1 /* 2 * auth.c - PPP authentication and phase control. 3 * 4 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 5 * Use is subject to license terms. 6 * 7 * Copyright (c) 1993 The Australian National University. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms are permitted 11 * provided that the above copyright notice and this paragraph are 12 * duplicated in all such forms and that any documentation, 13 * advertising materials, and other materials related to such 14 * distribution and use acknowledge that the software was developed 15 * by the Australian National University. The name of the University 16 * may not be used to endorse or promote products derived from this 17 * software without specific prior written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 20 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 * Copyright (c) 1989 Carnegie Mellon University. 23 * All rights reserved. 24 * 25 * Redistribution and use in source and binary forms are permitted 26 * provided that the above copyright notice and this paragraph are 27 * duplicated in all such forms and that any documentation, 28 * advertising materials, and other materials related to such 29 * distribution and use acknowledge that the software was developed 30 * by Carnegie Mellon University. The name of the 31 * University may not be used to endorse or promote products derived 32 * from this software without specific prior written permission. 33 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 34 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 35 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 36 */ 37 38 /* 39 * Copyright 2023 OmniOS Community Edition (OmniOSce) Association. 40 */ 41 42 /* Pull in crypt() definition. */ 43 #define __EXTENSIONS__ 44 45 #include <stdio.h> 46 #include <stddef.h> 47 #include <stdlib.h> 48 #include <unistd.h> 49 #include <pwd.h> 50 #include <grp.h> 51 #include <string.h> 52 #include <sys/types.h> 53 #include <sys/stat.h> 54 #include <sys/socket.h> 55 #include <utmp.h> 56 #include <fcntl.h> 57 #if defined(_PATH_LASTLOG) && (defined(_linux_) || defined(__linux__)) 58 #include <lastlog.h> 59 #endif 60 61 #if defined(_linux_) || defined(__linux__) 62 #include <crypt.h> 63 #endif 64 65 #include <netdb.h> 66 #include <netinet/in.h> 67 #include <arpa/inet.h> 68 69 /* Backward compatibility with old Makefiles */ 70 #if defined(USE_PAM) && !defined(ALLOW_PAM) 71 #define ALLOW_PAM 72 #endif 73 74 #ifdef ALLOW_PAM 75 #include <security/pam_appl.h> 76 #endif 77 78 #ifdef HAS_SHADOW 79 #include <shadow.h> 80 #ifndef PW_PPP 81 #define PW_PPP PW_LOGIN 82 #endif 83 #endif 84 85 #include "pppd.h" 86 #include "fsm.h" 87 #include "lcp.h" 88 #include "ipcp.h" 89 #include "upap.h" 90 #include "chap.h" 91 #ifdef CBCP_SUPPORT 92 #include "cbcp.h" 93 #endif 94 #include "pathnames.h" 95 96 /* Bits in scan_authfile return value */ 97 #define NONWILD_SERVER 1 98 #define NONWILD_CLIENT 2 99 100 #define ISWILD(word) (word[0] == '*' && word[1] == '\0') 101 102 /* The name by which the peer authenticated itself to us. */ 103 char peer_authname[MAXNAMELEN]; 104 105 /* Records which authentication operations haven't completed yet. */ 106 static int auth_pending[NUM_PPP]; 107 108 /* Set if we have successfully called plogin() */ 109 static int logged_in; 110 111 /* List of addresses which the peer may use. */ 112 static struct permitted_ip *addresses[NUM_PPP]; 113 114 /* Wordlist giving addresses which the peer may use 115 without authenticating itself. */ 116 static struct wordlist *noauth_addrs; 117 118 /* Extra options to apply, from the secrets file entry for the peer. */ 119 static struct wordlist *extra_options; 120 121 /* Source of those extra options. */ 122 static const char *extra_opt_filename; 123 static int extra_opt_line; 124 125 /* Number of network protocols which we have opened. */ 126 static int num_np_open; 127 128 /* Number of network protocols which have come up. */ 129 static int num_np_up; 130 131 /* Set if we got the contents of passwd[] from the pap-secrets file. */ 132 static int passwd_from_file; 133 134 /* Set if we require authentication only because we have a default route. */ 135 static bool default_auth; 136 137 /* Hook to enable a plugin to control the idle time limit */ 138 int (*idle_time_hook) __P((struct ppp_idle *)) = NULL; 139 140 /* Hook for a plugin to say whether we can possibly authenticate any peer */ 141 int (*pap_check_hook) __P((void)) = NULL; 142 143 /* Hook for a plugin to check the PAP user and password */ 144 int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp, 145 struct wordlist **paddrs, 146 struct wordlist **popts)) = NULL; 147 148 /* Hook for a plugin to know about the PAP user logout */ 149 void (*pap_logout_hook) __P((void)) = NULL; 150 151 /* Hook for a plugin to get the PAP password for authenticating us */ 152 int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL; 153 154 /* 155 * This is used to ensure that we don't start an auth-up/down 156 * script while one is already running. 157 */ 158 enum script_state { 159 s_down, 160 s_up 161 }; 162 163 static enum script_state auth_state = s_down; 164 static enum script_state auth_script_state = s_down; 165 static pid_t auth_script_pid = 0; 166 167 /* 168 * This is set by scan_authfile if a client matches, but server doesn't 169 * (possible configuration error). 170 */ 171 static char scan_server_match_failed[MAXWORDLEN]; 172 173 /* 174 * Option variables. 175 */ 176 bool uselogin = 0; /* Use /etc/passwd for checking PAP */ 177 bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */ 178 bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */ 179 bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */ 180 bool usehostname = 0; /* Use hostname for our_name */ 181 bool auth_required = 0; /* Always require authentication from peer */ 182 bool allow_any_ip = 0; /* Allow peer to use any IP address */ 183 bool explicit_remote = 0; /* User specified explicit remote name */ 184 char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ 185 186 #ifdef CHAPMS 187 bool refuse_mschap = 0; /* Don't wanna auth. ourself with MS-CHAPv1 */ 188 #else 189 bool refuse_mschap = 1; /* Never auth. ourself with MS-CHAPv1 */ 190 #endif 191 #ifdef CHAPMSV2 192 bool refuse_mschapv2 = 0; /* Don't wanna auth. ourself with MS-CHAPv2 */ 193 #else 194 bool refuse_mschapv2 = 1; /* Never auth. ourself with MS-CHAPv2 */ 195 #endif 196 197 #ifdef USE_PAM 198 bool use_pam = 1; /* Enable use of PAM by default */ 199 #else 200 bool use_pam = 0; /* Disable use of PAM by default */ 201 #endif 202 203 /* Bits in auth_pending[] */ 204 #define PAP_WITHPEER 1 205 #define PAP_PEER 2 206 #define CHAP_WITHPEER 4 207 #define CHAP_PEER 8 208 209 /* Prototypes for procedures local to this file. */ 210 211 static void network_phase __P((int)); 212 static void check_idle __P((void *)); 213 static void connect_time_expired __P((void *)); 214 static int plogin __P((char *, char *, char **)); 215 static void plogout __P((void)); 216 static int null_login __P((int)); 217 static int get_pap_passwd __P((char *)); 218 static int have_pap_secret __P((int *)); 219 static int have_chap_secret __P((char *, char *, int, int *)); 220 static int ip_addr_check __P((u_int32_t, struct permitted_ip *)); 221 static int scan_authfile __P((FILE *, char *, char *, char *, 222 struct wordlist **, struct wordlist **, 223 char *)); 224 static void free_wordlist __P((struct wordlist *)); 225 static void auth_script __P((char *)); 226 static void auth_script_done __P((void *, int)); 227 static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *)); 228 static int some_ip_ok __P((struct wordlist *)); 229 static int setupapfile __P((char **, option_t *)); 230 static int privgroup __P((char **, option_t *)); 231 static int set_noauth_addr __P((char **, option_t *)); 232 static void check_access __P((FILE *, char *)); 233 234 /* 235 * Authentication-related options. 