1 /* 2 * auth.c - PPP authentication and phase control. 3 * 4 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 5 * Use is subject to license terms. 6 * 7 * Copyright (c) 1993 The Australian National University. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms are permitted 11 * provided that the above copyright notice and this paragraph are 12 * duplicated in all such forms and that any documentation, 13 * advertising materials, and other materials related to such 14 * distribution and use acknowledge that the software was developed 15 * by the Australian National University. The name of the University 16 * may not be used to endorse or promote products derived from this 17 * software without specific prior written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 20 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 * Copyright (c) 1989 Carnegie Mellon University. 23 * All rights reserved. 24 * 25 * Redistribution and use in source and binary forms are permitted 26 * provided that the above copyright notice and this paragraph are 27 * duplicated in all such forms and that any documentation, 28 * advertising materials, and other materials related to such 29 * distribution and use acknowledge that the software was developed 30 * by Carnegie Mellon University. The name of the 31 * University may not be used to endorse or promote products derived 32 * from this software without specific prior written permission. 33 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 34 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 35 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 36 */ 37 38 #define RCSID "$Id: auth.c,v 1.65 2000/04/15 01:27:10 masputra Exp $" 39 40 /* Pull in crypt() definition. */ 41 #define __EXTENSIONS__ 42 43 #include <stdio.h> 44 #include <stddef.h> 45 #include <stdlib.h> 46 #include <unistd.h> 47 #include <pwd.h> 48 #include <grp.h> 49 #include <string.h> 50 #include <sys/types.h> 51 #include <sys/stat.h> 52 #include <sys/socket.h> 53 #include <utmp.h> 54 #include <fcntl.h> 55 #if defined(_PATH_LASTLOG) && (defined(_linux_) || defined(__linux__)) 56 #include <lastlog.h> 57 #endif 58 59 #if defined(_linux_) || defined(__linux__) 60 #include <crypt.h> 61 #endif 62 63 #include <netdb.h> 64 #include <netinet/in.h> 65 #include <arpa/inet.h> 66 67 /* Backward compatibility with old Makefiles */ 68 #if defined(USE_PAM) && !defined(ALLOW_PAM) 69 #define ALLOW_PAM 70 #endif 71 72 #ifdef ALLOW_PAM 73 #include <security/pam_appl.h> 74 #endif 75 76 #ifdef HAS_SHADOW 77 #include <shadow.h> 78 #ifndef PW_PPP 79 #define PW_PPP PW_LOGIN 80 #endif 81 #endif 82 83 #include "pppd.h" 84 #include "fsm.h" 85 #include "lcp.h" 86 #include "ipcp.h" 87 #include "upap.h" 88 #include "chap.h" 89 #ifdef CBCP_SUPPORT 90 #include "cbcp.h" 91 #endif 92 #include "pathnames.h" 93 94 #if !defined(lint) && !defined(_lint) 95 static const char rcsid[] = RCSID; 96 #endif 97 98 /* Bits in scan_authfile return value */ 99 #define NONWILD_SERVER 1 100 #define NONWILD_CLIENT 2 101 102 #define ISWILD(word) (word[0] == '*' && word[1] == '\0') 103 104 /* The name by which the peer authenticated itself to us. */ 105 char peer_authname[MAXNAMELEN]; 106 107 /* Records which authentication operations haven't completed yet. */ 108 static int auth_pending[NUM_PPP]; 109 110 /* Set if we have successfully called plogin() */ 111 static int logged_in; 112 113 /* List of addresses which the peer may use. */ 114 static struct permitted_ip *addresses[NUM_PPP]; 115 116 /* Wordlist giving addresses which the peer may use 117 without authenticating itself. */ 118 static struct wordlist *noauth_addrs; 119 120 /* Extra options to apply, from the secrets file entry for the peer. */ 121 static struct wordlist *extra_options; 122 123 /* Source of those extra options. */ 124 static const char *extra_opt_filename; 125 static int extra_opt_line; 126 127 /* Number of network protocols which we have opened. */ 128 static int num_np_open; 129 130 /* Number of network protocols which have come up. */ 131 static int num_np_up; 132 133 /* Set if we got the contents of passwd[] from the pap-secrets file. */ 134 static int passwd_from_file; 135 136 /* Set if we require authentication only because we have a default route. */ 137 static bool default_auth; 138 139 /* Hook to enable a plugin to control the idle time limit */ 140 int (*idle_time_hook) __P((struct ppp_idle *)) = NULL; 141 142 /* Hook for a plugin to say whether we can possibly authenticate any peer */ 143 int (*pap_check_hook) __P((void)) = NULL; 144 145 /* Hook for a plugin to check the PAP user and password */ 146 int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp, 147 struct wordlist **paddrs, 148 struct wordlist **popts)) = NULL; 149 150 /* Hook for a plugin to know about the PAP user logout */ 151 void (*pap_logout_hook) __P((void)) = NULL; 152 153 /* Hook for a plugin to get the PAP password for authenticating us */ 154 int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL; 155 156 /* 157 * This is used to ensure that we don't start an auth-up/down 158 * script while one is already running. 159 */ 160 enum script_state { 161 s_down, 162 s_up 163 }; 164 165 static enum script_state auth_state = s_down; 166 static enum script_state auth_script_state = s_down; 167 static pid_t auth_script_pid = 0; 168 169 /* 170 * This is set by scan_authfile if a client matches, but server doesn't 171 * (possible configuration error). 172 */ 173 static char scan_server_match_failed[MAXWORDLEN]; 174 175 /* 176 * Option variables. 177 */ 178 bool uselogin = 0; /* Use /etc/passwd for checking PAP */ 179 bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */ 180 bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */ 181 bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */ 182 bool usehostname = 0; /* Use hostname for our_name */ 183 bool auth_required = 0; /* Always require authentication from peer */ 184 bool allow_any_ip = 0; /* Allow peer to use any IP address */ 185 bool explicit_remote = 0; /* User specified explicit remote name */ 186 char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ 187 188 #ifdef CHAPMS 189 bool refuse_mschap = 0; /* Don't wanna auth. ourself with MS-CHAPv1 */ 190 #else 191 bool refuse_mschap = 1; /* Never auth. ourself with MS-CHAPv1 */ 192 #endif 193 #ifdef CHAPMSV2 194 bool refuse_mschapv2 = 0; /* Don't wanna auth. ourself with MS-CHAPv2 */ 195 #else 196 bool refuse_mschapv2 = 1; /* Never auth. ourself with MS-CHAPv2 */ 197 #endif 198 199 #ifdef USE_PAM 200 bool use_pam = 1; /* Enable use of PAM by default */ 201 #else 202 bool use_pam = 0; /* Disable use of PAM by default */ 203 #endif 204 205 /* Bits in auth_pending[] */ 206 #define PAP_WITHPEER 1 207 #define PAP_PEER 2 208 #define CHAP_WITHPEER 4 209 #define CHAP_PEER 8 210 211 /* Prototypes for procedures local to this file. */ 212 213 static void network_phase __P((int)); 214 static void check_idle __P((void *)); 215 static void connect_time_expired __P((void *)); 216 static int plogin __P((char *, char *, char **)); 217 static void plogout __P((void)); 218 static int null_login __P((int)); 219 static int get_pap_passwd __P((char *)); 220 static int have_pap_secret __P((int *)); 221 static int have_chap_secret __P((char *, char *, int, int *)); 222 static int ip_addr_check __P((u_int32_t, struct permitted_ip *)); 223 static int scan_authfile __P((FILE *, char *, char *, char *, 224 struct wordlist **, struct wordlist **, 225 char *)); 226 static void free_wordlist __P((struct wordlist *)); 227 static void auth_script __P((char *)); 228 static void auth_script_done __P((void *, int)); 229 static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *)); 230 static int some_ip_ok __P((struct wordlist *)); 231 static int setupapfile __P((char **, option_t *)); 232 static int privgroup __P((char **, option_t *)); 233 static int set_noauth_addr __P((char **, option_t *)); 234 static void check_access __P((FILE *, char *)); 235 236 /* 237 * Authentication-related options. 