auth.c

Revision 14, 26.3 kB (checked in by phil, 15 years ago)
added unmodified FreeRTOS package V5.4.1 with only web srv demo source for LPC2368 for CrossWorks?

Line
1	/*****************************************************************************
2	* auth.c - Network Authentication and Phase Control program file.
3	*
4	* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
5	* Copyright (c) 1997 by Global Election Systems Inc. All rights reserved.
6	*
7	* The authors hereby grant permission to use, copy, modify, distribute,
8	* and license this software and its documentation for any purpose, provided
9	* that existing copyright notices are retained in all copies and that this
10	* notice and the following disclaimer are included verbatim in any
11	* distributions. No written agreement, license, or royalty fee is required
12	* for any of the authorized uses.
13	*
14	* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS AS IS AND ANY EXPRESS OR
15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17	* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24	*
25	******************************************************************************
26	* REVISION HISTORY
27	*
28	* 03-01-01 Marc Boucher <marc@mbsi.ca>
29	* Ported to lwIP.
30	* 97-12-08 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
31	* Ported from public pppd code.
32	*****************************************************************************/
33	/*
34	* auth.c - PPP authentication and phase control.
35	*
36	* Copyright (c) 1993 The Australian National University.
37	* All rights reserved.
38	*
39	* Redistribution and use in source and binary forms are permitted
40	* provided that the above copyright notice and this paragraph are
41	* duplicated in all such forms and that any documentation,
42	* advertising materials, and other materials related to such
43	* distribution and use acknowledge that the software was developed
44	* by the Australian National University. The name of the University
45	* may not be used to endorse or promote products derived from this
46	* software without specific prior written permission.
47	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
48	* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
49	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
50	*
51	* Copyright (c) 1989 Carnegie Mellon University.
52	* All rights reserved.
53	*
54	* Redistribution and use in source and binary forms are permitted
55	* provided that the above copyright notice and this paragraph are
56	* duplicated in all such forms and that any documentation,
57	* advertising materials, and other materials related to such
58	* distribution and use acknowledge that the software was developed
59	* by Carnegie Mellon University. The name of the
60	* University may not be used to endorse or promote products derived
61	* from this software without specific prior written permission.
62	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
63	* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
64	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
65	*/
66
67	#include "ppp.h"
68	#if PPP_SUPPORT > 0
69	#include "fsm.h"
70	#include "lcp.h"
71	#include "pap.h"
72	#include "chap.h"
73	#include "auth.h"
74	#include "ipcp.h"
75
76	#if CBCP_SUPPORT > 0
77	#include "cbcp.h"
78	#endif
79
80	#include "pppdebug.h"
81
82
83	/*************************/
84	/* LOCAL DEFINITIONS */
85	/*************************/
86
87	/* Bits in auth_pending[] */
88	#define PAP_WITHPEER 1
89	#define PAP_PEER 2
90	#define CHAP_WITHPEER 4
91	#define CHAP_PEER 8
92
93
94
95	/************************/
96	/* LOCAL DATA TYPES */
97	/************************/
98	/* Used for storing a sequence of words. Usually malloced. */
99	struct wordlist {
100	struct wordlist *next;
101	char word[1];
102	};
103
104
105
106	/***********************************/
107	/* LOCAL FUNCTION DECLARATIONS */
108	/***********************************/
109	extern char crypt (const char , const char *);
110
111	/* Prototypes for procedures local to this file. */
112
113	static void network_phase (int);
114	static void check_idle (void *);
115	static void connect_time_expired (void *);
116	#if 0
117	static int login (char , char , char *, int );
118	#endif
119	static void logout (void);
120	static int null_login (int);
121	static int get_pap_passwd (int, char , char );
122	static int have_pap_secret (void);
123	static int have_chap_secret (char , char , u32_t);
124	static int ip_addr_check (u32_t, struct wordlist *);
125	#if 0 /* PAP_SUPPORT > 0 \|\| CHAP_SUPPORT > 0 */
126	static void set_allowed_addrs(int unit, struct wordlist *addrs);
127	static void free_wordlist (struct wordlist *);
128	#endif
129	#if CBCP_SUPPORT > 0
130	static void callback_phase (int);
131	#endif
132
133
134	/******************************/
135	/* PUBLIC DATA STRUCTURES */
136	/******************************/
137
138
139	/*****************************/
140	/* LOCAL DATA STRUCTURES */
141	/*****************************/
142	#if PAP_SUPPORT > 0 \|\| CHAP_SUPPORT > 0
143	/* The name by which the peer authenticated itself to us. */
144	static char peer_authname[MAXNAMELEN];
145	#endif
146
147	/* Records which authentication operations haven't completed yet. */
148	static int auth_pending[NUM_PPP];
149
150	/* Set if we have successfully called login() */
151	static int logged_in;
152
153	/* Set if we have run the /etc/ppp/auth-up script. */
154	static int did_authup;
155
156	/* List of addresses which the peer may use. */
157	static struct wordlist *addresses[NUM_PPP];
158
159	/* Number of network protocols which we have opened. */
160	static int num_np_open;
161
162	/* Number of network protocols which have come up. */
163	static int num_np_up;
164
165	#if PAP_SUPPORT > 0 \|\| CHAP_SUPPORT > 0
166	/* Set if we got the contents of passwd[] from the pap-secrets file. */
167	static int passwd_from_file;
168	#endif
169
170
171
172	/***********************************/
173	/* PUBLIC FUNCTION DEFINITIONS */
174	/***********************************/
175	/*
176	* An Open on LCP has requested a change from Dead to Establish phase.