236 */ 237 option_t auth_options[] = { 238 { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap, 239 "Require PAP authentication from peer", 1, &auth_required }, 240 { "+pap", o_bool, &lcp_wantoptions[0].neg_upap, 241 "Require PAP authentication from peer", 1, &auth_required }, 242 { "refuse-pap", o_bool, &refuse_pap, 243 "Don't agree to auth to peer with PAP", 1 }, 244 { "-pap", o_bool, &refuse_pap, 245 "Don't allow PAP authentication with peer", 1 }, 246 { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap, 247 "Require CHAP authentication from peer", 1, &auth_required }, 248 { "+chap", o_bool, &lcp_wantoptions[0].neg_chap, 249 "Require CHAP authentication from peer", 1, &auth_required }, 250 { "refuse-chap", o_bool, &refuse_chap, 251 "Don't agree to auth to peer with CHAP", 1 }, 252 { "-chap", o_bool, &refuse_chap, 253 "Don't allow CHAP authentication with peer", 1 }, 254 { "name", o_string, our_name, 255 "Set local name for authentication", 256 OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN }, 257 { "user", o_string, user, 258 "Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN }, 259 { "usehostname", o_bool, &usehostname, 260 "Must use hostname for authentication", 1 }, 261 { "remotename", o_string, remote_name, 262 "Set remote name for authentication", OPT_STATIC, 263 &explicit_remote, MAXNAMELEN }, 264 { "auth", o_bool, &auth_required, 265 "Require authentication from peer", 1 }, 266 { "noauth", o_bool, &auth_required, 267 "Don't require peer to authenticate", OPT_PRIV, &allow_any_ip }, 268 { "login", o_bool, &uselogin, 269 "Use system password database for PAP", 1 }, 270 { "papcrypt", o_bool, &cryptpap, 271 "PAP passwords are encrypted", 1 }, 272 { "+ua", o_special, (void *)setupapfile, 273 "Get PAP user and password from file" }, 274 { "password", o_string, passwd, 275 "Password for authenticating us to the peer", OPT_STATIC, 276 NULL, MAXSECRETLEN }, 277 { "privgroup", o_special, (void *)privgroup, 278 "Allow group members to use privileged options", OPT_PRIV }, 279 { "allow-ip", o_special, (void *)set_noauth_addr, 280 "Set peer IP address(es) usable without authentication", 281 OPT_PRIV }, 282 #ifdef CHAPMS 283 { "require-mschap", o_bool, &lcp_wantoptions[0].neg_mschap, 284 "Require MS-CHAPv1 authentication from peer", 1, &auth_required }, 285 { "refuse-mschap", o_bool, &refuse_mschap, 286 "Don't agree to authenticate to peer with MS-CHAPv1", 1 }, 287 #endif 288 #ifdef CHAPMSV2 289 { "require-mschapv2", o_bool, &lcp_wantoptions[0].neg_mschapv2, 290 "Require MS-CHAPv2 authentication from peer", 1, &auth_required }, 291 { "refuse-mschapv2", o_bool, &refuse_mschapv2, 292 "Don't agree to authenticate to peer with MS-CHAPv2", 1 }, 293 #endif 294 #ifdef ALLOW_PAM 295 { "pam", o_bool, &use_pam, 296 "Enable use of Pluggable Authentication Modules", OPT_PRIV|1 }, 297 { "nopam", o_bool, &use_pam, 298 "Disable use of Pluggable Authentication Modules", OPT_PRIV|0 }, 299 #endif 300 { NULL } 301 }; 302 303 /* 304 * setupapfile - specifies UPAP info for authenticating with peer. 305 */ 306 /*ARGSUSED*/ 307 static int 308 setupapfile(argv, opt) 309 char **argv; 310 option_t *opt; 311 { 312 FILE * ufile; 313 int l; 314 315 lcp_allowoptions[0].neg_upap = 1; 316 317 /* open user info file */ 318 (void) seteuid(getuid()); 319 ufile = fopen(*argv, "r"); 320 (void) seteuid(0); 321 if (ufile == NULL) { 322 option_error("unable to open user login data file %s", *argv); 323 return 0; 324 } 325 check_access(ufile, *argv); 326 327 /* get username */ 328 if (fgets(user, MAXNAMELEN - 1, ufile) == NULL 329 || fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){ 330 option_error("unable to read user login data file %s", *argv); 331 return 0; 332 } 333 (void) fclose(ufile); 334 335 /* get rid of newlines */ 336 l = strlen(user); 337 if (l > 0 && user[l-1] == '\n') 338 user[l-1] = '\0'; 339 l = strlen(passwd); 340 if (l > 0 && passwd[l-1] == '\n') 341 passwd[l-1] = '\0'; 342 343 return (1); 344 } 345 346 347 /* 348 * privgroup - allow members of the group to have privileged access. 349 */ 350 /*ARGSUSED*/ 351 static int 352 privgroup(argv, opt) 353 char **argv; 354 option_t *opt; 355 { 356 struct group *g; 357 int i; 358 359 g = getgrnam(*argv); 360 if (g == NULL) { 361 option_error("group %s is unknown", *argv); 362 return 0; 363 } 364 for (i = 0; i < ngroups; ++i) { 365 if (groups[i] == g->gr_gid) { 366 privileged = 1; 367 break; 368 } 369 } 370 return 1; 371 } 372 373 374 /* 375 * set_noauth_addr - set address(es) that can be used without authentication. 376 * Equivalent to specifying an entry like `"" * "" addr' in pap-secrets. 377 */ 378 /*ARGSUSED*/ 379 static int 380 set_noauth_addr(argv, opt) 381 char **argv; 382 option_t *opt; 383 { 384 char *addr = *argv; 385 int l = strlen(addr); 386 struct wordlist *wp; 387 388 wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l + 1); 389 if (wp == NULL) 390 novm("allow-ip argument"); 391 wp->word = (char *) (wp + 1); 392 wp->next = noauth_addrs; 393 (void) strcpy(wp->word, addr); 394 noauth_addrs = wp; 395 return 1; 396 } 397 398 /* 399 * An Open on LCP has requested a change from Dead to Establish phase. 400 * Do what's necessary to bring the physical layer up. 401 */ 402 /*ARGSUSED*/ 403 void 404 link_required(unit) 405 int unit; 406 { 407 } 408 409 /* 410 * LCP has terminated the link; go to the Dead phase and take the 411 * physical layer down. 412 */ 413 /*ARGSUSED*/ 414 void 415 link_terminated(unit) 416 int unit; 417 { 418 const char *pn1, *pn2; 419 420 if (phase == PHASE_DEAD) 421 return; 422 if (pap_logout_hook != NULL) { 423 (*pap_logout_hook)(); 424 } else { 425 if (logged_in) 426 plogout(); 427 } 428 new_phase(PHASE_DEAD); 429 if (peer_nak_auth) { 430 if ((pn1 = protocol_name(nak_auth_orig)) == NULL) 431 pn1 = "?"; 432 if ((pn2 = protocol_name(nak_auth_proto)) == NULL) 433 pn2 = "?"; 434 warn("Peer sent Configure-Nak for 0x%x (%s) to suggest 0x%x (%s)", 435 nak_auth_orig, pn1, nak_auth_proto, pn2); 436 } 437 if (unsolicited_nak_auth) { 438 if ((pn1 = protocol_name(unsolicit_auth_proto)) == NULL) 439 pn1 = "?"; 440 warn("Peer unexpectedly asked us to authenticate with 0x%x (%s)", 441 unsolicit_auth_proto, pn1); 442 } 443 if (peer_reject_auth) { 444 if ((pn1 = protocol_name(reject_auth_proto)) == NULL) 445 pn1 = "?"; 446 warn("Peer rejected our demand for 0x%x (%s)", 447 reject_auth_proto, pn1); 448 } 449 if (naked_peers_auth) { 450 if ((pn1 = protocol_name(naked_auth_orig)) == NULL) 451 pn1 = "?"; 452 if ((pn2 = protocol_name(naked_auth_proto)) == NULL) 453 pn2 = "?"; 454 warn("We set Configure-Nak for 0x%x (%s) to suggest 0x%x (%s)", 455 naked_auth_orig, pn1, naked_auth_proto, pn2); 456 } 457 if (rejected_peers_auth) { 458 if ((pn1 = protocol_name(rejected_auth_proto)) == NULL) 459 pn1 = "?"; 460 warn("We rejected the peer's demand for 0x%x (%s)", 461 rejected_auth_proto, pn1); 462 } 463 464 peer_nak_auth = unsolicited_nak_auth = peer_reject_auth = 465 rejected_peers_auth = naked_peers_auth = 0; 466 nak_auth_proto = nak_auth_orig = unsolicit_auth_proto = reject_auth_proto = 467 rejected_auth_proto = naked_auth_orig = naked_auth_proto = 0; 468 notice("Connection terminated."); 469 } 470 471 /* 472 * LCP has gone down; it will either die or try to re-establish. 