238 */ 239 option_t auth_options[] = { 240 { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap, 241 "Require PAP authentication from peer", 1, &auth_required }, 242 { "+pap", o_bool, &lcp_wantoptions[0].neg_upap, 243 "Require PAP authentication from peer", 1, &auth_required }, 244 { "refuse-pap", o_bool, &refuse_pap, 245 "Don't agree to auth to peer with PAP", 1 }, 246 { "-pap", o_bool, &refuse_pap, 247 "Don't allow PAP authentication with peer", 1 }, 248 { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap, 249 "Require CHAP authentication from peer", 1, &auth_required }, 250 { "+chap", o_bool, &lcp_wantoptions[0].neg_chap, 251 "Require CHAP authentication from peer", 1, &auth_required }, 252 { "refuse-chap", o_bool, &refuse_chap, 253 "Don't agree to auth to peer with CHAP", 1 }, 254 { "-chap", o_bool, &refuse_chap, 255 "Don't allow CHAP authentication with peer", 1 }, 256 { "name", o_string, our_name, 257 "Set local name for authentication", 258 OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN }, 259 { "user", o_string, user, 260 "Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN }, 261 { "usehostname", o_bool, &usehostname, 262 "Must use hostname for authentication", 1 }, 263 { "remotename", o_string, remote_name, 264 "Set remote name for authentication", OPT_STATIC, 265 &explicit_remote, MAXNAMELEN }, 266 { "auth", o_bool, &auth_required, 267 "Require authentication from peer", 1 }, 268 { "noauth", o_bool, &auth_required, 269 "Don't require peer to authenticate", OPT_PRIV, &allow_any_ip }, 270 { "login", o_bool, &uselogin, 271 "Use system password database for PAP", 1 }, 272 { "papcrypt", o_bool, &cryptpap, 273 "PAP passwords are encrypted", 1 }, 274 { "+ua", o_special, (void *)setupapfile, 275 "Get PAP user and password from file" }, 276 { "password", o_string, passwd, 277 "Password for authenticating us to the peer", OPT_STATIC, 278 NULL, MAXSECRETLEN }, 279 { "privgroup", o_special, (void *)privgroup, 280 "Allow group members to use privileged options", OPT_PRIV }, 281 { "allow-ip", o_special, (void *)set_noauth_addr, 282 "Set peer IP address(es) usable without authentication", 283 OPT_PRIV }, 284 #ifdef CHAPMS 285 { "require-mschap", o_bool, &lcp_wantoptions[0].neg_mschap, 286 "Require MS-CHAPv1 authentication from peer", 1, &auth_required }, 287 { "refuse-mschap", o_bool, &refuse_mschap, 288 "Don't agree to authenticate to peer with MS-CHAPv1", 1 }, 289 #endif 290 #ifdef CHAPMSV2 291 { "require-mschapv2", o_bool, &lcp_wantoptions[0].neg_mschapv2, 292 "Require MS-CHAPv2 authentication from peer", 1, &auth_required }, 293 { "refuse-mschapv2", o_bool, &refuse_mschapv2, 294 "Don't agree to authenticate to peer with MS-CHAPv2", 1 }, 295 #endif 296 #ifdef ALLOW_PAM 297 { "pam", o_bool, &use_pam, 298 "Enable use of Pluggable Authentication Modules", OPT_PRIV|1 }, 299 { "nopam", o_bool, &use_pam, 300 "Disable use of Pluggable Authentication Modules", OPT_PRIV|0 }, 301 #endif 302 { NULL } 303 }; 304 305 /* 306 * setupapfile - specifies UPAP info for authenticating with peer. 307 */ 308 /*ARGSUSED*/ 309 static int 310 setupapfile(argv, opt) 311 char **argv; 312 option_t *opt; 313 { 314 FILE * ufile; 315 int l; 316 317 lcp_allowoptions[0].neg_upap = 1; 318 319 /* open user info file */ 320 (void) seteuid(getuid()); 321 ufile = fopen(*argv, "r"); 322 (void) seteuid(0); 323 if (ufile == NULL) { 324 option_error("unable to open user login data file %s", *argv); 325 return 0; 326 } 327 check_access(ufile, *argv); 328 329 /* get username */ 330 if (fgets(user, MAXNAMELEN - 1, ufile) == NULL 331 || fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){ 332 option_error("unable to read user login data file %s", *argv); 333 return 0; 334 } 335 (void) fclose(ufile); 336 337 /* get rid of newlines */ 338 l = strlen(user); 339 if (l > 0 && user[l-1] == '\n') 340 user[l-1] = '\0'; 341 l = strlen(passwd); 342 if (l > 0 && passwd[l-1] == '\n') 343 passwd[l-1] = '\0'; 344 345 return (1); 346 } 347 348 349 /* 350 * privgroup - allow members of the group to have privileged access. 351 */ 352 /*ARGSUSED*/ 353 static int 354 privgroup(argv, opt) 355 char **argv; 356 option_t *opt; 357 { 358 struct group *g; 359 int i; 360 361 g = getgrnam(*argv); 362 if (g == NULL) { 363 option_error("group %s is unknown", *argv); 364 return 0; 365 } 366 for (i = 0; i < ngroups; ++i) { 367 if (groups[i] == g->gr_gid) { 368 privileged = 1; 369 break; 370 } 371 } 372 return 1; 373 } 374 375 376 /* 377 * set_noauth_addr - set address(es) that can be used without authentication. 378 * Equivalent to specifying an entry like `"" * "" addr' in pap-secrets. 379 */ 380 /*ARGSUSED*/ 381 static int 382 set_noauth_addr(argv, opt) 383 char **argv; 384 option_t *opt; 385 { 386 char *addr = *argv; 387 int l = strlen(addr); 388 struct wordlist *wp; 389 390 wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l + 1); 391 if (wp == NULL) 392 novm("allow-ip argument"); 393 wp->word = (char *) (wp + 1); 394 wp->next = noauth_addrs; 395 (void) strcpy(wp->word, addr); 396 noauth_addrs = wp; 397 return 1; 398 } 399 400 /* 401 * An Open on LCP has requested a change from Dead to Establish phase. 402 * Do what's necessary to bring the physical layer up. 403 */ 404 /*ARGSUSED*/ 405 void 406 link_required(unit) 407 int unit; 408 { 409 } 410 411 /* 412 * LCP has terminated the link; go to the Dead phase and take the 413 * physical layer down. 414 */ 415 /*ARGSUSED*/ 416 void 417 link_terminated(unit) 418 int unit; 419 { 420 const char *pn1, *pn2; 421 422 if (phase == PHASE_DEAD) 423 return; 424 if (pap_logout_hook != NULL) { 425 (*pap_logout_hook)(); 426 } else { 427 if (logged_in) 428 plogout(); 429 } 430 new_phase(PHASE_DEAD); 431 if (peer_nak_auth) { 432 if ((pn1 = protocol_name(nak_auth_orig)) == NULL) 433 pn1 = "?"; 434 if ((pn2 = protocol_name(nak_auth_proto)) == NULL) 435 pn2 = "?"; 436 warn("Peer sent Configure-Nak for 0x%x (%s) to suggest 0x%x (%s)", 437 nak_auth_orig, pn1, nak_auth_proto, pn2); 438 } 439 if (unsolicited_nak_auth) { 440 if ((pn1 = protocol_name(unsolicit_auth_proto)) == NULL) 441 pn1 = "?"; 442 warn("Peer unexpectedly asked us to authenticate with 0x%x (%s)", 443 unsolicit_auth_proto, pn1); 444 } 445 if (peer_reject_auth) { 446 if ((pn1 = protocol_name(reject_auth_proto)) == NULL) 447 pn1 = "?"; 448 warn("Peer rejected our demand for 0x%x (%s)", 449 reject_auth_proto, pn1); 450 } 451 if (naked_peers_auth) { 452 if ((pn1 = protocol_name(naked_auth_orig)) == NULL) 453 pn1 = "?"; 454 if ((pn2 = protocol_name(naked_auth_proto)) == NULL) 455 pn2 = "?"; 456 warn("We set Configure-Nak for 0x%x (%s) to suggest 0x%x (%s)", 457 naked_auth_orig, pn1, naked_auth_proto, pn2); 458 } 459 if (rejected_peers_auth) { 460 if ((pn1 = protocol_name(rejected_auth_proto)) == NULL) 461 pn1 = "?"; 462 warn("We rejected the peer's demand for 0x%x (%s)", 463 rejected_auth_proto, pn1); 464 } 465 466 peer_nak_auth = unsolicited_nak_auth = peer_reject_auth = 467 rejected_peers_auth = naked_peers_auth = 0; 468 nak_auth_proto = nak_auth_orig = unsolicit_auth_proto = reject_auth_proto = 469 rejected_auth_proto = naked_auth_orig = naked_auth_proto = 0; 470 notice("Connection terminated."); 471 } 472 473 /* 474 * LCP has gone down; it will either die or try to re-establish. 