2 * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
3 * based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
4 * Internet Initiative Japan, Inc (IIJ)
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * $FreeBSD: src/usr.sbin/ppp/pap.c,v 1.42.2.4 2002/09/01 02:12:29 brian Exp $
29 * $DragonFly: src/usr.sbin/ppp/pap.c,v 1.2 2003/06/17 04:30:00 dillon Exp $
32 #include <sys/param.h>
33 #include <netinet/in.h>
34 #include <netinet/in_systm.h>
35 #include <netinet/ip.h>
36 #include <sys/socket.h>
40 #include <string.h> /* strlen/memcpy */
56 #include "throughput.h"
59 #include "descriptor.h"
62 #include "slcompress.h"
78 static const char * const papcodes
[] = {
79 "???", "REQUEST", "SUCCESS", "FAILURE"
81 #define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1)
84 pap_Req(struct authinfo
*authp
)
86 struct bundle
*bundle
= authp
->physical
->dl
->bundle
;
90 int namelen
, keylen
, plen
;
92 namelen
= strlen(bundle
->cfg
.auth
.name
);
93 keylen
= strlen(bundle
->cfg
.auth
.key
);
94 plen
= namelen
+ keylen
+ 2;
95 log_Printf(LogDEBUG
, "pap_Req: namelen = %d, keylen = %d\n", namelen
, keylen
);
96 log_Printf(LogPHASE
, "Pap Output: %s ********\n", bundle
->cfg
.auth
.name
);
97 if (*bundle
->cfg
.auth
.name
== '\0')
98 log_Printf(LogWARN
, "Sending empty PAP authname!\n");
99 lh
.code
= PAP_REQUEST
;
101 lh
.length
= htons(plen
+ sizeof(struct fsmheader
));
102 bp
= m_get(plen
+ sizeof(struct fsmheader
), MB_PAPOUT
);
103 memcpy(MBUF_CTOP(bp
), &lh
, sizeof(struct fsmheader
));
104 cp
= MBUF_CTOP(bp
) + sizeof(struct fsmheader
);
106 memcpy(cp
, bundle
->cfg
.auth
.name
, namelen
);
109 memcpy(cp
, bundle
->cfg
.auth
.key
, keylen
);
110 link_PushPacket(&authp
->physical
->link
, bp
, bundle
,
111 LINK_QUEUES(&authp
->physical
->link
) - 1, PROTO_PAP
);
115 SendPapCode(struct authinfo
*authp
, int code
, const char *message
)
124 mlen
= strlen(message
);
126 lh
.length
= htons(plen
+ sizeof(struct fsmheader
));
127 bp
= m_get(plen
+ sizeof(struct fsmheader
), MB_PAPOUT
);
128 memcpy(MBUF_CTOP(bp
), &lh
, sizeof(struct fsmheader
));
129 cp
= MBUF_CTOP(bp
) + sizeof(struct fsmheader
);
131 * If our message is longer than 255 bytes, truncate the length to
132 * 255 and send the entire message anyway. Maybe the other end will
133 * display it... (see pap_Input() !)
135 *cp
++ = mlen
> 255 ? 255 : mlen
;
136 memcpy(cp
, message
, mlen
);
137 log_Printf(LogPHASE
, "Pap Output: %s\n", papcodes
[code
]);
139 link_PushPacket(&authp
->physical
->link
, bp
, authp
->physical
->dl
->bundle
,
140 LINK_QUEUES(&authp
->physical
->link
) - 1, PROTO_PAP
);
144 pap_Success(struct authinfo
*authp
)
146 struct bundle
*bundle
= authp
->physical
->dl
->bundle
;
148 datalink_GotAuthname(authp
->physical
->dl
, authp
->in
.name
);
150 if (*bundle
->radius
.cfg
.file
&& bundle
->radius
.repstr
)
151 SendPapCode(authp
, PAP_ACK
, bundle
->radius
.repstr
);
154 SendPapCode(authp
, PAP_ACK
, "Greetings!!");
155 authp
->physical
->link
.lcp
.auth_ineed
= 0;
156 if (Enabled(bundle
, OPT_UTMP
))
157 physical_Login(authp
->physical
, authp
->in
.name
);
159 if (authp
->physical
->link
.lcp
.auth_iwait
== 0)
161 * Either I didn't need to authenticate, or I've already been
162 * told that I got the answer right.
