146 }
147 
148 void
149 pap_Init(struct authinfo *pap, struct physical *p)
150 {
151   auth_Init(pap, p, pap_Req, pap_Success, pap_Failure);
152 }
153 
154 struct mbuf *
155 pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
156 {
157   struct physical *p = link2physical(l);
158   struct authinfo *authp = &p->dl->pap;
159   u_char nlen, klen, *key;
160 
161   if (p == NULL) {
162     log_Printf(LogERROR, "pap_Input: Not a physical link - dropped\n");
163     mbuf_Free(bp);
164     return NULL;
165   }
166 
167   if (bundle_Phase(bundle) != PHASE_NETWORK &&
168       bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
169     log_Printf(LogPHASE, "Unexpected pap input - dropped !\n");
170     mbuf_Free(bp);
171     return NULL;
172   }
173 
174   if ((bp = auth_ReadHeader(authp, bp)) == NULL &&
175       ntohs(authp->in.hdr.length) == 0) {
176     log_Printf(LogWARN, "Pap Input: Truncated header !\n");
177     return NULL;
178   }
179 
180   if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {
181     log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code);
182     mbuf_Free(bp);
183     return NULL;
184   }
185 
186   if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id &&
187       Enabled(bundle, OPT_IDCHECK)) {
188     /* Wrong conversation dude ! */
189     log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n",
190                papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id);
191     mbuf_Free(bp);
192     return NULL;
193   }
194   mbuf_SetType(bp, MB_PAPIN);
195   authp->id = authp->in.hdr.id;		/* We respond with this id */
196 
197   if (bp) {
198     bp = mbuf_Read(bp, &nlen, 1);
199     bp = auth_ReadName(authp, bp, nlen);
200   }
201 
202   log_Printf(LogPHASE, "Pap Input: %s (%s)\n",
203              papcodes[authp->in.hdr.code], authp->in.name);
204 
205   switch (authp->in.hdr.code) {
206     case PAP_REQUEST:
207       if (bp == NULL) {
208         log_Printf(LogPHASE, "Pap Input: No key given !\n");
209         break;
210       }
211       bp = mbuf_Read(bp, &klen, 1);
212       if (mbuf_Length(bp) < klen) {
213         log_Printf(LogERROR, "Pap Input: Truncated key !\n");
214         break;
215       }
216       if ((key = malloc(klen+1)) == NULL) {
217         log_Printf(LogERROR, "Pap Input: Out of memory !\n");
218         break;
219       }
220       bp = mbuf_Read(bp, key, klen);
221       key[klen] = '\0';
222 
223 #ifndef NORADIUS
224       if (*bundle->radius.cfg.file)
225         radius_Authenticate(&bundle->radius, authp, authp->in.name,
226                             key, NULL);
227       else
228 #endif
229       if (auth_Validate(bundle, authp->in.name, key, p))
230         pap_Success(authp);
231       else
232         pap_Failure(authp);
233 
234       free(key);
235       break;
236 
237     case PAP_ACK:
238       auth_StopTimer(authp);
239       if (p->link.lcp.auth_iwait == PROTO_PAP) {
240         p->link.lcp.auth_iwait = 0;
241         if (p->link.lcp.auth_ineed == 0)
242           /*
243            * We've succeeded in our ``login''
244            * If we're not expecting  the peer to authenticate (or he already
245            * has), proceed to network phase.
246            */
247           datalink_AuthOk(p->dl);
248       }
249       break;
250 
251     case PAP_NAK:
252       auth_StopTimer(authp);
253       datalink_AuthNotOk(p->dl);
254       break;
255   }
256 
257   mbuf_Free(bp);
258   return NULL;
259 }
260