475 */ 476 void 477 link_down(unit) 478 int unit; 479 { 480 int i; 481 struct protent *protp; 482 483 auth_state = s_down; 484 if (auth_script_state == s_up && auth_script_pid == 0) { 485 update_link_stats(unit); 486 auth_script_state = s_down; 487 auth_script(_PATH_AUTHDOWN); 488 } 489 for (i = 0; (protp = protocols[i]) != NULL; ++i) { 490 if (!protp->enabled_flag) 491 continue; 492 if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) 493 (*protp->lowerdown)(unit); 494 if (protp->protocol < 0xC000 && protp->close != NULL) 495 (*protp->close)(unit, "LCP down"); 496 } 497 num_np_open = 0; 498 num_np_up = 0; 499 if (phase != PHASE_DEAD) 500 new_phase(PHASE_TERMINATE); 501 } 502 503 /* 504 * The link is established. 505 * Proceed to the Dead, Authenticate or Network phase as appropriate. 506 */ 507 void 508 link_established(unit) 509 int unit; 510 { 511 int auth; 512 lcp_options *wo = &lcp_wantoptions[unit]; 513 lcp_options *go = &lcp_gotoptions[unit]; 514 lcp_options *ho = &lcp_hisoptions[unit]; 515 int i; 516 struct protent *protp; 517 518 /* 519 * Tell higher-level protocols that LCP is up. 520 */ 521 for (i = 0; (protp = protocols[i]) != NULL; ++i) 522 if (protp->protocol != PPP_LCP && protp->enabled_flag 523 && protp->lowerup != NULL) 524 (*protp->lowerup)(unit); 525 526 if (auth_required && !(go->neg_chap || go->neg_mschap || 527 go->neg_mschapv2 || go->neg_upap)) { 528 /* 529 * We wanted the peer to authenticate itself, and it refused: 530 * if we have some address(es) it can use without auth, fine, 531 * otherwise treat it as though it authenticated with PAP using 532 * a username * of "" and a password of "". If that's not OK, 533 * boot it out. 534 */ 535 if (noauth_addrs != NULL) { 536 set_allowed_addrs(unit, noauth_addrs, NULL); 537 } else if (!wo->neg_upap || !null_login(unit)) { 538 warn("peer refused to authenticate: terminating link"); 539 lcp_close(unit, "peer refused to authenticate"); 540 status = EXIT_PEER_AUTH_FAILED; 541 return; 542 } 543 } 544 545 new_phase(PHASE_AUTHENTICATE); 546 auth = 0; 547 if (go->neg_chap || go->neg_mschap || go->neg_mschapv2) { 548 if (go->neg_chap) { 549 if (debug) 550 dbglog("Authenticating peer with standard CHAP"); 551 go->chap_mdtype = CHAP_DIGEST_MD5; 552 } else if (go->neg_mschap) { 553 if (debug) 554 dbglog("Authenticating peer with MS-CHAPv1"); 555 go->chap_mdtype = CHAP_MICROSOFT; 556 } else { 557 if (debug) 558 dbglog("Authenticating peer with MS-CHAPv2"); 559 go->chap_mdtype = CHAP_MICROSOFT_V2; 560 } 561 ChapAuthPeer(unit, our_name, go->chap_mdtype); 562 auth |= CHAP_PEER; 563 } else if (go->neg_upap) { 564 if (debug) 565 dbglog("Authenticating peer with PAP"); 566 upap_authpeer(unit); 567 auth |= PAP_PEER; 568 } 569 if (ho->neg_chap || ho->neg_mschap || ho->neg_mschapv2) { 570 switch (ho->chap_mdtype) { 571 case CHAP_DIGEST_MD5: 572 if (debug) 573 dbglog("Authenticating to peer with standard CHAP"); 574 break; 575 case CHAP_MICROSOFT: 576 if (debug) 577 dbglog("Authenticating to peer with MS-CHAPv1"); 578 break; 579 case CHAP_MICROSOFT_V2: 580 if (debug) 581 dbglog("Authenticating to peer with MS-CHAPv2"); 582 break; 583 default: 584 if (debug) 585 dbglog("Authenticating to peer with CHAP 0x%x", ho->chap_mdtype); 586 break; 587 } 588 ChapAuthWithPeer(unit, user, ho->chap_mdtype); 589 auth |= CHAP_WITHPEER; 590 } else if (ho->neg_upap) { 591 if (passwd[0] == '\0') { 592 passwd_from_file = 1; 593 if (!get_pap_passwd(passwd)) 594 error("No secret found for PAP login"); 595 } 596 if (debug) 597 dbglog("Authenticating to peer with PAP"); 598 upap_authwithpeer(unit, user, passwd); 599 auth |= PAP_WITHPEER; 600 } 601 auth_pending[unit] = auth; 602 603 if (!auth) 604 network_phase(unit); 605 } 606 607 /* 608 * Proceed to the network phase. 609 */ 610 static void 611 network_phase(unit) 612 int unit; 613 { 614 lcp_options *go = &lcp_gotoptions[unit]; 615 616 /* 617 * If the peer had to authenticate, run the auth-up script now. 618 */ 619 if (go->neg_chap || go->neg_mschap || go->neg_mschapv2 || go->neg_upap) { 620 auth_state = s_up; 621 if (auth_script_state == s_down && auth_script_pid == 0) { 622 auth_script_state = s_up; 623 auth_script(_PATH_AUTHUP); 624 } 625 } 626 627 /* 628 * Process extra options from the secrets file 629 */ 630 if (extra_options != NULL) { 631 option_source = (char *)extra_opt_filename; 632 option_line = extra_opt_line; 633 (void) options_from_list(extra_options, 1); 634 free_wordlist(extra_options); 635 extra_options = NULL; 636 } 637 638 #ifdef CBCP_SUPPORT 639 /* 640 * If we negotiated callback, do it now. 641 */ 642 if (go->neg_cbcp) { 643 new_phase(PHASE_CALLBACK); 644 (*cbcp_protent.open)(unit); 645 return; 646 } 647 #endif 648 649 start_networks(); 650 } 651 652 void 653 start_networks() 654 { 655 int i; 656 struct protent *protp; 657 658 new_phase(PHASE_NETWORK); 659 660 #ifdef HAVE_MULTILINK 661 if (multilink) { 662 if (mp_join_bundle()) { 663 if (updetach && !nodetach) 664 detach(); 665 return; 666 } 667 } 668 #endif /* HAVE_MULTILINK */ 669 670 #if 0 671 if (!demand) 672 set_filters(&pass_filter, &active_filter); 673 #endif 674 for (i = 0; (protp = protocols[i]) != NULL; ++i) 675 if (protp->protocol < 0xC000 && protp->enabled_flag 676 && protp->open != NULL) { 677 (*protp->open)(0); 678 if (protp->protocol != PPP_CCP) 679 ++num_np_open; 680 } 681 682 if (num_np_open == 0) 683 /* nothing to do */ 684 lcp_close(0, "No network protocols running"); 685 } 686 687 /* 688 * The peer has failed to authenticate himself using `protocol'. 689 */ 690 /*ARGSUSED*/ 691 void 692 auth_peer_fail(unit, protocol) 693 int unit, protocol; 694 { 695 /* 696 * Authentication failure: take the link down 697 */ 698 lcp_close(unit, "Authentication failed"); 699 status = EXIT_PEER_AUTH_FAILED; 700 } 701 702 /* 703 * The peer has been successfully authenticated using `protocol'. 704 */ 705 void 706 auth_peer_success(unit, protocol, name, namelen) 707 int unit, protocol; 708 char *name; 709 int namelen; 710 { 711 int bit; 712 713 switch (protocol) { 714 case PPP_CHAP: 715 bit = CHAP_PEER; 716 break; 717 case PPP_PAP: 718 bit = PAP_PEER; 719 break; 720 default: 721 warn("auth_peer_success: unknown protocol %x", protocol); 722 return; 723 } 724 725 /* 726 * Save the authenticated name of the peer for later. 727 */ 728 if (namelen > sizeof(peer_authname) - 1) 729 namelen = sizeof(peer_authname) - 1; 730 BCOPY(name, peer_authname, namelen); 731 peer_authname[namelen] = '\0'; 732 script_setenv("PEERNAME", peer_authname, 0); 733 734 /* 735 * If there is no more authentication still to be done, 736 * proceed to the network (or callback) phase. 737 */ 738 if ((auth_pending[unit] &= ~bit) == 0) 739 network_phase(unit); 740 } 741 742 /* 743 * We have failed to authenticate ourselves to the peer using `protocol'. 744 */ 745 /*ARGSUSED*/ 746 void 747 auth_withpeer_fail(unit, protocol) 748 int unit, protocol; 749 { 750 if (passwd_from_file) 751 BZERO(passwd, MAXSECRETLEN); 752 /* 753 * We've failed to authenticate ourselves to our peer. 754 * Some servers keep sending CHAP challenges, but there 755 * is no point in persisting without any way to get updated 756 * authentication secrets. 