177	* Do what's necessary to bring the physical layer up.
178	*/
179	void link_required(int unit)
180	{
181	AUTHDEBUG((LOG_INFO, "link_required: %d\n", unit));
182	}
183
184	/*
185	* LCP has terminated the link; go to the Dead phase and take the
186	* physical layer down.
187	*/
188	void link_terminated(int unit)
189	{
190	AUTHDEBUG((LOG_INFO, "link_terminated: %d\n", unit));
191
192	if (lcp_phase[unit] == PHASE_DEAD)
193	return;
194	if (logged_in)
195	logout();
196	lcp_phase[unit] = PHASE_DEAD;
197	AUTHDEBUG((LOG_NOTICE, "Connection terminated.\n"));
198	pppMainWakeup(unit);
199	}
200
201	/*
202	* LCP has gone down; it will either die or try to re-establish.
203	*/
204	void link_down(int unit)
205	{
206	int i;
207	struct protent *protp;
208
209	AUTHDEBUG((LOG_INFO, "link_down: %d\n", unit));
210	if (did_authup) {
211	/* XXX Do link down processing. */
212	did_authup = 0;
213	}
214	for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
215	if (!protp->enabled_flag)
216	continue;
217	if (protp->protocol != PPP_LCP && protp->lowerdown != NULL)
218	(*protp->lowerdown)(unit);
219	if (protp->protocol < 0xC000 && protp->close != NULL)
220	(*protp->close)(unit, "LCP down");
221	}
222	num_np_open = 0;
223	num_np_up = 0;
224	if (lcp_phase[unit] != PHASE_DEAD)
225	lcp_phase[unit] = PHASE_TERMINATE;
226	pppMainWakeup(unit);
227	}
228
229	/*
230	* The link is established.
231	* Proceed to the Dead, Authenticate or Network phase as appropriate.
232	*/
233	void link_established(int unit)
234	{
235	int auth;
236	int i;
237	struct protent *protp;
238	lcp_options *wo = &lcp_wantoptions[unit];
239	lcp_options *go = &lcp_gotoptions[unit];
240	#if PAP_SUPPORT > 0 \|\| CHAP_SUPPORT > 0
241	lcp_options *ho = &lcp_hisoptions[unit];
242	#endif
243
244	AUTHDEBUG((LOG_INFO, "link_established: %d\n", unit));
245	/*
246	* Tell higher-level protocols that LCP is up.
247	*/
248	for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i)
249	if (protp->protocol != PPP_LCP && protp->enabled_flag
250	&& protp->lowerup != NULL)
251	(*protp->lowerup)(unit);
252
253	if (ppp_settings.auth_required && !(go->neg_chap \|\| go->neg_upap)) {
254	/*
255	* We wanted the peer to authenticate itself, and it refused:
256	* treat it as though it authenticated with PAP using a username
257	* of "" and a password of "". If that's not OK, boot it out.