473 */ 474 void 475 link_down(unit) 476 int unit; 477 { 478 int i; 479 struct protent *protp; 480 481 auth_state = s_down; 482 if (auth_script_state == s_up && auth_script_pid == 0) { 483 update_link_stats(unit); 484 auth_script_state = s_down; 485 auth_script(_PATH_AUTHDOWN); 486 } 487 for (i = 0; (protp = protocols[i]) != NULL; ++i) { 488 if (!protp->enabled_flag) 489 continue; 490 if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) 491 (*protp->lowerdown)(unit); 492 if (protp->protocol < 0xC000 && protp->close != NULL) 493 (*protp->close)(unit, "LCP down"); 494 } 495 num_np_open = 0; 496 num_np_up = 0; 497 if (phase != PHASE_DEAD) 498 new_phase(PHASE_TERMINATE); 499 } 500 501 /* 502 * The link is established. 503 * Proceed to the Dead, Authenticate or Network phase as appropriate. 504 */ 505 void 506 link_established(unit) 507 int unit; 508 { 509 int auth; 510 lcp_options *wo = &lcp_wantoptions[unit]; 511 lcp_options *go = &lcp_gotoptions[unit]; 512 lcp_options *ho = &lcp_hisoptions[unit]; 513 int i; 514 struct protent *protp; 515 516 /* 517 * Tell higher-level protocols that LCP is up. 518 */ 519 for (i = 0; (protp = protocols[i]) != NULL; ++i) 520 if (protp->protocol != PPP_LCP && protp->enabled_flag 521 && protp->lowerup != NULL) 522 (*protp->lowerup)(unit); 523 524 if (auth_required && !(go->neg_chap || go->neg_mschap || 525 go->neg_mschapv2 || go->neg_upap)) { 526 /* 527 * We wanted the peer to authenticate itself, and it refused: 528 * if we have some address(es) it can use without auth, fine, 529 * otherwise treat it as though it authenticated with PAP using 530 * a username * of "" and a password of "". If that's not OK, 531 * boot it out. 532 */ 533 if (noauth_addrs != NULL) { 534 set_allowed_addrs(unit, noauth_addrs, NULL); 535 } else if (!wo->neg_upap || !null_login(unit)) { 536 warn("peer refused to authenticate: terminating link"); 537 lcp_close(unit, "peer refused to authenticate"); 538 status = EXIT_PEER_AUTH_FAILED; 539 return; 540 } 541 } 542 543 new_phase(PHASE_AUTHENTICATE); 544 auth = 0; 545 if (go->neg_chap || go->neg_mschap || go->neg_mschapv2) { 546 if (go->neg_chap) { 547 if (debug) 548 dbglog("Authenticating peer with standard CHAP"); 549 go->chap_mdtype = CHAP_DIGEST_MD5; 550 } else if (go->neg_mschap) { 551 if (debug) 552 dbglog("Authenticating peer with MS-CHAPv1"); 553 go->chap_mdtype = CHAP_MICROSOFT; 554 } else { 555 if (debug) 556 dbglog("Authenticating peer with MS-CHAPv2"); 557 go->chap_mdtype = CHAP_MICROSOFT_V2; 558 } 559 ChapAuthPeer(unit, our_name, go->chap_mdtype); 560 auth |= CHAP_PEER; 561 } else if (go->neg_upap) { 562 if (debug) 563 dbglog("Authenticating peer with PAP"); 564 upap_authpeer(unit); 565 auth |= PAP_PEER; 566 } 567 if (ho->neg_chap || ho->neg_mschap || ho->neg_mschapv2) { 568 switch (ho->chap_mdtype) { 569 case CHAP_DIGEST_MD5: 570 if (debug) 571 dbglog("Authenticating to peer with standard CHAP"); 572 break; 573 case CHAP_MICROSOFT: 574 if (debug) 575 dbglog("Authenticating to peer with MS-CHAPv1"); 576 break; 577 case CHAP_MICROSOFT_V2: 578 if (debug) 579 dbglog("Authenticating to peer with MS-CHAPv2"); 580 break; 581 default: 582 if (debug) 583 dbglog("Authenticating to peer with CHAP 0x%x", ho->chap_mdtype); 584 break; 585 } 586 ChapAuthWithPeer(unit, user, ho->chap_mdtype); 587 auth |= CHAP_WITHPEER; 588 } else if (ho->neg_upap) { 589 if (passwd[0] == '\0') { 590 passwd_from_file = 1; 591 if (!get_pap_passwd(passwd)) 592 error("No secret found for PAP login"); 593 } 594 if (debug) 595 dbglog("Authenticating to peer with PAP"); 596 upap_authwithpeer(unit, user, passwd); 597 auth |= PAP_WITHPEER; 598 } 599 auth_pending[unit] = auth; 600 601 if (!auth) 602 network_phase(unit); 603 } 604 605 /* 606 * Proceed to the network phase. 607 */ 608 static void 609 network_phase(unit) 610 int unit; 611 { 612 lcp_options *go = &lcp_gotoptions[unit]; 613 614 /* 615 * If the peer had to authenticate, run the auth-up script now. 616 */ 617 if (go->neg_chap || go->neg_mschap || go->neg_mschapv2 || go->neg_upap) { 618 auth_state = s_up; 619 if (auth_script_state == s_down && auth_script_pid == 0) { 620 auth_script_state = s_up; 621 auth_script(_PATH_AUTHUP); 622 } 623 } 624 625 /* 626 * Process extra options from the secrets file 627 */ 628 if (extra_options != NULL) { 629 option_source = (char *)extra_opt_filename; 630 option_line = extra_opt_line; 631 (void) options_from_list(extra_options, 1); 632 free_wordlist(extra_options); 633 extra_options = NULL; 634 } 635 636 #ifdef CBCP_SUPPORT 637 /* 638 * If we negotiated callback, do it now. 639 */ 640 if (go->neg_cbcp) { 641 new_phase(PHASE_CALLBACK); 642 (*cbcp_protent.open)(unit); 643 return; 644 } 645 #endif 646 647 start_networks(); 648 } 649 650 void 651 start_networks() 652 { 653 int i; 654 struct protent *protp; 655 656 new_phase(PHASE_NETWORK); 657 658 #ifdef HAVE_MULTILINK 659 if (multilink) { 660 if (mp_join_bundle()) { 661 if (updetach && !nodetach) 662 detach(); 663 return; 664 } 665 } 666 #endif /* HAVE_MULTILINK */ 667 668 #if 0 669 if (!demand) 670 set_filters(&pass_filter, &active_filter); 671 #endif 672 for (i = 0; (protp = protocols[i]) != NULL; ++i) 673 if (protp->protocol < 0xC000 && protp->enabled_flag 674 && protp->open != NULL) { 675 (*protp->open)(0); 676 if (protp->protocol != PPP_CCP) 677 ++num_np_open; 678 } 679 680 if (num_np_open == 0) 681 /* nothing to do */ 682 lcp_close(0, "No network protocols running"); 683 } 684 685 /* 686 * The peer has failed to authenticate himself using `protocol'. 687 */ 688 /*ARGSUSED*/ 689 void 690 auth_peer_fail(unit, protocol) 691 int unit, protocol; 692 { 693 /* 694 * Authentication failure: take the link down 695 */ 696 lcp_close(unit, "Authentication failed"); 697 status = EXIT_PEER_AUTH_FAILED; 698 } 699 700 /* 701 * The peer has been successfully authenticated using `protocol'. 702 */ 703 void 704 auth_peer_success(unit, protocol, name, namelen) 705 int unit, protocol; 706 char *name; 707 int namelen; 708 { 709 int bit; 710 711 switch (protocol) { 712 case PPP_CHAP: 713 bit = CHAP_PEER; 714 break; 715 case PPP_PAP: 716 bit = PAP_PEER; 717 break; 718 default: 719 warn("auth_peer_success: unknown protocol %x", protocol); 720 return; 721 } 722 723 /* 724 * Save the authenticated name of the peer for later. 725 */ 726 if (namelen > sizeof(peer_authname) - 1) 727 namelen = sizeof(peer_authname) - 1; 728 BCOPY(name, peer_authname, namelen); 729 peer_authname[namelen] = '\0'; 730 script_setenv("PEERNAME", peer_authname, 0); 731 732 /* 733 * If there is no more authentication still to be done, 734 * proceed to the network (or callback) phase. 735 */ 736 if ((auth_pending[unit] &= ~bit) == 0) 737 network_phase(unit); 738 } 739 740 /* 741 * We have failed to authenticate ourselves to the peer using `protocol'. 742 */ 743 /*ARGSUSED*/ 744 void 745 auth_withpeer_fail(unit, protocol) 746 int unit, protocol; 747 { 748 if (passwd_from_file) 749 BZERO(passwd, MAXSECRETLEN); 750 /* 751 * We've failed to authenticate ourselves to our peer. 752 * Some servers keep sending CHAP challenges, but there 753 * is no point in persisting without any way to get updated 754 * authentication secrets. 