757 */ 758 lcp_close(unit, "Failed to authenticate ourselves to peer"); 759 status = EXIT_AUTH_TOPEER_FAILED; 760 } 761 762 /* 763 * We have successfully authenticated ourselves with the peer using `protocol'. 764 */ 765 void 766 auth_withpeer_success(unit, protocol) 767 int unit, protocol; 768 { 769 int bit; 770 771 switch (protocol) { 772 case PPP_CHAP: 773 bit = CHAP_WITHPEER; 774 break; 775 case PPP_PAP: 776 if (passwd_from_file) 777 BZERO(passwd, MAXSECRETLEN); 778 bit = PAP_WITHPEER; 779 break; 780 default: 781 warn("auth_withpeer_success: unknown protocol %x", protocol); 782 bit = 0; 783 } 784 785 /* 786 * If there is no more authentication still being done, 787 * proceed to the network (or callback) phase. 788 */ 789 if ((auth_pending[unit] &= ~bit) == 0) 790 network_phase(unit); 791 } 792 793 794 /* 795 * np_up - a network protocol has come up. 796 */ 797 /*ARGSUSED*/ 798 void 799 np_up(unit, proto) 800 int unit, proto; 801 { 802 int tlim; 803 804 if (num_np_up == 0) { 805 /* 806 * At this point we consider that the link has come up successfully. 807 */ 808 status = EXIT_OK; 809 unsuccess = 0; 810 811 peer_nak_auth = unsolicited_nak_auth = peer_reject_auth = 812 rejected_peers_auth = naked_peers_auth = 0; 813 nak_auth_proto = nak_auth_orig = unsolicit_auth_proto = 814 reject_auth_proto = rejected_auth_proto = naked_auth_orig = 815 naked_auth_proto = 0; 816 817 new_phase(PHASE_RUNNING); 818 819 if (idle_time_hook != NULL) 820 tlim = (*idle_time_hook)(NULL); 821 else 822 tlim = idle_time_limit; 823 if (tlim > 0) 824 TIMEOUT(check_idle, NULL, tlim); 825 826 /* 827 * Set a timeout to close the connection once the maximum 828 * connect time has expired. 829 */ 830 if (maxconnect > 0) { 831 TIMEOUT(connect_time_expired, &lcp_fsm[unit], maxconnect); 832 833 /* 834 * Tell LCP to send Time-Remaining packets. One should be 835 * sent out now, at maxconnect-300, at maxconnect-120, and 836 * again at maxconnect-30. 837 */ 838 lcp_settimeremaining(unit, maxconnect, maxconnect); 839 if (maxconnect > 300) 840 lcp_settimeremaining(unit, maxconnect, 300); 841 if (maxconnect > 120) 842 lcp_settimeremaining(unit, maxconnect, 120); 843 if (maxconnect > 30) 844 lcp_settimeremaining(unit, maxconnect, 30); 845 } 846 847 /* 848 * Detach now, if the updetach option was given. 849 */ 850 if (updetach && !nodetach) 851 detach(); 852 } 853 ++num_np_up; 854 } 855 856 /* 857 * np_down - a network protocol has gone down. 858 */ 859 /*ARGSUSED*/ 860 void 861 np_down(unit, proto) 862 int unit, proto; 863 { 864 if (--num_np_up == 0) { 865 UNTIMEOUT(check_idle, NULL); 866 new_phase(PHASE_NETWORK); 867 } 868 } 869 870 /* 871 * np_finished - a network protocol has finished using the link. 872 */ 873 /*ARGSUSED*/ 874 void 875 np_finished(unit, proto) 876 int unit, proto; 877 { 878 if (--num_np_open <= 0) { 879 /* no further use for the link: shut up shop. */ 880 lcp_close(0, "No network protocols running"); 881 } 882 } 883 884 /* 885 * check_idle - check whether the link has been idle for long 886 * enough that we can shut it down. 887 */ 888 /*ARGSUSED*/ 889 static void 890 check_idle(arg) 891 void *arg; 892 { 893 struct ppp_idle idle; 894 time_t itime; 895 int tlim; 896 897 if (!get_idle_time(0, &idle)) 898 return; 899 if (idle_time_hook != NULL) { 900 tlim = (*idle_time_hook)(&idle); 901 } else { 902 itime = MIN(idle.xmit_idle, idle.recv_idle); 903 tlim = idle_time_limit - itime; 904 } 905 if (tlim <= 0) { 906 /* link is idle: shut it down. */ 907 notice("Terminating connection due to lack of activity."); 908 lcp_close(0, "Link inactive"); 909 need_holdoff = 0; 910 status = EXIT_IDLE_TIMEOUT; 911 } else { 912 TIMEOUT(check_idle, NULL, tlim); 913 } 914 } 915 916 /* 917 * connect_time_expired - log a message and close the connection. 918 */ 919 /*ARGSUSED*/ 920 static void 921 connect_time_expired(arg) 922 void *arg; 923 { 924 fsm *f = (fsm *)arg; 925 926 info("Connect time expired"); 927 lcp_close(f->unit, "Connect time expired"); /* Close connection */ 928 status = EXIT_CONNECT_TIME; 929 } 930 931 /* 932 * auth_check_options - called to check authentication options. 933 */ 934 void 935 auth_check_options() 936 { 937 lcp_options *wo = &lcp_wantoptions[0]; 938 int can_auth; 939 int lacks_ip; 940 941 /* Default our_name to hostname, and user to our_name */ 942 if (our_name[0] == '\0' || usehostname) 943 (void) strlcpy(our_name, hostname, sizeof(our_name)); 944 if (user[0] == '\0') 945 (void) strlcpy(user, our_name, sizeof(user)); 946 947 /* 948 * If we have a default route, require the peer to authenticate 949 * unless the noauth option was given or the real user is root. 950 */ 951 if (!auth_required && !allow_any_ip && have_route_to(0) && !privileged) { 952 auth_required = 1; 953 default_auth = 1; 954 } 955 956 /* If authentication is required, ask peer for CHAP or PAP. */ 957 if (auth_required) { 958 if (!wo->neg_chap && !wo->neg_mschap && !wo->neg_mschapv2 && 959 !wo->neg_upap) { 960 wo->neg_chap = 1; 961 #ifdef CHAPMS 962 wo->neg_mschap = 1; 963 #endif 964 #ifdef CHAPMSV2 965 wo->neg_mschapv2 = 1; 966 #endif 967 wo->chap_mdtype = CHAP_DIGEST_MD5; 968 wo->neg_upap = 1; 969 } 970 } else { 971 wo->neg_chap = 0; 972 wo->neg_mschap = 0; 973 wo->neg_mschapv2 = 0; 974 wo->neg_upap = 0; 975 } 976 977 /* 978 * Check whether we have appropriate secrets to use 979 * to authenticate the peer. 980 */ 981 lacks_ip = 0; 982 can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip)); 983 if (!can_auth && (wo->neg_chap || wo->neg_mschap || wo->neg_mschapv2)) { 984 can_auth = have_chap_secret((explicit_remote? remote_name: NULL), 985 our_name, 1, &lacks_ip); 986 } 987 988 if (auth_required && !can_auth && noauth_addrs == NULL) { 989 if (default_auth) { 990 option_error( 991 "By default the remote system is required to authenticate itself"); 992 option_error( 993 "(because this system has a default route to the Internet)"); 994 } else if (explicit_remote) 995 option_error( 996 "The remote system (%s) is required to authenticate itself", 997 remote_name); 998 else 999 option_error( 1000 "The remote system is required to authenticate itself"); 1001 option_error( 1002 "but I couldn't find any suitable secret (password) for it to use to do so."); 1003 if (lacks_ip) 1004 option_error( 1005 "(None of the available passwords would let it use an IP address.)"); 1006 1007 exit(1); 1008 } 1009 } 1010 1011 /* 1012 * auth_reset - called when LCP is starting negotiations to recheck 1013 * authentication options, i.e. whether we have appropriate secrets 1014 * to use for authenticating ourselves and/or the peer. 1015 */ 1016 void 1017 auth_reset(unit) 1018 int unit; 1019 { 1020 lcp_options *go = &lcp_gotoptions[unit]; 1021 lcp_options *ao = &lcp_allowoptions[unit]; 1022 int havesecret; 1023 1024 ao->neg_upap = !refuse_pap && (passwd[0] != '\0' || get_pap_passwd(NULL)); 1025 1026 havesecret = passwd[0] != '\0' || 1027 have_chap_secret(user, (explicit_remote? remote_name: NULL), 0, NULL); 1028 ao->neg_chap = !refuse_chap && havesecret; 1029 ao->neg_mschap = !refuse_mschap && havesecret; 1030 ao->neg_mschapv2 = !refuse_mschapv2 && havesecret; 1031 if (ao->neg_chap) 1032 ao->chap_mdtype = CHAP_DIGEST_MD5; 1033 else if (ao->neg_mschap) 1034 ao->chap_mdtype = CHAP_MICROSOFT; 1035 else 1036 ao->chap_mdtype = CHAP_MICROSOFT_V2; 1037 1038 if (go->neg_upap && !uselogin && !have_pap_secret(NULL)) 1039 go->neg_upap = 0; 1040 if (go->neg_chap || go->neg_mschap || go->neg_mschapv2) { 1041 havesecret = have_chap_secret((explicit_remote? remote_name: NULL), 1042 our_name, 1, NULL); 1043 if (!havesecret) 1044 go->neg_chap = go->neg_mschap = go->neg_mschapv2 = 0; 1045 else if (go->neg_chap) 1046 go->chap_mdtype = CHAP_DIGEST_MD5; 1047 else if (go->neg_mschap) 1048 go->chap_mdtype = CHAP_MICROSOFT; 1049 else 1050 go->chap_mdtype = CHAP_MICROSOFT_V2; 1051 } 1052 } 1053 1054 1055 /* 1056 * check_passwd - Check the user name and passwd against the PAP secrets 1057 * file. If requested, also check against the system password database, 1058 * and login the user if OK. 1059 * 1060 * returns: 1061 * UPAP_AUTHNAK: Authentication failed. 