1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org> 5 * based on work by Toshiharu OHNO <tony-o@iij.ad.jp> 6 * Internet Initiative Japan, Inc (IIJ) 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 * $FreeBSD$ 31 */ 32 33 #include <sys/param.h> 34 #include <netinet/in.h> 35 #include <netinet/in_systm.h> 36 #include <netinet/ip.h> 37 #include <sys/socket.h> 38 #include <sys/un.h> 39 40 #include <stdlib.h> 41 #include <string.h> /* strlen/memcpy */ 42 #include <termios.h> 43 44 #include "layer.h" 45 #include "mbuf.h" 46 #include "log.h" 47 #include "defs.h" 48 #include "timer.h" 49 #include "fsm.h" 50 #include "auth.h" 51 #include "pap.h" 52 #include "lqr.h" 53 #include "hdlc.h" 54 #include "lcp.h" 55 #include "proto.h" 56 #include "async.h" 57 #include "throughput.h" 58 #include "ccp.h" 59 #include "link.h" 60 #include "descriptor.h" 61 #include "physical.h" 62 #include "iplist.h" 63 #include "slcompress.h" 64 #include "ncpaddr.h" 65 #include "ipcp.h" 66 #include "filter.h" 67 #include "mp.h" 68 #ifndef NORADIUS 69 #include "radius.h" 70 #endif 71 #include "ipv6cp.h" 72 #include "ncp.h" 73 #include "bundle.h" 74 #include "chat.h" 75 #include "chap.h" 76 #include "cbcp.h" 77 #include "datalink.h" 78 79 static const char * const papcodes[] = { 80 "???", "REQUEST", "SUCCESS", "FAILURE" 81 }; 82 #define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1) 83 84 static void 85 pap_Req(struct authinfo *authp) 86 { 87 struct bundle *bundle = authp->physical->dl->bundle; 88 struct fsmheader lh; 89 struct mbuf *bp; 90 u_char *cp; 91 int namelen, keylen, plen; 92 93 namelen = strlen(bundle->cfg.auth.name); 94 keylen = strlen(bundle->cfg.auth.key); 95 plen = namelen + keylen + 2; 96 log_Printf(LogDEBUG, "pap_Req: namelen = %d, keylen = %d\n", namelen, keylen); 97 log_Printf(LogPHASE, "Pap Output: %s ********\n", bundle->cfg.auth.name); 98 if (*bundle->cfg.auth.name == '\0') 99 log_Printf(LogWARN, "Sending empty PAP authname!\n"); 100 lh.code = PAP_REQUEST; 101 lh.id = authp->id; 102 lh.length = htons(plen + sizeof(struct fsmheader)); 103 bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT); 104 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader)); 105 cp = MBUF_CTOP(bp) + sizeof(struct fsmheader); 106 *cp++ = namelen; 107 memcpy(cp, bundle->cfg.auth.name, namelen); 108 cp += namelen; 109 *cp++ = keylen; 110 memcpy(cp, bundle->cfg.auth.key, keylen); 111 link_PushPacket(&authp->physical->link, bp, bundle, 112 LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP); 113 } 114 115 static void 116 SendPapCode(struct authinfo *authp, int code, const char *message) 117 { 118 struct fsmheader lh; 119 struct mbuf *bp; 120 u_char *cp; 121 int plen, mlen; 122 123 lh.code = code; 124 lh.id = authp->id; 125 mlen = strlen(message); 126 plen = mlen + 1; 127 lh.length = htons(plen + sizeof(struct fsmheader)); 128 bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT); 129 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader)); 130 cp = MBUF_CTOP(bp) + sizeof(struct fsmheader); 131 /* 132 * If our message is longer than 255 bytes, truncate the length to 133 * 255 and send the entire message anyway. Maybe the other end will 134 * display it... (see pap_Input() !) 135 */ 136 *cp++ = mlen > 255 ? 255 : mlen; 137 memcpy(cp, message, mlen); 138 log_Printf(LogPHASE, "Pap Output: %s\n", papcodes[code]); 139 140 link_PushPacket(&authp->physical->link, bp, authp->physical->dl->bundle, 141 LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP); 142 } 143 144 static void 145 pap_Success(struct authinfo *authp) 146 { 147 struct bundle *bundle = authp->physical->dl->bundle; 148 149 datalink_GotAuthname(authp->physical->dl, authp->in.name); 150 #ifndef NORADIUS 151 if (*bundle->radius.cfg.file && bundle->radius.repstr) 152 SendPapCode(authp, PAP_ACK, bundle->radius.repstr); 153 else 154 #endif 155 SendPapCode(authp, PAP_ACK, "Greetings!!"); 156 authp->physical->link.lcp.auth_ineed = 0; 157 if (Enabled(bundle, OPT_UTMP)) 158 physical_Login(authp->physical, authp->in.name); 159 160 if (authp->physical->link.lcp.auth_iwait == 0) 161 /* 162 * Either I didn't need to authenticate, or I've already been 163 * told that I got the answer right. 