755 */ 756 lcp_close(unit, "Failed to authenticate ourselves to peer"); 757 status = EXIT_AUTH_TOPEER_FAILED; 758 } 759 760 /* 761 * We have successfully authenticated ourselves with the peer using `protocol'. 762 */ 763 void 764 auth_withpeer_success(unit, protocol) 765 int unit, protocol; 766 { 767 int bit; 768 769 switch (protocol) { 770 case PPP_CHAP: 771 bit = CHAP_WITHPEER; 772 break; 773 case PPP_PAP: 774 if (passwd_from_file) 775 BZERO(passwd, MAXSECRETLEN); 776 bit = PAP_WITHPEER; 777 break; 778 default: 779 warn("auth_withpeer_success: unknown protocol %x", protocol); 780 bit = 0; 781 } 782 783 /* 784 * If there is no more authentication still being done, 785 * proceed to the network (or callback) phase. 786 */ 787 if ((auth_pending[unit] &= ~bit) == 0) 788 network_phase(unit); 789 } 790 791 792 /* 793 * np_up - a network protocol has come up. 794 */ 795 /*ARGSUSED*/ 796 void 797 np_up(unit, proto) 798 int unit, proto; 799 { 800 int tlim; 801 802 if (num_np_up == 0) { 803 /* 804 * At this point we consider that the link has come up successfully. 805 */ 806 status = EXIT_OK; 807 unsuccess = 0; 808 809 peer_nak_auth = unsolicited_nak_auth = peer_reject_auth = 810 rejected_peers_auth = naked_peers_auth = 0; 811 nak_auth_proto = nak_auth_orig = unsolicit_auth_proto = 812 reject_auth_proto = rejected_auth_proto = naked_auth_orig = 813 naked_auth_proto = 0; 814 815 new_phase(PHASE_RUNNING); 816 817 if (idle_time_hook != NULL) 818 tlim = (*idle_time_hook)(NULL); 819 else 820 tlim = idle_time_limit; 821 if (tlim > 0) 822 TIMEOUT(check_idle, NULL, tlim); 823 824 /* 825 * Set a timeout to close the connection once the maximum 826 * connect time has expired. 827 */ 828 if (maxconnect > 0) { 829 TIMEOUT(connect_time_expired, &lcp_fsm[unit], maxconnect); 830 831 /* 832 * Tell LCP to send Time-Remaining packets. One should be 833 * sent out now, at maxconnect-300, at maxconnect-120, and 834 * again at maxconnect-30. 835 */ 836 lcp_settimeremaining(unit, maxconnect, maxconnect); 837 if (maxconnect > 300) 838 lcp_settimeremaining(unit, maxconnect, 300); 839 if (maxconnect > 120) 840 lcp_settimeremaining(unit, maxconnect, 120); 841 if (maxconnect > 30) 842 lcp_settimeremaining(unit, maxconnect, 30); 843 } 844 845 /* 846 * Detach now, if the updetach option was given. 847 */ 848 if (updetach && !nodetach) 849 detach(); 850 } 851 ++num_np_up; 852 } 853 854 /* 855 * np_down - a network protocol has gone down. 856 */ 857 /*ARGSUSED*/ 858 void 859 np_down(unit, proto) 860 int unit, proto; 861 { 862 if (--num_np_up == 0) { 863 UNTIMEOUT(check_idle, NULL); 864 new_phase(PHASE_NETWORK); 865 } 866 } 867 868 /* 869 * np_finished - a network protocol has finished using the link. 870 */ 871 /*ARGSUSED*/ 872 void 873 np_finished(unit, proto) 874 int unit, proto; 875 { 876 if (--num_np_open <= 0) { 877 /* no further use for the link: shut up shop. */ 878 lcp_close(0, "No network protocols running"); 879 } 880 } 881 882 /* 883 * check_idle - check whether the link has been idle for long 884 * enough that we can shut it down. 885 */ 886 /*ARGSUSED*/ 887 static void 888 check_idle(arg) 889 void *arg; 890 { 891 struct ppp_idle idle; 892 time_t itime; 893 int tlim; 894 895 if (!get_idle_time(0, &idle)) 896 return; 897 if (idle_time_hook != NULL) { 898 tlim = (*idle_time_hook)(&idle); 899 } else { 900 itime = MIN(idle.xmit_idle, idle.recv_idle); 901 tlim = idle_time_limit - itime; 902 } 903 if (tlim <= 0) { 904 /* link is idle: shut it down. */ 905 notice("Terminating connection due to lack of activity."); 906 lcp_close(0, "Link inactive"); 907 need_holdoff = 0; 908 status = EXIT_IDLE_TIMEOUT; 909 } else { 910 TIMEOUT(check_idle, NULL, tlim); 911 } 912 } 913 914 /* 915 * connect_time_expired - log a message and close the connection. 916 */ 917 /*ARGSUSED*/ 918 static void 919 connect_time_expired(arg) 920 void *arg; 921 { 922 fsm *f = (fsm *)arg; 923 924 info("Connect time expired"); 925 lcp_close(f->unit, "Connect time expired"); /* Close connection */ 926 status = EXIT_CONNECT_TIME; 927 } 928 929 /* 930 * auth_check_options - called to check authentication options. 931 */ 932 void 933 auth_check_options() 934 { 935 lcp_options *wo = &lcp_wantoptions[0]; 936 int can_auth; 937 int lacks_ip; 938 939 /* Default our_name to hostname, and user to our_name */ 940 if (our_name[0] == '\0' || usehostname) 941 (void) strlcpy(our_name, hostname, sizeof(our_name)); 942 if (user[0] == '\0') 943 (void) strlcpy(user, our_name, sizeof(user)); 944 945 /* 946 * If we have a default route, require the peer to authenticate 947 * unless the noauth option was given or the real user is root. 948 */ 949 if (!auth_required && !allow_any_ip && have_route_to(0) && !privileged) { 950 auth_required = 1; 951 default_auth = 1; 952 } 953 954 /* If authentication is required, ask peer for CHAP or PAP. */ 955 if (auth_required) { 956 if (!wo->neg_chap && !wo->neg_mschap && !wo->neg_mschapv2 && 957 !wo->neg_upap) { 958 wo->neg_chap = 1; 959 #ifdef CHAPMS 960 wo->neg_mschap = 1; 961 #endif 962 #ifdef CHAPMSV2 963 wo->neg_mschapv2 = 1; 964 #endif 965 wo->chap_mdtype = CHAP_DIGEST_MD5; 966 wo->neg_upap = 1; 967 } 968 } else { 969 wo->neg_chap = 0; 970 wo->neg_mschap = 0; 971 wo->neg_mschapv2 = 0; 972 wo->neg_upap = 0; 973 } 974 975 /* 976 * Check whether we have appropriate secrets to use 977 * to authenticate the peer. 978 */ 979 lacks_ip = 0; 980 can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip)); 981 if (!can_auth && (wo->neg_chap || wo->neg_mschap || wo->neg_mschapv2)) { 982 can_auth = have_chap_secret((explicit_remote? remote_name: NULL), 983 our_name, 1, &lacks_ip); 984 } 985 986 if (auth_required && !can_auth && noauth_addrs == NULL) { 987 if (default_auth) { 988 option_error( 989 "By default the remote system is required to authenticate itself"); 990 option_error( 991 "(because this system has a default route to the Internet)"); 992 } else if (explicit_remote) 993 option_error( 994 "The remote system (%s) is required to authenticate itself", 995 remote_name); 996 else 997 option_error( 998 "The remote system is required to authenticate itself"); 999 option_error( 1000 "but I couldn't find any suitable secret (password) for it to use to do so."); 1001 if (lacks_ip) 1002 option_error( 1003 "(None of the available passwords would let it use an IP address.)"); 1004 1005 exit(1); 1006 } 1007 } 1008 1009 /* 1010 * auth_reset - called when LCP is starting negotiations to recheck 1011 * authentication options, i.e. whether we have appropriate secrets 1012 * to use for authenticating ourselves and/or the peer. 1013 */ 1014 void 1015 auth_reset(unit) 1016 int unit; 1017 { 1018 lcp_options *go = &lcp_gotoptions[unit]; 1019 lcp_options *ao = &lcp_allowoptions[unit]; 1020 int havesecret; 1021 1022 ao->neg_upap = !refuse_pap && (passwd[0] != '\0' || get_pap_passwd(NULL)); 1023 1024 havesecret = passwd[0] != '\0' || 1025 have_chap_secret(user, (explicit_remote? remote_name: NULL), 0, NULL); 1026 ao->neg_chap = !refuse_chap && havesecret; 1027 ao->neg_mschap = !refuse_mschap && havesecret; 1028 ao->neg_mschapv2 = !refuse_mschapv2 && havesecret; 1029 if (ao->neg_chap) 1030 ao->chap_mdtype = CHAP_DIGEST_MD5; 1031 else if (ao->neg_mschap) 1032 ao->chap_mdtype = CHAP_MICROSOFT; 1033 else 1034 ao->chap_mdtype = CHAP_MICROSOFT_V2; 1035 1036 if (go->neg_upap && !uselogin && !have_pap_secret(NULL)) 1037 go->neg_upap = 0; 1038 if (go->neg_chap || go->neg_mschap || go->neg_mschapv2) { 1039 havesecret = have_chap_secret((explicit_remote? remote_name: NULL), 1040 our_name, 1, NULL); 1041 if (!havesecret) 1042 go->neg_chap = go->neg_mschap = go->neg_mschapv2 = 0; 1043 else if (go->neg_chap) 1044 go->chap_mdtype = CHAP_DIGEST_MD5; 1045 else if (go->neg_mschap) 1046 go->chap_mdtype = CHAP_MICROSOFT; 1047 else 1048 go->chap_mdtype = CHAP_MICROSOFT_V2; 1049 } 1050 } 1051 1052 1053 /* 1054 * check_passwd - Check the user name and passwd against the PAP secrets 1055 * file. If requested, also check against the system password database, 1056 * and login the user if OK. 1057 * 1058 * returns: 1059 * UPAP_AUTHNAK: Authentication failed. 