1062 * UPAP_AUTHACK: Authentication succeeded. 1063 * In either case, msg points to an appropriate message. 1064 */ 1065 int 1066 check_passwd(unit, auser, userlen, apasswd, passwdlen, msg) 1067 int unit; 1068 char *auser; 1069 int userlen; 1070 char *apasswd; 1071 int passwdlen; 1072 char **msg; 1073 { 1074 int ret; 1075 char *filename; 1076 FILE *f; 1077 struct wordlist *addrs = NULL, *opts = NULL; 1078 char passwd[256], user[256]; 1079 char secret[MAXWORDLEN]; 1080 static int attempts = 0; 1081 1082 /* 1083 * Make copies of apasswd and auser, then null-terminate them. 1084 * If there are unprintable characters in the password, make 1085 * them visible. 1086 */ 1087 (void) slprintf(passwd, sizeof(passwd), "%.*v", passwdlen, apasswd); 1088 (void) slprintf(user, sizeof(user), "%.*v", userlen, auser); 1089 *msg = ""; 1090 1091 /* 1092 * Check if a plugin wants to handle this. 1093 */ 1094 if (pap_auth_hook != NULL) { 1095 /* Set a default and allow the plug-in to change it. */ 1096 extra_opt_filename = "plugin"; 1097 extra_opt_line = 0; 1098 ret = (*pap_auth_hook)(user, passwd, msg, &addrs, &opts); 1099 if (ret >= 0) { 1100 if (ret > 0) 1101 set_allowed_addrs(unit, addrs, opts); 1102 BZERO(passwd, sizeof(passwd)); 1103 if (addrs != NULL) 1104 free_wordlist(addrs); 1105 return ret? UPAP_AUTHACK: UPAP_AUTHNAK; 1106 } 1107 } 1108 1109 /* 1110 * Open the file of pap secrets and scan for a suitable secret 1111 * for authenticating this user. 1112 */ 1113 filename = _PATH_UPAPFILE; 1114 addrs = opts = NULL; 1115 ret = UPAP_AUTHNAK; 1116 f = fopen(filename, "r"); 1117 if (f == NULL) { 1118 error("Can't open PAP password file %s: %m", filename); 1119 1120 } else { 1121 check_access(f, filename); 1122 if (scan_authfile(f, user, our_name, secret, &addrs, &opts, filename) < 0) { 1123 warn("no PAP secret found for %s", user); 1124 if (scan_server_match_failed[0] != '\0') 1125 warn("possible configuration error: local name is %q, but " 1126 "found %q instead", our_name, scan_server_match_failed); 1127 } else if (secret[0] != '\0') { 1128 /* password given in pap-secrets - must match */ 1129 if ((!cryptpap && strcmp(passwd, secret) == 0) 1130 || strcmp(crypt(passwd, secret), secret) == 0) 1131 ret = UPAP_AUTHACK; 1132 else 1133 warn("PAP authentication failure for %s", user); 1134 } else if (uselogin) { 1135 /* empty password in pap-secrets and login option */ 1136 ret = plogin(user, passwd, msg); 1137 if (ret == UPAP_AUTHNAK) 1138 warn("PAP login failure for %s", user); 1139 } else { 1140 /* empty password in pap-secrets and login option not used */ 1141 ret = UPAP_AUTHACK; 1142 } 1143 (void) fclose(f); 1144 } 1145 1146 if (ret == UPAP_AUTHNAK) { 1147 if (**msg == '\0') 1148 *msg = "Login incorrect"; 1149 /* 1150 * Frustrate passwd stealer programs. 1151 * Allow 10 tries, but start backing off after 3 (stolen from login). 1152 * On 10'th, drop the connection. 1153 */ 1154 if (attempts++ >= 10) { 1155 warn("%d LOGIN FAILURES ON %s, %s", attempts, devnam, user); 1156 lcp_close(unit, "login failed"); 1157 } 1158 if (attempts > 3) 1159 (void) sleep((u_int) (attempts - 3) * 5); 1160 if (opts != NULL) 1161 free_wordlist(opts); 1162 1163 } else { 1164 attempts = 0; /* Reset count */ 1165 if (**msg == '\0') 1166 *msg = "Login ok"; 1167 set_allowed_addrs(unit, addrs, opts); 1168 } 1169 1170 if (addrs != NULL) 1171 free_wordlist(addrs); 1172 BZERO(passwd, sizeof(passwd)); 1173 BZERO(secret, sizeof(secret)); 1174 1175 return ret; 1176 } 1177 1178 /* 1179 * This function is needed for PAM. 1180 */ 1181 1182 #ifdef ALLOW_PAM 1183 /* Static variables used to communicate between the conversation function 1184 * and the server_login function 1185 */ 1186 static char *PAM_username; 1187 static char *PAM_password; 1188 static int PAM_error = 0; 1189 static pam_handle_t *pamh = NULL; 1190 1191 /* PAM conversation function 1192 * Here we assume (for now, at least) that echo on means login name, and 1193 * echo off means password. 1194 */ 1195 1196 /*ARGSUSED*/ 1197 static int PAM_conv (int num_msg, 1198 #ifndef SOL2 1199 const 1200 #endif 1201 struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) 1202 { 1203 int replies = 0; 1204 struct pam_response *reply = NULL; 1205 1206 #define COPY_STRING(s) (s) ? strdup(s) : NULL 1207 1208 reply = malloc(sizeof(struct pam_response) * num_msg); 1209 if (reply == NULL) 1210 return PAM_CONV_ERR; 1211 1212 for (replies = 0; replies < num_msg; replies++) { 1213 switch (msg[replies]->msg_style) { 1214 case PAM_PROMPT_ECHO_ON: 1215 reply[replies].resp_retcode = PAM_SUCCESS; 1216 reply[replies].resp = COPY_STRING(PAM_username); 1217 /* PAM frees resp */ 1218 break; 1219 case PAM_PROMPT_ECHO_OFF: 1220 reply[replies].resp_retcode = PAM_SUCCESS; 1221 reply[replies].resp = COPY_STRING(PAM_password); 1222 /* PAM frees resp */ 1223 break; 1224 case PAM_TEXT_INFO: 1225 /* fall through */ 1226 case PAM_ERROR_MSG: 1227 /* ignore it, but pam still wants a NULL response... */ 1228 reply[replies].resp_retcode = PAM_SUCCESS; 1229 reply[replies].resp = NULL; 1230 break; 1231 default: 1232 /* Must be an error of some sort... */ 1233 free (reply); 1234 PAM_error = 1; 1235 return PAM_CONV_ERR; 1236 } 1237 } 1238 *resp = reply; 1239 return PAM_SUCCESS; 1240 } 1241 1242 static struct pam_conv PAM_conversation = { 1243 PAM_conv, NULL 1244 }; 1245 #endif /* ALLOW_PAM */ 1246 1247 /* 1248 * plogin - Check the user name and password against the system 1249 * password database, and login the user if OK. 1250 * 1251 * returns: 1252 * UPAP_AUTHNAK: Login failed. 1253 * UPAP_AUTHACK: Login succeeded. 1254 * In either case, msg points to an appropriate message. 