164 datalink_AuthOk(authp
->physical
->dl
);
168 pap_Failure(struct authinfo
*authp
)
170 SendPapCode(authp
, PAP_NAK
, "Login incorrect");
171 datalink_AuthNotOk(authp
->physical
->dl
);
175 pap_Init(struct authinfo
*pap
, struct physical
*p
)
177 auth_Init(pap
, p
, pap_Req
, pap_Success
, pap_Failure
);
181 pap_Input(struct bundle
*bundle
, struct link
*l
, struct mbuf
*bp
)
183 struct physical
*p
= link2physical(l
);
184 struct authinfo
*authp
= &p
->dl
->pap
;
185 u_char nlen
, klen
, *key
;
190 log_Printf(LogERROR
, "pap_Input: Not a physical link - dropped\n");
195 if (bundle_Phase(bundle
) != PHASE_NETWORK
&&
196 bundle_Phase(bundle
) != PHASE_AUTHENTICATE
) {
197 log_Printf(LogPHASE
, "Unexpected pap input - dropped !\n");
202 if ((bp
= auth_ReadHeader(authp
, bp
)) == NULL
&&
203 ntohs(authp
->in
.hdr
.length
) == 0) {
204 log_Printf(LogWARN
, "Pap Input: Truncated header !\n");
208 if (authp
->in
.hdr
.code
== 0 || authp
->in
.hdr
.code
> MAXPAPCODE
) {
209 log_Printf(LogPHASE
, "Pap Input: %d: Bad PAP code !\n", authp
->in
.hdr
.code
);
214 if (authp
->in
.hdr
.code
!= PAP_REQUEST
&& authp
->id
!= authp
->in
.hdr
.id
&&
215 Enabled(bundle
, OPT_IDCHECK
)) {
216 /* Wrong conversation dude ! */
217 log_Printf(LogPHASE
, "Pap Input: %s dropped (got id %d, not %d)\n",
218 papcodes
[authp
->in
.hdr
.code
], authp
->in
.hdr
.id
, authp
->id
);
222 m_settype(bp
, MB_PAPIN
);
223 authp
->id
= authp
->in
.hdr
.id
; /* We respond with this id */
226 bp
= mbuf_Read(bp
, &nlen
, 1);
227 if (authp
->in
.hdr
.code
== PAP_ACK
) {
229 * Don't restrict the length of our acknowledgement freetext to
230 * nlen (a one-byte length). Show the rest of the ack packet
231 * instead. This isn't really part of the protocol.....
235 txtlen
= m_length(bp
);
237 bp
= auth_ReadName(authp
, bp
, nlen
);
238 txt
= authp
->in
.name
;
239 txtlen
= strlen(authp
->in
.name
);
246 log_Printf(LogPHASE
, "Pap Input: %s (%.*s)\n",
247 papcodes
[authp
->in
.hdr
.code
], txtlen
, txt
);
249 switch (authp
->in
.hdr
.code
) {
252 log_Printf(LogPHASE
, "Pap Input: No key given !\n");
255 bp
= mbuf_Read(bp
, &klen
, 1);
256 if (m_length(bp
) < klen
) {
257 log_Printf(LogERROR
, "Pap Input: Truncated key !\n");
260 if ((key
= malloc(klen
+1)) == NULL
) {
261 log_Printf(LogERROR
, "Pap Input: Out of memory !\n");
264 bp
= mbuf_Read(bp
, key
, klen
);
268 if (*bundle
->radius
.cfg
.file
) {
269 if (!radius_Authenticate(&bundle
->radius
, authp
, authp
->in
.name
,
270 key
, strlen(key
), NULL
, 0))
274 if (auth_Validate(bundle
, authp
->in
.name
, key
, p
))
283 auth_StopTimer(authp
);
284 if (p
->link
.lcp
.auth_iwait
== PROTO_PAP
) {
285 p
->link
.lcp
.auth_iwait
= 0;
286 if (p
->link
.lcp
.auth_ineed
== 0)
288 * We've succeeded in our ``login''
289 * If we're not expecting the peer to authenticate (or he already
290 * has), proceed to network phase.
292 datalink_AuthOk(p
->dl
);
297 auth_StopTimer(authp
);
298 datalink_AuthNotOk(p
->dl
);