1060 * UPAP_AUTHACK: Authentication succeeded. 1061 * In either case, msg points to an appropriate message. 1062 */ 1063 int 1064 check_passwd(unit, auser, userlen, apasswd, passwdlen, msg) 1065 int unit; 1066 char *auser; 1067 int userlen; 1068 char *apasswd; 1069 int passwdlen; 1070 char **msg; 1071 { 1072 int ret; 1073 char *filename; 1074 FILE *f; 1075 struct wordlist *addrs = NULL, *opts = NULL; 1076 char passwd[256], user[256]; 1077 char secret[MAXWORDLEN]; 1078 static int attempts = 0; 1079 1080 /* 1081 * Make copies of apasswd and auser, then null-terminate them. 1082 * If there are unprintable characters in the password, make 1083 * them visible. 1084 */ 1085 (void) slprintf(passwd, sizeof(passwd), "%.*v", passwdlen, apasswd); 1086 (void) slprintf(user, sizeof(user), "%.*v", userlen, auser); 1087 *msg = ""; 1088 1089 /* 1090 * Check if a plugin wants to handle this. 1091 */ 1092 if (pap_auth_hook != NULL) { 1093 /* Set a default and allow the plug-in to change it. */ 1094 extra_opt_filename = "plugin"; 1095 extra_opt_line = 0; 1096 ret = (*pap_auth_hook)(user, passwd, msg, &addrs, &opts); 1097 if (ret >= 0) { 1098 if (ret > 0) 1099 set_allowed_addrs(unit, addrs, opts); 1100 BZERO(passwd, sizeof(passwd)); 1101 if (addrs != NULL) 1102 free_wordlist(addrs); 1103 return ret? UPAP_AUTHACK: UPAP_AUTHNAK; 1104 } 1105 } 1106 1107 /* 1108 * Open the file of pap secrets and scan for a suitable secret 1109 * for authenticating this user. 1110 */ 1111 filename = _PATH_UPAPFILE; 1112 addrs = opts = NULL; 1113 ret = UPAP_AUTHNAK; 1114 f = fopen(filename, "r"); 1115 if (f == NULL) { 1116 error("Can't open PAP password file %s: %m", filename); 1117 1118 } else { 1119 check_access(f, filename); 1120 if (scan_authfile(f, user, our_name, secret, &addrs, &opts, filename) < 0) { 1121 warn("no PAP secret found for %s", user); 1122 if (scan_server_match_failed[0] != '\0') 1123 warn("possible configuration error: local name is %q, but " 1124 "found %q instead", our_name, scan_server_match_failed); 1125 } else if (secret[0] != '\0') { 1126 /* password given in pap-secrets - must match */ 1127 if ((!cryptpap && strcmp(passwd, secret) == 0) 1128 || strcmp(crypt(passwd, secret), secret) == 0) 1129 ret = UPAP_AUTHACK; 1130 else 1131 warn("PAP authentication failure for %s", user); 1132 } else if (uselogin) { 1133 /* empty password in pap-secrets and login option */ 1134 ret = plogin(user, passwd, msg); 1135 if (ret == UPAP_AUTHNAK) 1136 warn("PAP login failure for %s", user); 1137 } else { 1138 /* empty password in pap-secrets and login option not used */ 1139 ret = UPAP_AUTHACK; 1140 } 1141 (void) fclose(f); 1142 } 1143 1144 if (ret == UPAP_AUTHNAK) { 1145 if (**msg == '\0') 1146 *msg = "Login incorrect"; 1147 /* 1148 * Frustrate passwd stealer programs. 1149 * Allow 10 tries, but start backing off after 3 (stolen from login). 1150 * On 10'th, drop the connection. 1151 */ 1152 if (attempts++ >= 10) { 1153 warn("%d LOGIN FAILURES ON %s, %s", attempts, devnam, user); 1154 lcp_close(unit, "login failed"); 1155 } 1156 if (attempts > 3) 1157 (void) sleep((u_int) (attempts - 3) * 5); 1158 if (opts != NULL) 1159 free_wordlist(opts); 1160 1161 } else { 1162 attempts = 0; /* Reset count */ 1163 if (**msg == '\0') 1164 *msg = "Login ok"; 1165 set_allowed_addrs(unit, addrs, opts); 1166 } 1167 1168 if (addrs != NULL) 1169 free_wordlist(addrs); 1170 BZERO(passwd, sizeof(passwd)); 1171 BZERO(secret, sizeof(secret)); 1172 1173 return ret; 1174 } 1175 1176 /* 1177 * This function is needed for PAM. 1178 */ 1179 1180 #ifdef ALLOW_PAM 1181 /* Static variables used to communicate between the conversation function 1182 * and the server_login function 1183 */ 1184 static char *PAM_username; 1185 static char *PAM_password; 1186 static int PAM_error = 0; 1187 static pam_handle_t *pamh = NULL; 1188 1189 /* PAM conversation function 1190 * Here we assume (for now, at least) that echo on means login name, and 1191 * echo off means password. 1192 */ 1193 1194 static int PAM_conv (int num_msg, const struct pam_message **msg, 1195 struct pam_response **resp, void *appdata_ptr) 1196 { 1197 int replies = 0; 1198 struct pam_response *reply = NULL; 1199 1200 #define COPY_STRING(s) (s) ? strdup(s) : NULL 1201 1202 reply = malloc(sizeof(struct pam_response) * num_msg); 1203 if (reply == NULL) 1204 return PAM_CONV_ERR; 1205 1206 for (replies = 0; replies < num_msg; replies++) { 1207 switch (msg[replies]->msg_style) { 1208 case PAM_PROMPT_ECHO_ON: 1209 reply[replies].resp_retcode = PAM_SUCCESS; 1210 reply[replies].resp = COPY_STRING(PAM_username); 1211 /* PAM frees resp */ 1212 break; 1213 case PAM_PROMPT_ECHO_OFF: 1214 reply[replies].resp_retcode = PAM_SUCCESS; 1215 reply[replies].resp = COPY_STRING(PAM_password); 1216 /* PAM frees resp */ 1217 break; 1218 case PAM_TEXT_INFO: 1219 /* fall through */ 1220 case PAM_ERROR_MSG: 1221 /* ignore it, but pam still wants a NULL response... */ 1222 reply[replies].resp_retcode = PAM_SUCCESS; 1223 reply[replies].resp = NULL; 1224 break; 1225 default: 1226 /* Must be an error of some sort... */ 1227 free (reply); 1228 PAM_error = 1; 1229 return PAM_CONV_ERR; 1230 } 1231 } 1232 *resp = reply; 1233 return PAM_SUCCESS; 1234 } 1235 1236 static struct pam_conv PAM_conversation = { 1237 PAM_conv, NULL 1238 }; 1239 #endif /* ALLOW_PAM */ 1240 1241 /* 1242 * plogin - Check the user name and password against the system 1243 * password database, and login the user if OK. 1244 * 1245 * returns: 1246 * UPAP_AUTHNAK: Login failed. 1247 * UPAP_AUTHACK: Login succeeded. 1248 * In either case, msg points to an appropriate message. 1249 */ 1250 1251 static int 1252 plogin(user, passwd, msg) 1253 char *user; 1254 char *passwd; 1255 char **msg; 1256 { 1257 char *tty; 1258 #ifdef HAS_SHADOW 1259 struct spwd *spwd; 1260 #endif 1261 struct passwd *pw = NULL; 1262 1263 #ifdef ALLOW_PAM 1264 int pam_error; 1265 1266 if (use_pam) { 1267 if (debug) 1268 dbglog("using PAM for user authentication"); 1269 pam_error = pam_start ("ppp", user, &PAM_conversation, &pamh); 1270 if (pam_error != PAM_SUCCESS) { 1271 *msg = (char *) pam_strerror (pamh, pam_error); 1272 reopen_log(); 1273 return UPAP_AUTHNAK; 1274 } 1275 /* 1276 * Define the fields for the credential validation 1277 */ 1278 1279 PAM_username = user; 1280 PAM_password = passwd; 1281 PAM_error = 0; 1282 /* this might be useful to some modules; required for Solaris */ 1283 tty = devnam; 1284 if (*tty == '\0') 1285 tty = ppp_devnam; 1286 (void) pam_set_item(pamh, PAM_TTY, tty); 1287 #ifdef PAM_RHOST 1288 (void) pam_set_item(pamh, PAM_RHOST, ""); 1289 #endif 1290 1291 /* 1292 * Validate the user 1293 */ 1294 pam_error = pam_authenticate (pamh, PAM_SILENT); 1295 if (pam_error == PAM_SUCCESS && !PAM_error) { 1296 pam_error = pam_acct_mgmt (pamh, PAM_SILENT); 1297 if (pam_error == PAM_SUCCESS) 1298 (void) pam_open_session (pamh, PAM_SILENT); 1299 } 1300 1301 *msg = (char *) pam_strerror (pamh, pam_error); 1302 1303 /* 1304 * Clean up the mess 1305 */ 1306 reopen_log(); /* apparently the PAM stuff does closelog() */ 1307 PAM_username = NULL; 1308 PAM_password = NULL; 1309 if (pam_error != PAM_SUCCESS) 1310 return UPAP_AUTHNAK; 1311 } else 1312 #endif /* ALLOW_PAM */ 1313 1314 { 1315 if (debug) { 1316 #ifdef HAS_SHADOW 1317 dbglog("using passwd/shadow for user authentication"); 1318 #else 1319 dbglog("using passwd for user authentication"); 1320 #endif 1321 } 1322 /* 1323 * Use the non-PAM methods directly 1324 */ 1325 1326 pw = getpwnam(user); 1327 1328 endpwent(); 1329 if (pw == NULL) 1330 return (UPAP_AUTHNAK); 1331 1332 #ifdef HAS_SHADOW 1333 spwd = getspnam(user); 1334 endspent(); 1335 if (spwd != NULL) { 1336 /* check the age of the password entry */ 1337 long now = time(NULL) / 86400L; 1338 1339 if ((spwd->sp_expire > 0 && now >= spwd->sp_expire) 1340 || ((spwd->sp_max >= 0 && spwd->sp_max < 10000) 1341 && spwd->sp_lstchg >= 0 1342 && now >= spwd->sp_lstchg + spwd->sp_max)) { 1343 warn("Password for %s has expired", user); 1344 return (UPAP_AUTHNAK); 1345 } 1346 pw->pw_passwd = spwd->sp_pwdp; 1347 } 1348 #endif 1349 1350 /* 1351 * If no passwd, don't let them login. 1352 */ 1353 if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2 || 1354 strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) 1355 return (UPAP_AUTHNAK); 1356 } 1357 1358 /* 1359 * Write a wtmp entry for this user. 1360 */ 1361 1362 tty = devnam; 1363 if (strncmp(tty, "/dev/", 5) == 0) 1364 tty += 5; 1365 logwtmp(tty, user, remote_name); /* Add wtmp login entry */ 1366 1367 #ifdef _PATH_LASTLOG 1368 if (!use_pam && pw != (struct passwd *)NULL) { 1369 struct lastlog ll; 1370 int fd; 1371 1372 if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { 1373 (void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET); 1374 BZERO((void *)&ll, sizeof(ll)); 1375 (void)time(&ll.ll_time); 1376 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); 1377 (void)write(fd, (char *)&ll, sizeof(ll)); 1378 (void)close(fd); 1379 } 1380 } 1381 #endif /* _PATH_LASTLOG */ 1382 1383 info("user %s logged in", user); 1384 logged_in = 1; 1385 1386 return (UPAP_AUTHACK); 1387 } 1388 1389 /* 1390 * plogout - Logout the user. 1391 */ 1392 static void 1393 plogout() 1394 { 1395 char *tty; 1396 1397 #ifdef ALLOW_PAM 1398 int pam_error; 1399 1400 if (use_pam) { 1401 if (pamh != NULL) { 1402 pam_error = pam_close_session (pamh, PAM_SILENT); 1403 (void) pam_end (pamh, pam_error); 1404 pamh = NULL; 1405 } 1406 /* Apparently the pam stuff does closelog(). */ 1407 reopen_log(); 1408 } else 1409 #endif /* ALLOW_PAM */ 1410 1411 { 1412 tty = devnam; 1413 if (strncmp(tty, "/dev/", 5) == 0) 1414 tty += 5; 1415 /* Wipe out utmp logout entry */ 1416 logwtmp(tty, "", ""); 1417 } 1418 logged_in = 0; 1419 } 1420 1421 1422 /* 1423 * null_login - Check if a username of "" and a password of "" are 1424 * acceptable, and iff so, set the list of acceptable IP addresses 1425 * and return 1. 1426 */ 1427 static int 1428 null_login(unit) 1429 int unit; 1430 { 1431 char *filename; 1432 FILE *f; 1433 int i, ret; 1434 struct wordlist *addrs, *opts; 1435 char secret[MAXWORDLEN]; 1436 1437 /* 1438 * Open the file of pap secrets and scan for a suitable secret. 1439 */ 1440 filename = _PATH_UPAPFILE; 1441 addrs = NULL; 1442 f = fopen(filename, "r"); 1443 if (f == NULL) 1444 return 0; 1445 check_access(f, filename); 1446 1447 i = scan_authfile(f, "", our_name, secret, &addrs, &opts, filename); 1448 ret = i >= 0 && secret[0] == '\0'; 1449 BZERO(secret, sizeof(secret)); 1450 1451 if (ret) 1452 set_allowed_addrs(unit, addrs, opts); 1453 else if (opts != NULL) 1454 free_wordlist(opts); 1455 if (addrs != NULL) 1456 free_wordlist(addrs); 1457 1458 (void) fclose(f); 1459 return ret; 1460 } 1461 1462 1463 /* 1464 * get_pap_passwd - get a password for authenticating ourselves with 1465 * our peer using PAP. Returns 1 on success, 0 if no suitable password 1466 * could be found. 1467 * Assumes passwd points to MAXSECRETLEN bytes of space (if non-null). 1468 */ 1469 static int 1470 get_pap_passwd(passwd) 1471 char *passwd; 1472 { 1473 char *filename; 1474 FILE *f; 1475 int ret; 1476 char secret[MAXWORDLEN]; 1477 1478 /* 1479 * Check whether a plugin wants to supply this. 1480 */ 1481 if (pap_passwd_hook != NULL) { 1482 ret = (*pap_passwd_hook)(user, passwd); 1483 if (ret >= 0) 1484 return ret; 1485 } 1486 1487 filename = _PATH_UPAPFILE; 1488 f = fopen(filename, "r"); 1489 if (f == NULL) 1490 return 0; 1491 check_access(f, filename); 1492 ret = scan_authfile(f, user, 1493 (remote_name[0] != '\0' ? remote_name: NULL), 1494 secret, NULL, NULL, filename); 1495 (void) fclose(f); 1496 if (ret < 0) 1497 return 0; 1498 if (passwd != NULL) 1499 (void) strlcpy(passwd, secret, MAXSECRETLEN); 1500 BZERO(secret, sizeof(secret)); 1501 return 1; 1502 } 1503 1504 1505 /* 1506 * have_pap_secret - check whether we have a PAP file with any 1507 * secrets that we could possibly use for authenticating the peer. 1508 */ 1509 static int 1510 have_pap_secret(lacks_ipp) 1511 int *lacks_ipp; 1512 { 1513 FILE *f; 1514 int ret; 1515 char *filename; 1516 struct wordlist *addrs; 1517 1518 /* let the plugin decide, if there is one */ 1519 if (pap_check_hook != NULL) { 1520 ret = (*pap_check_hook)(); 1521 if (ret >= 0) 1522 return ret; 1523 } 1524 1525 filename = _PATH_UPAPFILE; 1526 f = fopen(filename, "r"); 1527 if (f == NULL) 1528 return 0; 1529 1530 ret = scan_authfile(f, (explicit_remote? remote_name: NULL), our_name, 1531 NULL, &addrs, NULL, filename); 1532 (void) fclose(f); 1533 if (ret >= 0 && !some_ip_ok(addrs)) { 1534 if (lacks_ipp != NULL) 1535 *lacks_ipp = 1; 1536 ret = -1; 1537 } 1538 if (addrs != NULL) 1539 free_wordlist(addrs); 1540 1541 return ret >= 0; 1542 } 1543 1544 1545 /* 1546 * have_chap_secret - check whether we have a CHAP file with a secret 1547 * that we could possibly use for authenticating `client' on `server'. 1548 * Either or both can be the null string, meaning we don't know the 1549 * identity yet. 1550 */ 1551 static int 1552 have_chap_secret(client, server, need_ip, lacks_ipp) 1553 char *client; 1554 char *server; 1555 int need_ip; 1556 int *lacks_ipp; 1557 { 1558 FILE *f; 1559 int ret; 1560 char *filename; 1561 struct wordlist *addrs; 1562 1563 filename = _PATH_CHAPFILE; 1564 f = fopen(filename, "r"); 1565 if (f == NULL) 1566 return 0; 1567 1568 if (client != NULL && client[0] == '\0') 1569 client = NULL; 1570 if (server != NULL && server[0] == '\0') 1571 server = NULL; 1572 1573 ret = scan_authfile(f, client, server, NULL, &addrs, NULL, filename); 1574 (void) fclose(f); 1575 if (ret >= 0 && need_ip && !some_ip_ok(addrs)) { 1576 if (lacks_ipp != NULL) 1577 *lacks_ipp = 1; 1578 ret = -1; 1579 } 1580 if (addrs != NULL) 1581 free_wordlist(addrs); 1582 1583 return ret >= 0; 1584 } 1585 1586 1587 /* 1588 * get_secret - open the CHAP secret file and return the secret 1589 * for authenticating the given client on the given server. 1590 * 1591 * "am_server" means that we're the authenticator (demanding 1592 * identity from the peer). 1593 * 1594 * "!am_server" means that we're the authenticatee (supplying 1595 * identity to the peer). 1596 */ 1597 int 1598 get_secret(unit, client, server, secret, secret_len, am_server) 1599 int unit; 1600 char *client; 1601 char *server; 1602 char *secret; 1603 int *secret_len; 1604 int am_server; 1605 { 1606 FILE *f; 1607 int ret, len; 1608 char *filename; 1609 struct wordlist *addrs, *opts; 1610 char secbuf[MAXWORDLEN]; 1611 1612 /* 1613 * Support the 'password' option on authenticatee only in order to 1614 * avoid obvious security problem (authenticator and authenticatee 1615 * within a given implementation must never share secrets). 