1255 */ 1256 1257 static int 1258 plogin(user, passwd, msg) 1259 char *user; 1260 char *passwd; 1261 char **msg; 1262 { 1263 char *tty; 1264 #ifdef HAS_SHADOW 1265 struct spwd *spwd; 1266 #endif 1267 struct passwd *pw = NULL; 1268 1269 #ifdef ALLOW_PAM 1270 int pam_error; 1271 1272 if (use_pam) { 1273 if (debug) 1274 dbglog("using PAM for user authentication"); 1275 pam_error = pam_start ("ppp", user, &PAM_conversation, &pamh); 1276 if (pam_error != PAM_SUCCESS) { 1277 *msg = (char *) pam_strerror (pamh, pam_error); 1278 reopen_log(); 1279 return UPAP_AUTHNAK; 1280 } 1281 /* 1282 * Define the fields for the credential validation 1283 */ 1284 1285 PAM_username = user; 1286 PAM_password = passwd; 1287 PAM_error = 0; 1288 /* this might be useful to some modules; required for Solaris */ 1289 tty = devnam; 1290 if (*tty == '\0') 1291 tty = ppp_devnam; 1292 (void) pam_set_item(pamh, PAM_TTY, tty); 1293 #ifdef PAM_RHOST 1294 (void) pam_set_item(pamh, PAM_RHOST, ""); 1295 #endif 1296 1297 /* 1298 * Validate the user 1299 */ 1300 pam_error = pam_authenticate (pamh, PAM_SILENT); 1301 if (pam_error == PAM_SUCCESS && !PAM_error) { 1302 pam_error = pam_acct_mgmt (pamh, PAM_SILENT); 1303 if (pam_error == PAM_SUCCESS) 1304 (void) pam_open_session (pamh, PAM_SILENT); 1305 } 1306 1307 *msg = (char *) pam_strerror (pamh, pam_error); 1308 1309 /* 1310 * Clean up the mess 1311 */ 1312 reopen_log(); /* apparently the PAM stuff does closelog() */ 1313 PAM_username = NULL; 1314 PAM_password = NULL; 1315 if (pam_error != PAM_SUCCESS) 1316 return UPAP_AUTHNAK; 1317 } else 1318 #endif /* ALLOW_PAM */ 1319 1320 { 1321 if (debug) { 1322 #ifdef HAS_SHADOW 1323 dbglog("using passwd/shadow for user authentication"); 1324 #else 1325 dbglog("using passwd for user authentication"); 1326 #endif 1327 } 1328 /* 1329 * Use the non-PAM methods directly 1330 */ 1331 1332 pw = getpwnam(user); 1333 1334 endpwent(); 1335 if (pw == NULL) 1336 return (UPAP_AUTHNAK); 1337 1338 #ifdef HAS_SHADOW 1339 spwd = getspnam(user); 1340 endspent(); 1341 if (spwd != NULL) { 1342 /* check the age of the password entry */ 1343 long now = time(NULL) / 86400L; 1344 1345 if ((spwd->sp_expire > 0 && now >= spwd->sp_expire) 1346 || ((spwd->sp_max >= 0 && spwd->sp_max < 10000) 1347 && spwd->sp_lstchg >= 0 1348 && now >= spwd->sp_lstchg + spwd->sp_max)) { 1349 warn("Password for %s has expired", user); 1350 return (UPAP_AUTHNAK); 1351 } 1352 pw->pw_passwd = spwd->sp_pwdp; 1353 } 1354 #endif 1355 1356 /* 1357 * If no passwd, don't let them login. 1358 */ 1359 if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2 || 1360 strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) 1361 return (UPAP_AUTHNAK); 1362 } 1363 1364 /* 1365 * Write a wtmp entry for this user. 1366 */ 1367 1368 tty = devnam; 1369 if (strncmp(tty, "/dev/", 5) == 0) 1370 tty += 5; 1371 logwtmp(tty, user, remote_name); /* Add wtmp login entry */ 1372 1373 info("user %s logged in", user); 1374 logged_in = 1; 1375 1376 return (UPAP_AUTHACK); 1377 } 1378 1379 /* 1380 * plogout - Logout the user. 1381 */ 1382 static void 1383 plogout() 1384 { 1385 char *tty; 1386 1387 #ifdef ALLOW_PAM 1388 int pam_error; 1389 1390 if (use_pam) { 1391 if (pamh != NULL) { 1392 pam_error = pam_close_session (pamh, PAM_SILENT); 1393 (void) pam_end (pamh, pam_error); 1394 pamh = NULL; 1395 } 1396 /* Apparently the pam stuff does closelog(). */ 1397 reopen_log(); 1398 } else 1399 #endif /* ALLOW_PAM */ 1400 1401 { 1402 tty = devnam; 1403 if (strncmp(tty, "/dev/", 5) == 0) 1404 tty += 5; 1405 /* Wipe out utmp logout entry */ 1406 logwtmp(tty, "", ""); 1407 } 1408 logged_in = 0; 1409 } 1410 1411 1412 /* 1413 * null_login - Check if a username of "" and a password of "" are 1414 * acceptable, and iff so, set the list of acceptable IP addresses 1415 * and return 1. 1416 */ 1417 static int 1418 null_login(unit) 1419 int unit; 1420 { 1421 char *filename; 1422 FILE *f; 1423 int i, ret; 1424 struct wordlist *addrs, *opts; 1425 char secret[MAXWORDLEN]; 1426 1427 /* 1428 * Open the file of pap secrets and scan for a suitable secret. 1429 */ 1430 filename = _PATH_UPAPFILE; 1431 addrs = NULL; 1432 f = fopen(filename, "r"); 1433 if (f == NULL) 1434 return 0; 1435 check_access(f, filename); 1436 1437 i = scan_authfile(f, "", our_name, secret, &addrs, &opts, filename); 1438 ret = i >= 0 && secret[0] == '\0'; 1439 BZERO(secret, sizeof(secret)); 1440 1441 if (ret) 1442 set_allowed_addrs(unit, addrs, opts); 1443 else if (opts != NULL) 1444 free_wordlist(opts); 1445 if (addrs != NULL) 1446 free_wordlist(addrs); 1447 1448 (void) fclose(f); 1449 return ret; 1450 } 1451 1452 1453 /* 1454 * get_pap_passwd - get a password for authenticating ourselves with 1455 * our peer using PAP. Returns 1 on success, 0 if no suitable password 1456 * could be found. 1457 * Assumes passwd points to MAXSECRETLEN bytes of space (if non-null). 1458 */ 1459 static int 1460 get_pap_passwd(passwd) 1461 char *passwd; 1462 { 1463 char *filename; 1464 FILE *f; 1465 int ret; 1466 char secret[MAXWORDLEN]; 1467 1468 /* 1469 * Check whether a plugin wants to supply this. 1470 */ 1471 if (pap_passwd_hook != NULL) { 1472 ret = (*pap_passwd_hook)(user, passwd); 1473 if (ret >= 0) 1474 return ret; 1475 } 1476 1477 filename = _PATH_UPAPFILE; 1478 f = fopen(filename, "r"); 1479 if (f == NULL) 1480 return 0; 1481 check_access(f, filename); 1482 ret = scan_authfile(f, user, 1483 (remote_name[0] != '\0' ? remote_name: NULL), 1484 secret, NULL, NULL, filename); 1485 (void) fclose(f); 1486 if (ret < 0) 1487 return 0; 1488 if (passwd != NULL) 1489 (void) strlcpy(passwd, secret, MAXSECRETLEN); 1490 BZERO(secret, sizeof(secret)); 1491 return 1; 1492 } 1493 1494 1495 /* 1496 * have_pap_secret - check whether we have a PAP file with any 1497 * secrets that we could possibly use for authenticating the peer. 1498 */ 1499 static int 1500 have_pap_secret(lacks_ipp) 1501 int *lacks_ipp; 1502 { 1503 FILE *f; 1504 int ret; 1505 char *filename; 1506 struct wordlist *addrs; 1507 1508 /* let the plugin decide, if there is one */ 1509 if (pap_check_hook != NULL) { 1510 ret = (*pap_check_hook)(); 1511 if (ret >= 0) 1512 return ret; 1513 } 1514 1515 filename = _PATH_UPAPFILE; 1516 f = fopen(filename, "r"); 1517 if (f == NULL) 1518 return 0; 1519 1520 ret = scan_authfile(f, (explicit_remote? remote_name: NULL), our_name, 1521 NULL, &addrs, NULL, filename); 1522 (void) fclose(f); 1523 if (ret >= 0 && !some_ip_ok(addrs)) { 1524 if (lacks_ipp != NULL) 1525 *lacks_ipp = 1; 1526 ret = -1; 1527 } 1528 if (addrs != NULL) 1529 free_wordlist(addrs); 1530 1531 return ret >= 0; 1532 } 1533 1534 1535 /* 1536 * have_chap_secret - check whether we have a CHAP file with a secret 1537 * that we could possibly use for authenticating `client' on `server'. 1538 * Either or both can be the null string, meaning we don't know the 1539 * identity yet. 1540 */ 1541 static int 1542 have_chap_secret(client, server, need_ip, lacks_ipp) 1543 char *client; 1544 char *server; 1545 int need_ip; 1546 int *lacks_ipp; 1547 { 1548 FILE *f; 1549 int ret; 1550 char *filename; 1551 struct wordlist *addrs; 1552 1553 filename = _PATH_CHAPFILE; 1554 f = fopen(filename, "r"); 1555 if (f == NULL) 1556 return 0; 1557 1558 if (client != NULL && client[0] == '\0') 1559 client = NULL; 1560 if (server != NULL && server[0] == '\0') 1561 server = NULL; 1562 1563 ret = scan_authfile(f, client, server, NULL, &addrs, NULL, filename); 1564 (void) fclose(f); 1565 if (ret >= 0 && need_ip && !some_ip_ok(addrs)) { 1566 if (lacks_ipp != NULL) 1567 *lacks_ipp = 1; 1568 ret = -1; 1569 } 1570 if (addrs != NULL) 1571 free_wordlist(addrs); 1572 1573 return ret >= 0; 1574 } 1575 1576 1577 /* 1578 * get_secret - open the CHAP secret file and return the secret 1579 * for authenticating the given client on the given server. 1580 * 1581 * "am_server" means that we're the authenticator (demanding 1582 * identity from the peer). 1583 * 1584 * "!am_server" means that we're the authenticatee (supplying 1585 * identity to the peer). 1586 */ 1587 int 1588 get_secret(unit, client, server, secret, secret_len, am_server) 1589 int unit; 1590 char *client; 1591 char *server; 1592 char *secret; 1593 int *secret_len; 1594 int am_server; 1595 { 1596 FILE *f; 1597 int ret, len; 1598 char *filename; 1599 struct wordlist *addrs, *opts; 1600 char secbuf[MAXWORDLEN]; 1601 1602 /* 1603 * Support the 'password' option on authenticatee only in order to 1604 * avoid obvious security problem (authenticator and authenticatee 1605 * within a given implementation must never share secrets). 