258	*/
259	if (!wo->neg_upap \|\| !null_login(unit)) {
260	AUTHDEBUG((LOG_WARNING, "peer refused to authenticate\n"));
261	lcp_close(unit, "peer refused to authenticate");
262	return;
263	}
264	}
265
266	lcp_phase[unit] = PHASE_AUTHENTICATE;
267	auth = 0;
268	#if CHAP_SUPPORT > 0
269	if (go->neg_chap) {
270	ChapAuthPeer(unit, ppp_settings.our_name, go->chap_mdtype);
271	auth \|= CHAP_PEER;
272	}
273	#endif
274	#if PAP_SUPPORT > 0 && CHAP_SUPPORT > 0
275	else
276	#endif
277	#if PAP_SUPPORT > 0
278	if (go->neg_upap) {
279	upap_authpeer(unit);
280	auth \|= PAP_PEER;
281	}
282	#endif
283	#if CHAP_SUPPORT > 0
284	if (ho->neg_chap) {
285	ChapAuthWithPeer(unit, ppp_settings.user, ho->chap_mdtype);
286	auth \|= CHAP_WITHPEER;
287	}
288	#endif
289	#if PAP_SUPPORT > 0 && CHAP_SUPPORT > 0
290	else
291	#endif
292	#if PAP_SUPPORT > 0
293	if (ho->neg_upap) {
294	if (ppp_settings.passwd[0] == 0) {
295	passwd_from_file = 1;
296	if (!get_pap_passwd(unit, ppp_settings.user, ppp_settings.passwd))
297	AUTHDEBUG((LOG_ERR, "No secret found for PAP login\n"));
298	}
299	upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd);
300	auth \|= PAP_WITHPEER;
301	}
302	#endif
303	auth_pending[unit] = auth;
304
305	if (!auth)
306	network_phase(unit);
307	}
308
309
310	/*
311	* The peer has failed to authenticate himself using `protocol'.
312	*/
313	void auth_peer_fail(int unit, u16_t protocol)
314	{
315	AUTHDEBUG((LOG_INFO, "auth_peer_fail: %d proto=%X\n", unit, protocol));
316	/*
317	* Authentication failure: take the link down
318	*/
319	lcp_close(unit, "Authentication failed");
320	}
321
322
323	#if PAP_SUPPORT > 0 \|\| CHAP_SUPPORT > 0
324	/*
325	* The peer has been successfully authenticated using `protocol'.
326	*/
327	void auth_peer_success(int unit, u16_t protocol, char *name, int namelen)
328	{
329	int pbit;
330
331	AUTHDEBUG((LOG_INFO, "auth_peer_success: %d proto=%X\n", unit, protocol));
332	switch (protocol) {
333	case PPP_CHAP:
334	pbit = CHAP_PEER;
335	break;
336	case PPP_PAP:
337	pbit = PAP_PEER;
338	break;
339	default:
340	AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n",
341	protocol));
342	return;
343	}
344
345	/*
346	* Save the authenticated name of the peer for later.
347	*/
348	if (namelen > sizeof(peer_authname) - 1)
349	namelen = sizeof(peer_authname) - 1;
350	BCOPY(name, peer_authname, namelen);
351	peer_authname[namelen] = 0;
352
353	/*
354	* If there is no more authentication still to be done,
355	* proceed to the network (or callback) phase.
356	*/
357	if ((auth_pending[unit] &= ~pbit) == 0)
358	network_phase(unit);
359	}
360
361	/*
362	* We have failed to authenticate ourselves to the peer using `protocol'.
363	*/
364	void auth_withpeer_fail(int unit, u16_t protocol)
365	{
366	int errCode = PPPERR_AUTHFAIL;
367
368	AUTHDEBUG((LOG_INFO, "auth_withpeer_fail: %d proto=%X\n", unit, protocol));
369	if (passwd_from_file)
370	BZERO(ppp_settings.passwd, MAXSECRETLEN);
371	/*
372	* XXX Warning: the unit number indicates the interface which is
373	* not necessarily the PPP connection. It works here as long
374	* as we are only supporting PPP interfaces.
375	*/
376	pppIOCtl(unit, PPPCTLS_ERRCODE, &errCode);
377
378	/*
379	* We've failed to authenticate ourselves to our peer.
380	* He'll probably take the link down, and there's not much
381	* we can do except wait for that.
382	*/
383	}
384
385	/*
386	* We have successfully authenticated ourselves with the peer using `protocol'.