1616 */ 1617 if (!am_server && passwd[0] != '\0') { 1618 (void) strlcpy(secbuf, passwd, sizeof(secbuf)); 1619 } else { 1620 filename = _PATH_CHAPFILE; 1621 addrs = NULL; 1622 secbuf[0] = '\0'; 1623 1624 f = fopen(filename, "r"); 1625 if (f == NULL) { 1626 error("Can't open chap secret file %s: %m", filename); 1627 return 0; 1628 } 1629 check_access(f, filename); 1630 1631 ret = scan_authfile(f, client, server, secbuf, &addrs, &opts, 1632 filename); 1633 (void) fclose(f); 1634 if (ret < 0) { 1635 if (scan_server_match_failed[0] != '\0') 1636 warn("possible configuration error: local name is %q, but " 1637 "found %q instead", our_name, scan_server_match_failed); 1638 return 0; 1639 } 1640 1641 /* Only the authenticator cares about limiting peer addresses. */ 1642 if (am_server) 1643 set_allowed_addrs(unit, addrs, opts); 1644 else if (opts != NULL) 1645 free_wordlist(opts); 1646 if (addrs != NULL) 1647 free_wordlist(addrs); 1648 } 1649 1650 len = strlen(secbuf); 1651 if (len > MAXSECRETLEN) { 1652 error("Secret for %s on %s is too long", client, server); 1653 len = MAXSECRETLEN; 1654 } 1655 /* Do not leave a temporary copy of the secret on the stack. */ 1656 BCOPY(secbuf, secret, len); 1657 BZERO(secbuf, sizeof(secbuf)); 1658 *secret_len = len; 1659 1660 return 1; 1661 } 1662 1663 /* 1664 * set_allowed_addrs() - set the list of allowed addresses. 1665 * The caller must also look for `--' indicating options to apply for 1666 * this peer and leaves the following words in extra_options. 1667 */ 1668 static void 1669 set_allowed_addrs(unit, addrs, opts) 1670 int unit; 1671 struct wordlist *addrs; 1672 struct wordlist *opts; 1673 { 1674 int n; 1675 struct wordlist *ap, **pap; 1676 struct permitted_ip *ip; 1677 char *ptr_word, *ptr_mask; 1678 struct hostent *hp; 1679 struct netent *np; 1680 u_int32_t a, mask, newmask, ah, offset; 1681 struct ipcp_options *wo = &ipcp_wantoptions[unit]; 1682 u_int32_t suggested_ip = 0; 1683 int err_num; 1684 1685 if (addresses[unit] != NULL) 1686 free(addresses[unit]); 1687 addresses[unit] = NULL; 1688 if (extra_options != NULL) 1689 free_wordlist(extra_options); 1690 extra_options = opts; 1691 1692 /* 1693 * Count the number of IP addresses given. 1694 */ 1695 for (n = 0, pap = &addrs; (ap = *pap) != NULL; pap = &ap->next) 1696 ++n; 1697 if (n == 0) 1698 return; 1699 ip = (struct permitted_ip *) malloc((n + 1) * sizeof(struct permitted_ip)); 1700 if (ip == NULL) 1701 return; 1702 1703 n = 0; 1704 for (ap = addrs; ap != NULL; ap = ap->next) { 1705 /* "-" means no addresses authorized, "*" means any address allowed */ 1706 ptr_word = ap->word; 1707 if (strcmp(ptr_word, "-") == 0) 1708 break; 1709 if (strcmp(ptr_word, "*") == 0) { 1710 ip[n].permit = 1; 1711 ip[n].base = ip[n].mask = 0; 1712 ++n; 1713 break; 1714 } 1715 1716 ip[n].permit = 1; 1717 if (*ptr_word == '!') { 1718 ip[n].permit = 0; 1719 ++ptr_word; 1720 } 1721 1722 mask = ~ (u_int32_t) 0; 1723 offset = 0; 1724 ptr_mask = strchr (ptr_word, '/'); 1725 if (ptr_mask != NULL) { 1726 int bit_count; 1727 char *endp; 1728 1729 bit_count = (int) strtol (ptr_mask+1, &endp, 10); 1730 if (bit_count <= 0 || bit_count > 32) { 1731 warn("invalid address length %v in authorized address list", 1732 ptr_mask+1); 1733 continue; 1734 } 1735 bit_count = 32 - bit_count; /* # bits in host part */ 1736 if (*endp == '+') { 1737 offset = ifunit + 1; 1738 ++endp; 1739 } 1740 if (*endp != '\0') { 1741 warn("invalid address length syntax: %v", ptr_mask+1); 1742 continue; 1743 } 1744 *ptr_mask = '\0'; 1745 mask <<= bit_count; 1746 } 1747 1748 /* Try to interpret value as host name or numeric address first */ 1749 hp = getipnodebyname(ptr_word, AF_INET, 0, &err_num); 1750 if (hp != NULL) { 1751 (void) memcpy(&a, hp->h_addr, sizeof(a)); 1752 freehostent(hp); 1753 } else { 1754 char *cp = ptr_word + strlen(ptr_word); 1755 if (cp > ptr_word) 1756 cp--; 1757 if (*cp == '+') { 1758 offset = ifunit + 1; 1759 *cp = '\0'; 1760 } 1761 np = getnetbyname (ptr_word); 1762 if (np != NULL && np->n_addrtype == AF_INET) { 1763 ah = np->n_net; 1764 newmask = (u_int32_t)~0; 1765 if ((ah & 0xff000000ul) == 0) 1766 ah <<= 8, newmask <<= 8; 1767 if ((ah & 0xff000000ul) == 0) 1768 ah <<= 8, newmask <<= 8; 1769 if ((ah & 0xff000000ul) == 0) 1770 ah <<= 8, newmask <<= 8; 1771 if (ptr_mask == NULL) 1772 mask = newmask; 1773 a = htonl(ah); 1774 } 1775 } 1776 1777 if (ptr_mask != NULL) 1778 *ptr_mask = '/'; 1779 1780 if (a == (u_int32_t)-1L) { 1781 warn("unknown host %s in auth. address list", ap->word); 1782 continue; 1783 } 1784 if (offset != 0) { 1785 if (offset >= ~mask) { 1786 warn("interface unit %d too large for subnet %v", 1787 ifunit, ptr_word); 1788 continue; 1789 } 1790 a = htonl((ntohl(a) & mask) + offset); 1791 mask = ~(u_int32_t)0; 1792 } 1793 ip[n].mask = htonl(mask); 1794 ip[n].base = a & ip[n].mask; 1795 ++n; 1796 if (~mask == 0 && suggested_ip == 0) 1797 suggested_ip = a; 1798 } 1799 1800 /* Sentinel value at end of list */ 1801 ip[n].permit = 0; /* make the last entry forbid all addresses */ 1802 ip[n].base = 0; /* to terminate the list */ 1803 ip[n].mask = 0; 1804 1805 addresses[unit] = ip; 1806 1807 /* 1808 * If the address given for the peer isn't authorized, or if 1809 * the user hasn't given one, AND there is an authorized address 1810 * which is a single host, then use that if we find one. 1811 */ 1812 if (suggested_ip != 0 1813 && (wo->hisaddr == 0 || !auth_ip_addr(unit, wo->hisaddr))) 1814 wo->hisaddr = suggested_ip; 1815 } 1816 1817 /* 1818 * auth_ip_addr - check whether the peer is authorized to use 1819 * a given IP address. Returns 1 if authorized, 0 otherwise. 1820 */ 1821 int 1822 auth_ip_addr(unit, addr) 1823 int unit; 1824 u_int32_t addr; 1825 { 1826 int ok; 1827 1828 /* don't allow loopback or multicast address */ 1829 if (bad_ip_adrs(addr)) 1830 return 0; 1831 1832 if (addresses[unit] != NULL) { 1833 ok = ip_addr_check(addr, addresses[unit]); 1834 if (ok >= 0) 1835 return ok; 1836 } 1837 if (auth_required) 1838 return 0; /* no addresses authorized */ 1839 return allow_any_ip || privileged || !have_route_to(addr); 1840 } 1841 1842 static int 1843 ip_addr_check(addr, addrs) 1844 u_int32_t addr; 1845 struct permitted_ip *addrs; 1846 { 1847 /* This loop is safe because of the sentinel value in set_allowed_addrs */ 1848 for (; ; ++addrs) 1849 if ((addr & addrs->mask) == addrs->base) 1850 return addrs->permit; 1851 } 1852 1853 /* 1854 * bad_ip_adrs - return 1 if the IP address is one we don't want 1855 * to use, such as an address in the loopback net or a multicast address. 1856 * addr is in network byte order. 1857 */ 1858 int 1859 bad_ip_adrs(addr) 1860 u_int32_t addr; 1861 { 1862 addr = ntohl(addr); 1863 return 1864 #ifndef ALLOW_127_NET 1865 (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 1866 #endif 1867 #ifndef ALLOW_0_NET 1868 ((addr >> IN_CLASSA_NSHIFT) == 0 && addr != 0) || 1869 #endif 1870 IN_MULTICAST(addr); 1871 } 1872 1873 /* 1874 * some_ip_ok - check a wordlist to see if it authorizes any 1875 * IP address(es). 1876 */ 1877 static int 1878 some_ip_ok(addrs) 1879 struct wordlist *addrs; 1880 { 1881 for (; addrs != NULL; addrs = addrs->next) { 1882 if (addrs->word[0] == '-') 1883 break; 1884 if (addrs->word[0] != '!') 