1606 */ 1607 if (!am_server && passwd[0] != '\0') { 1608 (void) strlcpy(secbuf, passwd, sizeof(secbuf)); 1609 } else { 1610 filename = _PATH_CHAPFILE; 1611 addrs = NULL; 1612 secbuf[0] = '\0'; 1613 1614 f = fopen(filename, "r"); 1615 if (f == NULL) { 1616 error("Can't open chap secret file %s: %m", filename); 1617 return 0; 1618 } 1619 check_access(f, filename); 1620 1621 ret = scan_authfile(f, client, server, secbuf, &addrs, &opts, 1622 filename); 1623 (void) fclose(f); 1624 if (ret < 0) { 1625 if (scan_server_match_failed[0] != '\0') 1626 warn("possible configuration error: local name is %q, but " 1627 "found %q instead", our_name, scan_server_match_failed); 1628 return 0; 1629 } 1630 1631 /* Only the authenticator cares about limiting peer addresses. */ 1632 if (am_server) 1633 set_allowed_addrs(unit, addrs, opts); 1634 else if (opts != NULL) 1635 free_wordlist(opts); 1636 if (addrs != NULL) 1637 free_wordlist(addrs); 1638 } 1639 1640 len = strlen(secbuf); 1641 if (len > MAXSECRETLEN) { 1642 error("Secret for %s on %s is too long", client, server); 1643 len = MAXSECRETLEN; 1644 } 1645 /* Do not leave a temporary copy of the secret on the stack. */ 1646 BCOPY(secbuf, secret, len); 1647 BZERO(secbuf, sizeof(secbuf)); 1648 *secret_len = len; 1649 1650 return 1; 1651 } 1652 1653 /* 1654 * set_allowed_addrs() - set the list of allowed addresses. 1655 * The caller must also look for `--' indicating options to apply for 1656 * this peer and leaves the following words in extra_options. 1657 */ 1658 static void 1659 set_allowed_addrs(unit, addrs, opts) 1660 int unit; 1661 struct wordlist *addrs; 1662 struct wordlist *opts; 1663 { 1664 int n; 1665 struct wordlist *ap, **pap; 1666 struct permitted_ip *ip; 1667 char *ptr_word, *ptr_mask; 1668 struct hostent *hp; 1669 struct netent *np; 1670 u_int32_t a, mask, newmask, ah, offset; 1671 struct ipcp_options *wo = &ipcp_wantoptions[unit]; 1672 u_int32_t suggested_ip = 0; 1673 int err_num; 1674 1675 if (addresses[unit] != NULL) 1676 free(addresses[unit]); 1677 addresses[unit] = NULL; 1678 if (extra_options != NULL) 1679 free_wordlist(extra_options); 1680 extra_options = opts; 1681 1682 /* 1683 * Count the number of IP addresses given. 1684 */ 1685 for (n = 0, pap = &addrs; (ap = *pap) != NULL; pap = &ap->next) 1686 ++n; 1687 if (n == 0) 1688 return; 1689 ip = (struct permitted_ip *) malloc((n + 1) * sizeof(struct permitted_ip)); 1690 if (ip == NULL) 1691 return; 1692 1693 n = 0; 1694 for (ap = addrs; ap != NULL; ap = ap->next) { 1695 /* "-" means no addresses authorized, "*" means any address allowed */ 1696 ptr_word = ap->word; 1697 if (strcmp(ptr_word, "-") == 0) 1698 break; 1699 if (strcmp(ptr_word, "*") == 0) { 1700 ip[n].permit = 1; 1701 ip[n].base = ip[n].mask = 0; 1702 ++n; 1703 break; 1704 } 1705 1706 ip[n].permit = 1; 1707 if (*ptr_word == '!') { 1708 ip[n].permit = 0; 1709 ++ptr_word; 1710 } 1711 1712 mask = ~ (u_int32_t) 0; 1713 offset = 0; 1714 ptr_mask = strchr (ptr_word, '/'); 1715 if (ptr_mask != NULL) { 1716 int bit_count; 1717 char *endp; 1718 1719 bit_count = (int) strtol (ptr_mask+1, &endp, 10); 1720 if (bit_count <= 0 || bit_count > 32) { 1721 warn("invalid address length %v in authorized address list", 1722 ptr_mask+1); 1723 continue; 1724 } 1725 bit_count = 32 - bit_count; /* # bits in host part */ 1726 if (*endp == '+') { 1727 offset = ifunit + 1; 1728 ++endp; 1729 } 1730 if (*endp != '\0') { 1731 warn("invalid address length syntax: %v", ptr_mask+1); 1732 continue; 1733 } 1734 *ptr_mask = '\0'; 1735 mask <<= bit_count; 1736 } 1737 1738 /* Try to interpret value as host name or numeric address first */ 1739 hp = getipnodebyname(ptr_word, AF_INET, 0, &err_num); 1740 if (hp != NULL) { 1741 (void) memcpy(&a, hp->h_addr, sizeof(a)); 1742 freehostent(hp); 1743 } else { 1744 char *cp = ptr_word + strlen(ptr_word); 1745 if (cp > ptr_word) 1746 cp--; 1747 if (*cp == '+') { 1748 offset = ifunit + 1; 1749 *cp = '\0'; 1750 } 1751 np = getnetbyname (ptr_word); 1752 if (np != NULL && np->n_addrtype == AF_INET) { 1753 ah = np->n_net; 1754 newmask = (u_int32_t)~0; 1755 if ((ah & 0xff000000ul) == 0) 1756 ah <<= 8, newmask <<= 8; 1757 if ((ah & 0xff000000ul) == 0) 1758 ah <<= 8, newmask <<= 8; 1759 if ((ah & 0xff000000ul) == 0) 1760 ah <<= 8, newmask <<= 8; 1761 if (ptr_mask == NULL) 1762 mask = newmask; 1763 a = htonl(ah); 1764 } 1765 } 1766 1767 if (ptr_mask != NULL) 1768 *ptr_mask = '/'; 1769 1770 if (a == (u_int32_t)-1L) { 1771 warn("unknown host %s in auth. address list", ap->word); 1772 continue; 1773 } 1774 if (offset != 0) { 1775 if (offset >= ~mask) { 1776 warn("interface unit %d too large for subnet %v", 1777 ifunit, ptr_word); 1778 continue; 1779 } 1780 a = htonl((ntohl(a) & mask) + offset); 1781 mask = ~(u_int32_t)0; 1782 } 1783 ip[n].mask = htonl(mask); 1784 ip[n].base = a & ip[n].mask; 1785 ++n; 1786 if (~mask == 0 && suggested_ip == 0) 1787 suggested_ip = a; 1788 } 1789 1790 /* Sentinel value at end of list */ 1791 ip[n].permit = 0; /* make the last entry forbid all addresses */ 1792 ip[n].base = 0; /* to terminate the list */ 1793 ip[n].mask = 0; 1794 1795 addresses[unit] = ip; 1796 1797 /* 1798 * If the address given for the peer isn't authorized, or if 1799 * the user hasn't given one, AND there is an authorized address 1800 * which is a single host, then use that if we find one. 1801 */ 1802 if (suggested_ip != 0 1803 && (wo->hisaddr == 0 || !auth_ip_addr(unit, wo->hisaddr))) 1804 wo->hisaddr = suggested_ip; 1805 } 1806 1807 /* 1808 * auth_ip_addr - check whether the peer is authorized to use 1809 * a given IP address. Returns 1 if authorized, 0 otherwise. 1810 */ 1811 int 1812 auth_ip_addr(unit, addr) 1813 int unit; 1814 u_int32_t addr; 1815 { 1816 int ok; 1817 1818 /* don't allow loopback or multicast address */ 1819 if (bad_ip_adrs(addr)) 1820 return 0; 1821 1822 if (addresses[unit] != NULL) { 1823 ok = ip_addr_check(addr, addresses[unit]); 1824 if (ok >= 0) 1825 return ok; 1826 } 1827 if (auth_required) 1828 return 0; /* no addresses authorized */ 1829 return allow_any_ip || privileged || !have_route_to(addr); 1830 } 1831 1832 static int 1833 ip_addr_check(addr, addrs) 1834 u_int32_t addr; 1835 struct permitted_ip *addrs; 1836 { 1837 /* This loop is safe because of the sentinel value in set_allowed_addrs */ 1838 for (; ; ++addrs) 1839 if ((addr & addrs->mask) == addrs->base) 1840 return addrs->permit; 1841 } 1842 1843 /* 1844 * bad_ip_adrs - return 1 if the IP address is one we don't want 1845 * to use, such as an address in the loopback net or a multicast address. 1846 * addr is in network byte order. 1847 */ 1848 int 1849 bad_ip_adrs(addr) 1850 u_int32_t addr; 1851 { 1852 addr = ntohl(addr); 1853 return 1854 #ifndef ALLOW_127_NET 1855 (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 1856 #endif 1857 #ifndef ALLOW_0_NET 1858 ((addr >> IN_CLASSA_NSHIFT) == 0 && addr != 0) || 1859 #endif 1860 IN_MULTICAST(addr); 1861 } 1862 1863 /* 1864 * some_ip_ok - check a wordlist to see if it authorizes any 1865 * IP address(es). 1866 */ 1867 static int 1868 some_ip_ok(addrs) 1869 struct wordlist *addrs; 1870 { 1871 for (; addrs != NULL; addrs = addrs->next) { 1872 if (addrs->word[0] == '-') 1873 break; 1874 if (addrs->word[0] != '!') 