387	*/
388	void auth_withpeer_success(int unit, u16_t protocol)
389	{
390	int pbit;
391
392	AUTHDEBUG((LOG_INFO, "auth_withpeer_success: %d proto=%X\n", unit, protocol));
393	switch (protocol) {
394	case PPP_CHAP:
395	pbit = CHAP_WITHPEER;
396	break;
397	case PPP_PAP:
398	if (passwd_from_file)
399	BZERO(ppp_settings.passwd, MAXSECRETLEN);
400	pbit = PAP_WITHPEER;
401	break;
402	default:
403	AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n",
404	protocol));
405	pbit = 0;
406	}
407
408	/*
409	* If there is no more authentication still being done,
410	* proceed to the network (or callback) phase.
411	*/
412	if ((auth_pending[unit] &= ~pbit) == 0)
413	network_phase(unit);
414	}
415	#endif
416
417
418	/*
419	* np_up - a network protocol has come up.
420	*/
421	void np_up(int unit, u16_t proto)
422	{
423	AUTHDEBUG((LOG_INFO, "np_up: %d proto=%X\n", unit, proto));
424	if (num_np_up == 0) {
425	AUTHDEBUG((LOG_INFO, "np_up: maxconnect=%d idle_time_limit=%d\n",ppp_settings.maxconnect,ppp_settings.idle_time_limit));
426	/*
427	* At this point we consider that the link has come up successfully.
428	*/
429	if (ppp_settings.idle_time_limit > 0)
430	TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit);
431
432	/*
433	* Set a timeout to close the connection once the maximum
434	* connect time has expired.
435	*/
436	if (ppp_settings.maxconnect > 0)
437	TIMEOUT(connect_time_expired, 0, ppp_settings.maxconnect);
438	}
439	++num_np_up;
440	}
441
442	/*
443	* np_down - a network protocol has gone down.
444	*/
445	void np_down(int unit, u16_t proto)
446	{
447	AUTHDEBUG((LOG_INFO, "np_down: %d proto=%X\n", unit, proto));
448	if (--num_np_up == 0 && ppp_settings.idle_time_limit > 0) {
449	UNTIMEOUT(check_idle, NULL);
450	}
451	}
452
453	/*
454	* np_finished - a network protocol has finished using the link.
455	*/
456	void np_finished(int unit, u16_t proto)
457	{
458	AUTHDEBUG((LOG_INFO, "np_finished: %d proto=%X\n", unit, proto));
459	if (--num_np_open <= 0) {
460	/* no further use for the link: shut up shop. */
461	lcp_close(0, "No network protocols running");
462	}
463	}
464
465	/*
466	* auth_reset - called when LCP is starting negotiations to recheck
467	* authentication options, i.e. whether we have appropriate secrets
468	* to use for authenticating ourselves and/or the peer.
469	*/
470	void auth_reset(int unit)
471	{
472	lcp_options *go = &lcp_gotoptions[unit];
473	lcp_options *ao = &lcp_allowoptions[0];
474	ipcp_options *ipwo = &ipcp_wantoptions[0];
475	u32_t remote;
476
477	AUTHDEBUG((LOG_INFO, "auth_reset: %d\n", unit));
478	ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 \|\| get_pap_passwd(unit, NULL, NULL));
479	ao->neg_chap = !ppp_settings.refuse_chap && ppp_settings.passwd[0] != 0 /have_chap_secret(ppp_settings.user, ppp_settings.remote_name, (u32_t)0)/;
480
481	if (go->neg_upap && !have_pap_secret())
482	go->neg_upap = 0;
483	if (go->neg_chap) {
484	remote = ipwo->accept_remote? 0: ipwo->hisaddr;
485	if (!have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote))
486	go->neg_chap = 0;
487	}
488	}
489
490
491	#if PAP_SUPPORT > 0
492	/*
493	* check_passwd - Check the user name and passwd against the PAP secrets
494	* file. If requested, also check against the system password database,
495	* and login the user if OK.
496	*
497	* returns:
498	* UPAP_AUTHNAK: Authentication failed.
499	* UPAP_AUTHACK: Authentication succeeded.
500	* In either case, msg points to an appropriate message.