164 */ 165 datalink_AuthOk(authp->physical->dl); 166 } 167 168 static void 169 pap_Failure(struct authinfo *authp) 170 { 171 SendPapCode(authp, PAP_NAK, "Login incorrect"); 172 datalink_AuthNotOk(authp->physical->dl); 173 } 174 175 void 176 pap_Init(struct authinfo *pap, struct physical *p) 177 { 178 auth_Init(pap, p, pap_Req, pap_Success, pap_Failure); 179 } 180 181 struct mbuf * 182 pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) 183 { 184 struct physical *p = link2physical(l); 185 struct authinfo *authp = &p->dl->pap; 186 u_char nlen, klen, *key; 187 const char *txt; 188 int txtlen; 189 190 if (p == NULL) { 191 log_Printf(LogERROR, "pap_Input: Not a physical link - dropped\n"); 192 m_freem(bp); 193 return NULL; 194 } 195 196 if (bundle_Phase(bundle) != PHASE_NETWORK && 197 bundle_Phase(bundle) != PHASE_AUTHENTICATE) { 198 log_Printf(LogPHASE, "Unexpected pap input - dropped !\n"); 199 m_freem(bp); 200 return NULL; 201 } 202 203 if ((bp = auth_ReadHeader(authp, bp)) == NULL && 204 ntohs(authp->in.hdr.length) == 0) { 205 log_Printf(LogWARN, "Pap Input: Truncated header !\n"); 206 return NULL; 207 } 208 209 if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) { 210 log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code); 211 m_freem(bp); 212 return NULL; 213 } 214 215 if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id && 216 Enabled(bundle, OPT_IDCHECK)) { 217 /* Wrong conversation dude ! */ 218 log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n", 219 papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id); 220 m_freem(bp); 221 return NULL; 222 } 223 m_settype(bp, MB_PAPIN); 224 authp->id = authp->in.hdr.id; /* We respond with this id */ 225 226 if (bp) { 227 bp = mbuf_Read(bp, &nlen, 1); 228 if (authp->in.hdr.code == PAP_ACK) { 229 /* 230 * Don't restrict the length of our acknowledgement freetext to 231 * nlen (a one-byte length). Show the rest of the ack packet 232 * instead. This isn't really part of the protocol..... 233 */ 234 bp = m_pullup(bp); 235 txt = MBUF_CTOP(bp); 236 txtlen = m_length(bp); 237 } else { 238 bp = auth_ReadName(authp, bp, nlen); 239 txt = authp->in.name; 240 txtlen = strlen(authp->in.name); 241 } 242 } else { 243 txt = ""; 244 txtlen = 0; 245 } 246 247 log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n", 248 papcodes[authp->in.hdr.code], txtlen, txt); 249 250 switch (authp->in.hdr.code) { 251 case PAP_REQUEST: 252 if (bp == NULL) { 253 log_Printf(LogPHASE, "Pap Input: No key given !\n"); 254 break; 255 } 256 bp = mbuf_Read(bp, &klen, 1); 257 if (m_length(bp) < klen) { 258 log_Printf(LogERROR, "Pap Input: Truncated key !\n"); 259 break; 260 } 261 if ((key = malloc(klen+1)) == NULL) { 262 log_Printf(LogERROR, "Pap Input: Out of memory !\n"); 263 break; 264 } 265 bp = mbuf_Read(bp, key, klen); 266 key[klen] = '\0'; 267 268 #ifndef NORADIUS 269 if (*bundle->radius.cfg.file) { 270 if (!radius_Authenticate(&bundle->radius, authp, authp->in.name, 271 key, strlen(key), NULL, 0)) 272 pap_Failure(authp); 273 } else 274 #endif 275 if (auth_Validate(bundle, authp->in.name, key)) 276 pap_Success(authp); 277 else 278 pap_Failure(authp); 279 280 free(key); 281 break; 282 283 case PAP_ACK: 284 auth_StopTimer(authp); 285 if (p->link.lcp.auth_iwait == PROTO_PAP) { 286 p->link.lcp.auth_iwait = 0; 287 if (p->link.lcp.auth_ineed == 0) 288 /* 289 * We've succeeded in our ``login'' 290 * If we're not expecting the peer to authenticate (or he already 291 * has), proceed to network phase. 292 */ 293 datalink_AuthOk(p->dl); 294 } 295 break; 296 297 case PAP_NAK: 298 auth_StopTimer(authp); 299 datalink_AuthNotOk(p->dl); 300 break; 301 } 302 303 m_freem(bp); 304 return NULL; 305 } 306