1875 return 1; /* some IP address is allowed */ 1876 } 1877 return 0; 1878 } 1879 1880 /* 1881 * check_access - complain if a secret file has too-liberal permissions. 1882 */ 1883 static void 1884 check_access(f, filename) 1885 FILE *f; 1886 char *filename; 1887 { 1888 struct stat sbuf; 1889 1890 if (fstat(fileno(f), &sbuf) < 0) { 1891 warn("cannot stat secret file %s: %m", filename); 1892 } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) { 1893 warn("Warning - secret file %s has world and/or group access", 1894 filename); 1895 } 1896 } 1897 1898 1899 /* 1900 * scan_authfile - Scan an authorization file for a secret suitable 1901 * for authenticating `client' on `server'. The return value is -1 if 1902 * no secret is found, otherwise >= 0. The return value has 1903 * NONWILD_CLIENT set if the secret didn't have "*" for the client, 1904 * and NONWILD_SERVER set if the secret didn't have "*" for the 1905 * server. 1906 1907 * Any following words on the line up to a "--" (i.e. address 1908 * authorization info) are placed in a wordlist and returned in 1909 * *addrs. Any following words (extra options) are placed in a 1910 * wordlist and returned in *opts. If opts is NULL, these are just 1911 * discarded. Otherwise, the extra_opt_* variables are set to 1912 * indicate the source of the options. 1913 * 1914 * We assume secret is NULL or points to MAXWORDLEN bytes of space. 1915 */ 1916 static int 1917 scan_authfile(f, client, server, secret, addrs, opts, filename) 1918 FILE *f; 1919 char *client; 1920 char *server; 1921 char *secret; 1922 struct wordlist **addrs; 1923 struct wordlist **opts; 1924 char *filename; 1925 { 1926 int newline, xxx, sline; 1927 int got_flag, best_flag; 1928 FILE *sf; 1929 struct wordlist *ap, *addr_list, *alist, **app; 1930 char word[MAXWORDLEN]; 1931 char atfile[MAXWORDLEN]; 1932 char lsecret[MAXWORDLEN]; 1933 1934 scan_server_match_failed[0] = '\0'; 1935 1936 if (addrs != NULL) 1937 *addrs = NULL; 1938 if (opts != NULL) 1939 *opts = NULL; 1940 addr_list = NULL; 1941 option_line = 0; 1942 if (!getword(f, word, &newline, filename)) { 1943 if (debug) 1944 dbglog("%s is apparently empty", filename); 1945 return -1; /* file is empty??? */ 1946 } 1947 newline = 1; 1948 best_flag = -1; 1949 for (;;) { 1950 /* 1951 * Skip until we find a word at the start of a line. 1952 */ 1953 while (!newline && getword(f, word, &newline, filename)) 1954 ; 1955 if (!newline) 1956 break; /* got to end of file */ 1957 1958 sline = option_line; 1959 /* 1960 * Got a client - check if it's a match or a wildcard. 1961 */ 1962 got_flag = 0; 1963 if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) { 1964 newline = 0; 1965 continue; 1966 } 1967 if (!ISWILD(word)) 1968 got_flag = NONWILD_CLIENT; 1969 1970 /* 1971 * Now get a server and check if it matches. 1972 */ 1973 if (!getword(f, word, &newline, filename)) 1974 break; 1975 if (newline) 1976 continue; 1977 if (!ISWILD(word)) { 1978 if (server != NULL && strcmp(word, server) != 0) { 1979 (void) strcpy(scan_server_match_failed, word); 1980 continue; 1981 } 1982 got_flag |= NONWILD_SERVER; 1983 } 1984 1985 /* 1986 * Got some sort of a match - see if it's better than what 1987 * we have already. 1988 */ 1989 if (got_flag <= best_flag) 1990 continue; 1991 1992 /* 1993 * Get the secret. 1994 */ 1995 if (!getword(f, word, &newline, filename)) 1996 break; 1997 if (newline) 1998 continue; 1999 2000 /* 2001 * Special syntax: @filename means read secret from file. 2002 * Because the secrets files are modifiable only by root, 2003 * it's safe to open this file as root. One small addition -- 2004 * if open fails, we try as the regular user; just in case 2005 * it's over NFS and not root-equivalent. 2006 */ 2007 if (word[0] == '@') { 2008 (void) strlcpy(atfile, word+1, sizeof(atfile)); 2009 if ((sf = fopen(atfile, "r")) == NULL) { 2010 (void) seteuid(getuid()); 2011 sf = fopen(atfile, "r"); 2012 (void) seteuid(0); 2013 } 2014 if (sf == NULL) { 2015 warn("can't open indirect secret file %s: %m", atfile); 2016 continue; 2017 } 2018 check_access(sf, atfile); 2019 if (!getword(sf, word, &xxx, atfile)) { 2020 warn("no secret in indirect secret file %s", atfile); 2021 (void) fclose(sf); 2022 continue; 2023 } 2024 (void) fclose(sf); 2025 } 2026 if (secret != NULL) 2027 (void) strlcpy(lsecret, word, sizeof(lsecret)); 2028 2029 /* 2030 * Now read address authorization info and make a wordlist. 2031 */ 2032 app = &alist; 2033 for (;;) { 2034 if (!getword(f, word, &newline, filename) || newline) 2035 break; 2036 ap = (struct wordlist *) malloc(sizeof(struct wordlist)); 2037 if (ap == NULL) 2038 novm("authorized addresses"); 2039 ap->word = strdup(word); 2040 if (ap->word == NULL) 2041 novm("authorized addresses"); 2042 *app = ap; 2043 app = &ap->next; 2044 } 2045 *app = NULL; 2046 2047 /* 2048 * This is the best so far; remember it. 2049 */ 2050 best_flag = got_flag; 2051 if (addr_list != NULL) 2052 free_wordlist(addr_list); 2053 addr_list = alist; 2054 if (secret != NULL) 2055 (void) strlcpy(secret, lsecret, MAXWORDLEN); 2056 2057 if (opts != NULL) { 2058 extra_opt_filename = filename; 2059 extra_opt_line = sline; 2060 } 2061 2062 if (!newline) 2063 break; 2064 } 2065 2066 /* scan for a -- word indicating the start of options */ 2067 for (app = &addr_list; (ap = *app) != NULL; app = &ap->next) 2068 if (strcmp(ap->word, "--") == 0) 2069 break; 2070 /* ap = start of options */ 2071 if (ap != NULL) { 2072 ap = ap->next; /* first option */ 2073 free(*app); /* free the "--" word */ 2074 *app = NULL; /* terminate addr list */ 2075 } 2076 if (opts != NULL) 2077 *opts = ap; 2078 else if (ap != NULL) 2079 free_wordlist(ap); 2080 if (addrs != NULL) 2081 *addrs = addr_list; 2082 else if (addr_list != NULL) 2083 free_wordlist(addr_list); 2084 2085 return best_flag; 2086 } 2087 2088 /* 2089 * free_wordlist - release memory allocated for a wordlist. 2090 */ 2091 static void 2092 free_wordlist(wp) 2093 struct wordlist *wp; 2094 { 2095 struct wordlist *next; 2096 2097 while (wp != NULL) { 2098 next = wp->next; 2099 free(wp); 2100 wp = next; 2101 } 2102 } 2103 2104 /* 2105 * auth_script_done - called when the auth-up or auth-down script 2106 * has finished. 2107 */ 2108 /*ARGSUSED*/ 2109 static void 2110 auth_script_done(arg, status) 2111 void *arg; 2112 int status; 2113 { 2114 auth_script_pid = 0; 2115 switch (auth_script_state) { 2116 case s_up: 2117 if (auth_state == s_down) { 2118 auth_script_state = s_down; 2119 auth_script(_PATH_AUTHDOWN); 2120 } 2121 break; 2122 case s_down: 2123 if (auth_state == s_up) { 2124 auth_script_state = s_up; 2125 auth_script(_PATH_AUTHUP); 2126 } 2127 break; 2128 } 2129 } 2130 2131 /* 2132 * auth_script - execute a script with arguments 2133 * interface-name peer-name real-user tty speed 2134 */ 2135 static void 2136 auth_script(script) 2137 char *script; 2138 { 2139 char strspeed[32]; 2140 struct passwd *pw; 2141 char struid[32]; 2142 char *user_name; 2143 char *argv[8]; 2144 2145 if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL) 2146 user_name = pw->pw_name; 2147 else { 2148 (void) slprintf(struid, sizeof(struid), "%d", getuid()); 2149 user_name = struid; 2150 } 2151 (void) slprintf(strspeed, sizeof(strspeed), "%d", baud_rate); 2152 2153 argv[0] = script; 2154 argv[1] = ifname; 2155 argv[2] = peer_authname; 2156 argv[3] = user_name; 2157 argv[4] = devnam; 2158 argv[5] = strspeed; 2159 argv[6] = NULL; 2160 2161 auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL); 2162 } 2163