501	*/
502	int check_passwd(
503	int unit,
504	char *auser,
505	int userlen,
506	char *apasswd,
507	int passwdlen,
508	char **msg,
509	int *msglen
510	)
511	{
512	#if 1
513	msg = (char ) 0;
514	return UPAP_AUTHACK; /* XXX Assume all entries OK. */
515	#else
516	int ret = 0;
517	struct wordlist *addrs = NULL;
518	char passwd[256], user[256];
519	char secret[MAXWORDLEN];
520	static u_short attempts = 0;
521
522	/*
523	* Make copies of apasswd and auser, then null-terminate them.
524	*/
525	BCOPY(apasswd, passwd, passwdlen);
526	passwd[passwdlen] = '\0';
527	BCOPY(auser, user, userlen);
528	user[userlen] = '\0';
529	msg = (char ) 0;
530
531	/* XXX Validate user name and password. */
532	ret = UPAP_AUTHACK; /* XXX Assume all entries OK. */
533
534	if (ret == UPAP_AUTHNAK) {
535	if (msg == (char ) 0)
536	*msg = "Login incorrect";
537	msglen = strlen(msg);
538	/*
539	* Frustrate passwd stealer programs.
540	* Allow 10 tries, but start backing off after 3 (stolen from login).
541	* On 10'th, drop the connection.
542	*/
543	if (attempts++ >= 10) {
544	AUTHDEBUG((LOG_WARNING, "%d LOGIN FAILURES BY %s\n", attempts, user));
545	/ppp_panic("Excess Bad Logins");/
546	}
547	if (attempts > 3) {
548	sys_msleep((attempts - 3) * 5);
549	}
550	if (addrs != NULL) {
551	free_wordlist(addrs);
552	}
553	} else {
554	attempts = 0; /* Reset count */
555	if (msg == (char ) 0)
556	*msg = "Login ok";
557	msglen = strlen(msg);
558	set_allowed_addrs(unit, addrs);
559	}
560
561	BZERO(passwd, sizeof(passwd));
562	BZERO(secret, sizeof(secret));
563
564	return ret;
565	#endif
566	}
567	#endif
568
569
570	/*
571	* auth_ip_addr - check whether the peer is authorized to use
572	* a given IP address. Returns 1 if authorized, 0 otherwise.
573	*/
574	int auth_ip_addr(int unit, u32_t addr)
575	{
576	return ip_addr_check(addr, addresses[unit]);
577	}
578
579	/*
580	* bad_ip_adrs - return 1 if the IP address is one we don't want
581	* to use, such as an address in the loopback net or a multicast address.
582	* addr is in network byte order.
583	*/
584	int bad_ip_adrs(u32_t addr)
585	{
586	addr = ntohl(addr);
587	return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
588	\|\| IN_MULTICAST(addr) \|\| IN_BADCLASS(addr);
589	}
590
591
592	#if CHAP_SUPPORT > 0
593	/*
594	* get_secret - open the CHAP secret file and return the secret
595	* for authenticating the given client on the given server.
596	* (We could be either client or server).
597	*/
598	int get_secret(
599	int unit,
600	char *client,
601	char *server,
602	char *secret,
603	int *secret_len,
604	int save_addrs
605	)
606	{
607	#if 1
608	int len;
609	struct wordlist *addrs;
610
611	addrs = NULL;
612
613	if(!client \|\| !client[0] \|\| strcmp(client, ppp_settings.user)) {
614	return 0;
615	}
616
617	len = strlen(ppp_settings.passwd);
618	if (len > MAXSECRETLEN) {
619	AUTHDEBUG((LOG_ERR, "Secret for %s on %s is too long\n", client, server));
620	len = MAXSECRETLEN;
621	}
622	BCOPY(ppp_settings.passwd, secret, len);
623	*secret_len = len;
624
625	return 1;
626	#else
627	int ret = 0, len;
628	struct wordlist *addrs;
629	char secbuf[MAXWORDLEN];
630
631	addrs = NULL;
632	secbuf[0] = 0;
633
634	/* XXX Find secret. */
635	if (ret < 0)
636	return 0;
637
638	if (save_addrs)
639	set_allowed_addrs(unit, addrs);
640
641	len = strlen(secbuf);
642	if (len > MAXSECRETLEN) {
643	AUTHDEBUG((LOG_ERR, "Secret for %s on %s is too long\n", client, server));
644	len = MAXSECRETLEN;
645	}
646	BCOPY(secbuf, secret, len);
647	BZERO(secbuf, sizeof(secbuf));
648	*secret_len = len;
649
650	return 1;
651	#endif
652	}
653	#endif
654
655
656	#if 0 /* UNUSED */
657	/*
658	* auth_check_options - called to check authentication options.