1885 return 1; /* some IP address is allowed */ 1886 } 1887 return 0; 1888 } 1889 1890 /* 1891 * check_access - complain if a secret file has too-liberal permissions. 1892 */ 1893 static void 1894 check_access(f, filename) 1895 FILE *f; 1896 char *filename; 1897 { 1898 struct stat sbuf; 1899 1900 if (fstat(fileno(f), &sbuf) < 0) { 1901 warn("cannot stat secret file %s: %m", filename); 1902 } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) { 1903 warn("Warning - secret file %s has world and/or group access", 1904 filename); 1905 } 1906 } 1907 1908 1909 /* 1910 * scan_authfile - Scan an authorization file for a secret suitable 1911 * for authenticating `client' on `server'. The return value is -1 if 1912 * no secret is found, otherwise >= 0. The return value has 1913 * NONWILD_CLIENT set if the secret didn't have "*" for the client, 1914 * and NONWILD_SERVER set if the secret didn't have "*" for the 1915 * server. 1916 1917 * Any following words on the line up to a "--" (i.e. address 1918 * authorization info) are placed in a wordlist and returned in 1919 * *addrs. Any following words (extra options) are placed in a 1920 * wordlist and returned in *opts. If opts is NULL, these are just 1921 * discarded. Otherwise, the extra_opt_* variables are set to 1922 * indicate the source of the options. 1923 * 1924 * We assume secret is NULL or points to MAXWORDLEN bytes of space. 1925 */ 1926 static int 1927 scan_authfile(f, client, server, secret, addrs, opts, filename) 1928 FILE *f; 1929 char *client; 1930 char *server; 1931 char *secret; 1932 struct wordlist **addrs; 1933 struct wordlist **opts; 1934 char *filename; 1935 { 1936 int newline, xxx, sline; 1937 int got_flag, best_flag; 1938 FILE *sf; 1939 struct wordlist *ap, *addr_list, *alist, **app; 1940 char word[MAXWORDLEN]; 1941 char atfile[MAXWORDLEN]; 1942 char lsecret[MAXWORDLEN]; 1943 1944 scan_server_match_failed[0] = '\0'; 1945 1946 if (addrs != NULL) 1947 *addrs = NULL; 1948 if (opts != NULL) 1949 *opts = NULL; 1950 addr_list = NULL; 1951 option_line = 0; 1952 if (!getword(f, word, &newline, filename)) { 1953 if (debug) 1954 dbglog("%s is apparently empty", filename); 1955 return -1; /* file is empty??? */ 1956 } 1957 newline = 1; 1958 best_flag = -1; 1959 for (;;) { 1960 /* 1961 * Skip until we find a word at the start of a line. 1962 */ 1963 while (!newline && getword(f, word, &newline, filename)) 1964 ; 1965 if (!newline) 1966 break; /* got to end of file */ 1967 1968 sline = option_line; 1969 /* 1970 * Got a client - check if it's a match or a wildcard. 1971 */ 1972 got_flag = 0; 1973 if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) { 1974 newline = 0; 1975 continue; 1976 } 1977 if (!ISWILD(word)) 1978 got_flag = NONWILD_CLIENT; 1979 1980 /* 1981 * Now get a server and check if it matches. 1982 */ 1983 if (!getword(f, word, &newline, filename)) 1984 break; 1985 if (newline) 1986 continue; 1987 if (!ISWILD(word)) { 1988 if (server != NULL && strcmp(word, server) != 0) { 1989 (void) strcpy(scan_server_match_failed, word); 1990 continue; 1991 } 1992 got_flag |= NONWILD_SERVER; 1993 } 1994 1995 /* 1996 * Got some sort of a match - see if it's better than what 1997 * we have already. 1998 */ 1999 if (got_flag <= best_flag) 2000 continue; 2001 2002 /* 2003 * Get the secret. 2004 */ 2005 if (!getword(f, word, &newline, filename)) 2006 break; 2007 if (newline) 2008 continue; 2009 2010 /* 2011 * Special syntax: @filename means read secret from file. 2012 * Because the secrets files are modifiable only by root, 2013 * it's safe to open this file as root. One small addition -- 2014 * if open fails, we try as the regular user; just in case 2015 * it's over NFS and not root-equivalent. 2016 */ 2017 if (word[0] == '@') { 2018 (void) strlcpy(atfile, word+1, sizeof(atfile)); 2019 if ((sf = fopen(atfile, "r")) == NULL) { 2020 (void) seteuid(getuid()); 2021 sf = fopen(atfile, "r"); 2022 (void) seteuid(0); 2023 } 2024 if (sf == NULL) { 2025 warn("can't open indirect secret file %s: %m", atfile); 2026 continue; 2027 } 2028 check_access(sf, atfile); 2029 if (!getword(sf, word, &xxx, atfile)) { 2030 warn("no secret in indirect secret file %s", atfile); 2031 (void) fclose(sf); 2032 continue; 2033 } 2034 (void) fclose(sf); 2035 } 2036 if (secret != NULL) 2037 (void) strlcpy(lsecret, word, sizeof(lsecret)); 2038 2039 /* 2040 * Now read address authorization info and make a wordlist. 2041 */ 2042 app = &alist; 2043 for (;;) { 2044 if (!getword(f, word, &newline, filename) || newline) 2045 break; 2046 ap = (struct wordlist *) malloc(sizeof(struct wordlist)); 2047 if (ap == NULL) 2048 novm("authorized addresses"); 2049 ap->word = strdup(word); 2050 if (ap->word == NULL) 2051 novm("authorized addresses"); 2052 *app = ap; 2053 app = &ap->next; 2054 } 2055 *app = NULL; 2056 2057 /* 2058 * This is the best so far; remember it. 2059 */ 2060 best_flag = got_flag; 2061 if (addr_list != NULL) 2062 free_wordlist(addr_list); 2063 addr_list = alist; 2064 if (secret != NULL) 2065 (void) strlcpy(secret, lsecret, MAXWORDLEN); 2066 2067 if (opts != NULL) { 2068 extra_opt_filename = filename; 2069 extra_opt_line = sline; 2070 } 2071 2072 if (!newline) 2073 break; 2074 } 2075 2076 /* scan for a -- word indicating the start of options */ 2077 for (app = &addr_list; (ap = *app) != NULL; app = &ap->next) 2078 if (strcmp(ap->word, "--") == 0) 2079 break; 2080 /* ap = start of options */ 2081 if (ap != NULL) { 2082 ap = ap->next; /* first option */ 2083 free(*app); /* free the "--" word */ 2084 *app = NULL; /* terminate addr list */ 2085 } 2086 if (opts != NULL) 2087 *opts = ap; 2088 else if (ap != NULL) 2089 free_wordlist(ap); 2090 if (addrs != NULL) 2091 *addrs = addr_list; 2092 else if (addr_list != NULL) 2093 free_wordlist(addr_list); 2094 2095 return best_flag; 2096 } 2097 2098 /* 2099 * free_wordlist - release memory allocated for a wordlist. 2100 */ 2101 static void 2102 free_wordlist(wp) 2103 struct wordlist *wp; 2104 { 2105 struct wordlist *next; 2106 2107 while (wp != NULL) { 2108 next = wp->next; 2109 free(wp); 2110 wp = next; 2111 } 2112 } 2113 2114 /* 2115 * auth_script_done - called when the auth-up or auth-down script 2116 * has finished. 2117 */ 2118 /*ARGSUSED*/ 2119 static void 2120 auth_script_done(arg, status) 2121 void *arg; 2122 int status; 2123 { 2124 auth_script_pid = 0; 2125 switch (auth_script_state) { 2126 case s_up: 2127 if (auth_state == s_down) { 2128 auth_script_state = s_down; 2129 auth_script(_PATH_AUTHDOWN); 2130 } 2131 break; 2132 case s_down: 2133 if (auth_state == s_up) { 2134 auth_script_state = s_up; 2135 auth_script(_PATH_AUTHUP); 2136 } 2137 break; 2138 } 2139 } 2140 2141 /* 2142 * auth_script - execute a script with arguments 2143 * interface-name peer-name real-user tty speed 2144 */ 2145 static void 2146 auth_script(script) 2147 char *script; 2148 { 2149 char strspeed[32]; 2150 struct passwd *pw; 2151 char struid[32]; 2152 char *user_name; 2153 char *argv[8]; 2154 2155 if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL) 2156 user_name = pw->pw_name; 2157 else { 2158 (void) slprintf(struid, sizeof(struid), "%d", getuid()); 2159 user_name = struid; 2160 } 2161 (void) slprintf(strspeed, sizeof(strspeed), "%d", baud_rate); 2162 2163 argv[0] = script; 2164 argv[1] = ifname; 2165 argv[2] = peer_authname; 2166 argv[3] = user_name; 2167 argv[4] = devnam; 2168 argv[5] = strspeed; 2169 argv[6] = NULL; 2170 2171 auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL); 2172 } 2173