659	*/
660	void auth_check_options(void)
661	{
662	lcp_options *wo = &lcp_wantoptions[0];
663	int can_auth;
664	ipcp_options *ipwo = &ipcp_wantoptions[0];
665	u32_t remote;
666
667	/* Default our_name to hostname, and user to our_name */
668	if (ppp_settings.our_name[0] == 0 \|\| ppp_settings.usehostname)
669	strcpy(ppp_settings.our_name, ppp_settings.hostname);
670	if (ppp_settings.user[0] == 0)
671	strcpy(ppp_settings.user, ppp_settings.our_name);
672
673	/* If authentication is required, ask peer for CHAP or PAP. */
674	if (ppp_settings.auth_required && !wo->neg_chap && !wo->neg_upap) {
675	wo->neg_chap = 1;
676	wo->neg_upap = 1;
677	}
678
679	/*
680	* Check whether we have appropriate secrets to use
681	* to authenticate the peer.
682	*/
683	can_auth = wo->neg_upap && have_pap_secret();
684	if (!can_auth && wo->neg_chap) {
685	remote = ipwo->accept_remote? 0: ipwo->hisaddr;
686	can_auth = have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote);
687	}
688
689	if (ppp_settings.auth_required && !can_auth) {
690	ppp_panic("No auth secret");
691	}
692	}
693	#endif
694
695
696	/**********************************/
697	/* LOCAL FUNCTION DEFINITIONS */
698	/**********************************/
699	/*
700	* Proceed to the network phase.
701	*/
702	static void network_phase(int unit)
703	{
704	int i;
705	struct protent *protp;
706	lcp_options *go = &lcp_gotoptions[unit];
707
708	/*
709	* If the peer had to authenticate, run the auth-up script now.
710	*/
711	if ((go->neg_chap \|\| go->neg_upap) && !did_authup) {
712	/* XXX Do setup for peer authentication. */
713	did_authup = 1;
714	}
715
716	#if CBCP_SUPPORT > 0
717	/*
718	* If we negotiated callback, do it now.
719	*/
720	if (go->neg_cbcp) {
721	lcp_phase[unit] = PHASE_CALLBACK;
722	(*cbcp_protent.open)(unit);
723	return;
724	}
725	#endif
726
727	lcp_phase[unit] = PHASE_NETWORK;
728	for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i)
729	if (protp->protocol < 0xC000 && protp->enabled_flag
730	&& protp->open != NULL) {
731	(*protp->open)(unit);
732	if (protp->protocol != PPP_CCP)
733	++num_np_open;
734	}
735
736	if (num_np_open == 0)
737	/* nothing to do */
738	lcp_close(0, "No network protocols running");
739	}
740
741	/*
742	* check_idle - check whether the link has been idle for long
743	* enough that we can shut it down.
744	*/
745	static void check_idle(void *arg)
746	{
747	struct ppp_idle idle;
748	u_short itime;
749
750	(void)arg;
751	if (!get_idle_time(0, &idle))
752	return;
753	itime = LWIP_MIN(idle.xmit_idle, idle.recv_idle);
754	if (itime >= ppp_settings.idle_time_limit) {
755	/* link is idle: shut it down. */
756	AUTHDEBUG((LOG_INFO, "Terminating connection due to lack of activity.\n"));
757	lcp_close(0, "Link inactive");
758	} else {
759	TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit - itime);
760	}
761	}
762
763	/*
764	* connect_time_expired - log a message and close the connection.
765	*/
766	static void connect_time_expired(void *arg)
767	{
768	(void)arg;
769
770	AUTHDEBUG((LOG_INFO, "Connect time expired\n"));
771	lcp_close(0, "Connect time expired"); /* Close connection */
772	}
773
774	#if 0
775	/*
776	* login - Check the user name and password against the system
777	* password database, and login the user if OK.
778	*
779	* returns:
780	* UPAP_AUTHNAK: Login failed.
781	* UPAP_AUTHACK: Login succeeded.
782	* In either case, msg points to an appropriate message.
783	*/
784	static int login(char user, char passwd, char *msg, int msglen)
785	{
786	/* XXX Fail until we decide that we want to support logins. */
787	return (UPAP_AUTHNAK);
788	}
789	#endif
790
791	/*
792	* logout - Logout the user.
793	*/
794	static void logout(void)
795	{
796	logged_in = 0;
797	}
798
799
800	/*
801	* null_login - Check if a username of "" and a password of "" are
802	* acceptable, and iff so, set the list of acceptable IP addresses
803	* and return 1.
804	*/
805	static int null_login(int unit)
806	{
807	(void)unit;
808	/* XXX Fail until we decide that we want to support logins. */
809	return 0;
810	}
811
812
813	/*
814	* get_pap_passwd - get a password for authenticating ourselves with
815	* our peer using PAP. Returns 1 on success, 0 if no suitable password
816	* could be found.
817	*/
818	static int get_pap_passwd(int unit, char user, char passwd)
819	{
820	/* normally we would reject PAP if no password is provided,
821	but this causes problems with some providers (like CHT in Taiwan)
822	who incorrectly request PAP and expect a bogus/empty password, so
823	always provide a default user/passwd of "none"/"none"
824	*/
825	if(user)
826	strcpy(user, "none");
827	if(passwd)
828	strcpy(passwd, "none");
829
830	return 1;
831	}
832
833
834	/*
835	* have_pap_secret - check whether we have a PAP file with any
836	* secrets that we could possibly use for authenticating the peer.
837	*/
838	static int have_pap_secret(void)
839	{
840	/* XXX Fail until we set up our passwords. */
841	return 0;
842	}
843
844
845	/*
846	* have_chap_secret - check whether we have a CHAP file with a
847	* secret that we could possibly use for authenticating `client'
848	* on `server'. Either can be the null string, meaning we don't
849	* know the identity yet.
850	*/
851	static int have_chap_secret(char client, char server, u32_t remote)
852	{
853	(void)client;
854	(void)server;
855	(void)remote;
856	/* XXX Fail until we set up our passwords. */
857	return 0;
858	}
859
860
861	#if 0 /* PAP_SUPPORT > 0 \|\| CHAP_SUPPORT > 0 */
862	/*
863	* set_allowed_addrs() - set the list of allowed addresses.
864	*/
865	static void set_allowed_addrs(int unit, struct wordlist *addrs)
866	{
867	if (addresses[unit] != NULL)
868	free_wordlist(addresses[unit]);
869	addresses[unit] = addrs;
870
871	#if 0
872	/*
873	* If there's only one authorized address we might as well
874	* ask our peer for that one right away
875	*/
876	if (addrs != NULL && addrs->next == NULL) {
877	char *p = addrs->word;
878	struct ipcp_options *wo = &ipcp_wantoptions[unit];
879	u32_t a;
880	struct hostent *hp;
881
882	if (wo->hisaddr == 0 && p != '!' && p != '-'
883	&& strchr(p, '/') == NULL) {
884	hp = gethostbyname(p);
885	if (hp != NULL && hp->h_addrtype == AF_INET)
886	a = (u32_t )hp->h_addr;
887	else
888	a = inet_addr(p);
889	if (a != (u32_t) -1)
890	wo->hisaddr = a;
891	}
892	}
893	#endif
894	}
895	#endif
896
897	static int ip_addr_check(u32_t addr, struct wordlist *addrs)
898	{
899
900	/* don't allow loopback or multicast address */
901	if (bad_ip_adrs(addr))
902	return 0;
903
904	if (addrs == NULL)
905	return !ppp_settings.auth_required; /* no addresses authorized */
906
907	/* XXX All other addresses allowed. */
908	return 1;
909	}
910
911	#if 0 /* PAP_SUPPORT > 0 \|\| CHAP_SUPPORT */
912	/*
913	* free_wordlist - release memory allocated for a wordlist.
914	*/
915	static void free_wordlist(struct wordlist *wp)
916	{
917	struct wordlist *next;
918
919	while (wp != NULL) {
920	next = wp->next;
921	free(wp);
922	wp = next;
923	}
924	}
925	#endif
926
927	#endif /* PPP_SUPPORT */

Note: See TracBrowser for help on using the browser.

root/webserver/example/freeRTOS/Demo/Common/ethernet/lwIP/netif/ppp/auth.c

Download in other formats: