2 * auth.c - PPP authentication and phase control.
4 * Copyright (c) 1993 The Australian National University.
7 * Redistribution and use in source and binary forms are permitted
8 * provided that the above copyright notice and this paragraph are
9 * duplicated in all such forms and that any documentation,
10 * advertising materials, and other materials related to such
11 * distribution and use acknowledge that the software was developed
12 * by the Australian National University. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission.
15 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
17 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
19 * Copyright (c) 1989 Carnegie Mellon University.
20 * All rights reserved.
22 * Redistribution and use in source and binary forms are permitted
23 * provided that the above copyright notice and this paragraph are
24 * duplicated in all such forms and that any documentation,
25 * advertising materials, and other materials related to such
26 * distribution and use acknowledge that the software was developed
27 * by Carnegie Mellon University. The name of the
28 * University may not be used to endorse or promote products derived
29 * from this software without specific prior written permission.
30 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
31 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
32 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
34 * $FreeBSD: src/usr.sbin/pppd/auth.c,v 1.24.2.2 2002/03/12 08:55:22 maxim Exp $
35 * $DragonFly: src/usr.sbin/pppd/auth.c,v 1.5 2005/11/24 23:42:54 swildner Exp $
46 #include <sys/types.h>
48 #include <sys/socket.h>
51 #if defined(_PATH_LASTLOG) && defined(_linux_)
56 #include <netinet/in.h>
57 #include <arpa/inet.h>
62 #include <security/pam_appl.h>
68 #define PW_PPP PW_LOGIN
81 #include "pathnames.h"
83 /* Used for storing a sequence of words. Usually malloced. */
85 struct wordlist
*next
;
89 /* Bits in scan_authfile return value */
90 #define NONWILD_SERVER 1
91 #define NONWILD_CLIENT 2
93 #define ISWILD(word) (word[0] == '*' && word[1] == 0)
98 /* The name by which the peer authenticated itself to us. */
99 char peer_authname
[MAXNAMELEN
];
101 /* Records which authentication operations haven't completed yet. */
102 static int auth_pending
[NUM_PPP
];
104 /* Set if we have successfully called plogin() */
105 static int logged_in
;
107 /* Set if not wild or blank */
108 static int non_wildclient
;
110 /* Set if we have run the /etc/ppp/auth-up script. */
111 static int did_authup
;
113 /* List of addresses which the peer may use. */
114 static struct wordlist
*addresses
[NUM_PPP
];
116 /* Number of network protocols which we have opened. */
117 static int num_np_open
;
119 /* Number of network protocols which have come up. */
120 static int num_np_up
;
122 /* Set if we got the contents of passwd[] from the pap-secrets file. */
123 static int passwd_from_file
;
125 /* Bits in auth_pending[] */
126 #define PAP_WITHPEER 1
128 #define CHAP_WITHPEER 4
131 extern char *crypt(const char *, const char *);
133 /* Prototypes for procedures local to this file. */
135 static void network_phase(int);
136 static void check_idle(void *);
137 static void connect_time_expired(void *);
138 static int plogin(char *, char *, char **, int *);
139 static void plogout(void);
140 static int null_login(int);
141 static int get_pap_passwd(char *);
142 static int have_pap_secret(void);
143 static int have_chap_secret(char *, char *, u_int32_t
);
144 static int ip_addr_check(u_int32_t
, struct wordlist
*);
145 static int scan_authfile(FILE *, char *, char *, u_int32_t
, char *,
146 struct wordlist
**, char *);
147 static void free_wordlist(struct wordlist
*);
148 static void auth_set_ip_addr(int);
149 static void auth_script(char *);
150 static void set_allowed_addrs(int, struct wordlist
*);
153 * An Open on LCP has requested a change from Dead to Establish phase.
154 * Do what's necessary to bring the physical layer up.
157 link_required(int unit
)
162 * LCP has terminated the link; go to the Dead phase and take the
163 * physical layer down.
166 link_terminated(int unit
)
168 extern time_t etime
, stime
;
171 if (phase
== PHASE_DEAD
)
176 etime
= time((time_t *) NULL
);
177 minutes
= (etime
-stime
)/60;
178 syslog(LOG_NOTICE
, "Connection terminated, connected for %d minutes\n",
179 minutes
> 1 ? minutes
: 1);
183 * LCP has gone down; it will either die or try to re-establish.
189 struct protent
*protp
;
192 auth_script(_PATH_AUTHDOWN
);
195 for (i
= 0; (protp
= protocols
[i
]) != NULL
; ++i
) {
196 if (!protp
->enabled_flag
)
198 if (protp
->protocol
!= PPP_LCP
&& protp
->lowerdown
!= NULL
)
199 (*protp
->lowerdown
)(unit
);
200 if (protp
->protocol
< 0xC000 && protp
->close
!= NULL
)
201 (*protp
->close
)(unit
, "LCP down");
205 if (phase
!= PHASE_DEAD
)
206 phase
= PHASE_TERMINATE
;
210 * The link is established.
211 * Proceed to the Dead, Authenticate or Network phase as appropriate.
214 link_established(int unit
)
217 lcp_options
*wo
= &lcp_wantoptions
[unit
];
218 lcp_options
*go
= &lcp_gotoptions
[unit
];
219 lcp_options
*ho
= &lcp_hisoptions
[unit
];
221 struct protent
*protp
;
224 * Tell higher-level protocols that LCP is up.
226 for (i
= 0; (protp
= protocols
[i
]) != NULL
; ++i
)
227 if (protp
->protocol
!= PPP_LCP
&& protp
->enabled_flag
228 && protp
->lowerup
!= NULL
)
229 (*protp
->lowerup
)(unit
);
231 if (auth_required
&& !(go
->neg_chap
|| go
->neg_upap
)) {
233 * We wanted the peer to authenticate itself, and it refused:
234 * treat it as though it authenticated with PAP using a username
235 * of "" and a password of "". If that's not OK, boot it out.
237 if (!wo
->neg_upap
|| !null_login(unit
)) {
238 syslog(LOG_WARNING
, "peer refused to authenticate");
239 lcp_close(unit
, "peer refused to authenticate");
244 phase
= PHASE_AUTHENTICATE
;
247 ChapAuthPeer(unit
, our_name
, go
->chap_mdtype
);
249 } else if (go
->neg_upap
) {
254 ChapAuthWithPeer(unit
, user
, ho
->chap_mdtype
);
255 auth
|= CHAP_WITHPEER
;
256 } else if (ho
->neg_upap
) {
257 if (passwd
[0] == 0) {
258 passwd_from_file
= 1;
259 if (!get_pap_passwd(passwd
))
260 syslog(LOG_ERR
, "No secret found for PAP login");
262 upap_authwithpeer(unit
, user
, passwd
);
263 auth
|= PAP_WITHPEER
;
265 auth_pending
[unit
] = auth
;
272 * Proceed to the network phase.
275 network_phase(int unit
)
278 struct protent
*protp
;
279 lcp_options
*go
= &lcp_gotoptions
[unit
];
282 * If the peer had to authenticate, run the auth-up script now.
284 if ((go
->neg_chap
|| go
->neg_upap
) && !did_authup
) {
285 auth_script(_PATH_AUTHUP
);
291 * If we negotiated callback, do it now.
294 phase
= PHASE_CALLBACK
;
295 (*cbcp_protent
.open
)(unit
);
300 phase
= PHASE_NETWORK
;
303 set_filters(&pass_filter
, &active_filter
);
305 for (i
= 0; (protp
= protocols
[i
]) != NULL
; ++i
)
306 if (protp
->protocol
< 0xC000 && protp
->enabled_flag
307 && protp
->open
!= NULL
) {
308 (*protp
->open
)(unit
);
309 if (protp
->protocol
!= PPP_CCP
)
313 if (num_np_open
== 0)
315 lcp_close(0, "No network protocols running");
319 * The peer has failed to authenticate himself using `protocol'.
322 auth_peer_fail(int unit
, int protocol
)
325 * Authentication failure: take the link down
327 lcp_close(unit
, "Authentication failed");
331 * The peer has been successfully authenticated using `protocol'.
334 auth_peer_success(int unit
, int protocol
, char *name
, int namelen
)
346 syslog(LOG_WARNING
, "auth_peer_success: unknown protocol %x",
352 * Save the authenticated name of the peer for later.
354 if (namelen
> sizeof(peer_authname
) - 1)
355 namelen
= sizeof(peer_authname
) - 1;
356 BCOPY(name
, peer_authname
, namelen
);
357 peer_authname
[namelen
] = 0;
360 * If we have overridden addresses based on auth info
361 * then set that information now before continuing.
363 auth_set_ip_addr(unit
);
365 script_setenv("PEERNAME", peer_authname
);
368 * If there is no more authentication still to be done,
369 * proceed to the network (or callback) phase.
371 if ((auth_pending
[unit
] &= ~bit
) == 0)
376 * We have failed to authenticate ourselves to the peer using `protocol'.
379 auth_withpeer_fail(int unit
, int protocol
)
381 if (passwd_from_file
)
382 BZERO(passwd
, MAXSECRETLEN
);
384 * We've failed to authenticate ourselves to our peer.
385 * He'll probably take the link down, and there's not much
386 * we can do except wait for that.
391 * We have successfully authenticated ourselves with the peer using `protocol'.
394 auth_withpeer_success(int unit
, int protocol
)
403 if (passwd_from_file
)
404 BZERO(passwd
, MAXSECRETLEN
);
408 syslog(LOG_WARNING
, "auth_peer_success: unknown protocol %x",
414 * If we have overridden addresses based on auth info
415 * then set that information now before continuing.
417 auth_set_ip_addr(unit
);
420 * If there is no more authentication still being done,
421 * proceed to the network (or callback) phase.
423 if ((auth_pending
[unit
] &= ~bit
) == 0)
429 * np_up - a network protocol has come up.
432 np_up(int unit
, int proto
)
434 if (num_np_up
== 0) {
436 * At this point we consider that the link has come up successfully.
440 if (idle_time_limit
> 0)
441 TIMEOUT(check_idle
, NULL
, idle_time_limit
);
444 * Set a timeout to close the connection once the maximum
445 * connect time has expired.
448 TIMEOUT(connect_time_expired
, 0, maxconnect
);
451 * Detach now, if the updetach option was given.
460 * np_down - a network protocol has gone down.
463 np_down(int unit
, int proto
)
465 if (--num_np_up
== 0 && idle_time_limit
> 0) {
466 UNTIMEOUT(check_idle
, NULL
);
471 * np_finished - a network protocol has finished using the link.
474 np_finished(int unit
, int proto
)
476 if (--num_np_open
<= 0) {
477 /* no further use for the link: shut up shop. */
478 lcp_close(0, "No network protocols running");
483 * check_idle - check whether the link has been idle for long
484 * enough that we can shut it down.
487 check_idle(void *arg
)
489 struct ppp_idle idle
;
492 if (!get_idle_time(0, &idle
))
494 itime
= MIN(idle
.xmit_idle
, idle
.recv_idle
);
495 if (itime
>= idle_time_limit
) {
496 /* link is idle: shut it down. */
497 syslog(LOG_INFO
, "Terminating connection due to lack of activity.");
498 lcp_close(0, "Link inactive");
500 TIMEOUT(check_idle
, NULL
, idle_time_limit
- itime
);
505 * connect_time_expired - log a message and close the connection.
508 connect_time_expired(void *arg
)
510 syslog(LOG_INFO
, "Connect time expired");
511 lcp_close(0, "Connect time expired"); /* Close connection */
515 * auth_check_options - called to check authentication options.
518 auth_check_options(void)
520 lcp_options
*wo
= &lcp_wantoptions
[0];
522 ipcp_options
*ipwo
= &ipcp_wantoptions
[0];
525 /* Default our_name to hostname, and user to our_name */
526 if (our_name
[0] == 0 || usehostname
)
527 strcpy(our_name
, hostname
);
529 strcpy(user
, our_name
);
531 /* If authentication is required, ask peer for CHAP or PAP. */
532 if (auth_required
&& !wo
->neg_chap
&& !wo
->neg_upap
) {
538 * Check whether we have appropriate secrets to use
539 * to authenticate the peer.
541 can_auth
= wo
->neg_upap
&& (uselogin
|| have_pap_secret());
542 if (!can_auth
&& wo
->neg_chap
) {
543 remote
= ipwo
->accept_remote
? 0: ipwo
->hisaddr
;
544 can_auth
= have_chap_secret(remote_name
, our_name
, remote
);
547 if (auth_required
&& !can_auth
) {
548 option_error("peer authentication required but no suitable secret(s) found\n");
549 if (remote_name
[0] == 0)
550 option_error("for authenticating any peer to us (%s)\n", our_name
);
552 option_error("for authenticating peer %s to us (%s)\n",
553 remote_name
, our_name
);
558 * Check whether the user tried to override certain values
561 if (!auth_required
&& auth_req_info
.priv
> 0) {
562 if (!default_device
&& devnam_info
.priv
== 0) {
563 option_error("can't override device name when noauth option used");
566 if ((connector
!= NULL
&& connector_info
.priv
== 0)
567 || (disconnector
!= NULL
&& disconnector_info
.priv
== 0)
568 || (welcomer
!= NULL
&& welcomer_info
.priv
== 0)) {
569 option_error("can't override connect, disconnect or welcome");
570 option_error("option values when noauth option used");
577 * auth_reset - called when LCP is starting negotiations to recheck
578 * authentication options, i.e. whether we have appropriate secrets
579 * to use for authenticating ourselves and/or the peer.
584 lcp_options
*go
= &lcp_gotoptions
[unit
];
585 lcp_options
*ao
= &lcp_allowoptions
[0];
586 ipcp_options
*ipwo
= &ipcp_wantoptions
[0];
589 ao
->neg_upap
= !refuse_pap
&& (passwd
[0] != 0 || get_pap_passwd(NULL
));
590 ao
->neg_chap
= !refuse_chap
591 && have_chap_secret(user
, remote_name
, (u_int32_t
)0);
593 if (go
->neg_upap
&& !uselogin
&& !have_pap_secret())
596 remote
= ipwo
->accept_remote
? 0: ipwo
->hisaddr
;
597 if (!have_chap_secret(remote_name
, our_name
, remote
))
604 * check_passwd - Check the user name and passwd against the PAP secrets
605 * file. If requested, also check against the system password database,
606 * and login the user if OK.
609 * UPAP_AUTHNAK: Authentication failed.
610 * UPAP_AUTHACK: Authentication succeeded.
611 * In either case, msg points to an appropriate message.
614 check_passwd(int unit
, char *auser
, int userlen
, char *apasswd
, int passwdlen
,
615 char **msg
, int *msglen
)
620 struct wordlist
*addrs
;
622 ipcp_options
*ipwo
= &ipcp_wantoptions
[unit
];
623 char passwd
[256], user
[256];
624 char secret
[MAXWORDLEN
];
625 static int attempts
= 0;
629 * Make copies of apasswd and auser, then null-terminate them.
631 len
= MIN(passwdlen
, sizeof(passwd
) - 1);
632 BCOPY(apasswd
, passwd
, len
);
634 len
= MIN(userlen
, sizeof(user
) - 1);
635 BCOPY(auser
, user
, len
);
640 * Open the file of pap secrets and scan for a suitable secret
641 * for authenticating this user.
643 filename
= _PATH_UPAPFILE
;
646 f
= fopen(filename
, "r");
648 syslog(LOG_ERR
, "Can't open PAP password file %s: %m", filename
);
652 check_access(f
, filename
);
653 remote
= ipwo
->accept_remote
? 0: ipwo
->hisaddr
;
654 if (scan_authfile(f
, user
, our_name
, remote
,
655 secret
, &addrs
, filename
) < 0) {
656 warn("no PAP secret found for %s", user
);
658 if (secret
[0] != 0) {
659 /* password given in pap-secrets - must match */
660 if ((cryptpap
|| strcmp(passwd
, secret
) != 0)
661 && strcmp(crypt(passwd
, secret
), secret
) != 0) {
663 warn("PAP authentication failure for %s", user
);
670 if (uselogin
&& ret
== UPAP_AUTHACK
) {
671 ret
= plogin(user
, passwd
, msg
, msglen
);
672 if (ret
== UPAP_AUTHNAK
) {
673 syslog(LOG_WARNING
, "PAP login failure for %s", user
);
677 if (ret
== UPAP_AUTHNAK
) {
678 if (*msg
== (char *) 0)
679 *msg
= "Login incorrect";
680 *msglen
= strlen(*msg
);
682 * Frustrate passwd stealer programs.
683 * Allow 10 tries, but start backing off after 3 (stolen from login).
684 * On 10'th, drop the connection.
686 if (attempts
++ >= 10) {
687 syslog(LOG_WARNING
, "%d LOGIN FAILURES ON %s, %s",
688 attempts
, devnam
, user
);
692 sleep((u_int
) (attempts
- 3) * 5);
694 free_wordlist(addrs
);
697 attempts
= 0; /* Reset count */
698 if (*msg
== (char *) 0)
700 *msglen
= strlen(*msg
);
701 set_allowed_addrs(unit
, addrs
);
704 BZERO(passwd
, sizeof(passwd
));
705 BZERO(secret
, sizeof(secret
));
711 * Check if an "entry" is in the file "fname" - used by ppplogin.
712 * Taken from libexec/ftpd/ftpd.c
713 * Returns: 0 if not found, 1 if found, 2 if file can't be opened for reading.
716 checkfile(char *fname
, char *name
)
720 char *p
, line
[BUFSIZ
];
722 if ((fd
= fopen(fname
, "r")) != NULL
) {
723 while (fgets(line
, sizeof(line
), fd
) != NULL
)
724 if ((p
= strchr(line
, '\n')) != NULL
) {
728 if (strcmp(line
, name
) == 0) {
741 * This function is needed for PAM.
745 static char *PAM_username
= "";
746 static char *PAM_password
= "";
748 #ifdef PAM_ESTABLISH_CRED /* new PAM defines :(^ */
749 #define MY_PAM_STRERROR(err_code) (char *) pam_strerror(pamh,err_code)
751 #define MY_PAM_STRERROR(err_code) (char *) pam_strerror(err_code)
754 static int pam_conv (int num_msg
,
755 const struct pam_message
**msg
,
756 struct pam_response
**resp
,
759 int count
= 0, replies
= 0;
760 struct pam_response
*reply
= NULL
;
763 for (count
= 0; count
< num_msg
; count
++)
765 size
+= sizeof (struct pam_response
);
766 reply
= realloc (reply
, size
); /* ANSI: is malloc() if reply==NULL */
770 switch (msg
[count
]->msg_style
)
772 case PAM_PROMPT_ECHO_ON
:
773 reply
[replies
].resp_retcode
= PAM_SUCCESS
;
774 reply
[replies
++].resp
= strdup(PAM_username
); /* never NULL */
777 case PAM_PROMPT_ECHO_OFF
:
778 reply
[replies
].resp_retcode
= PAM_SUCCESS
;
779 reply
[replies
++].resp
= strdup(PAM_password
); /* never NULL */
783 reply
[replies
].resp_retcode
= PAM_SUCCESS
;
784 reply
[replies
++].resp
= NULL
;
804 * plogin - Check the user name and password against the system
805 * password database, and login the user if OK.
808 * UPAP_AUTHNAK: Login failed.
809 * UPAP_AUTHACK: Login succeeded.
810 * In either case, msg points to an appropriate message.
812 * UPAP_AUTHACK should only be returned *after* wtmp and utmp are updated.
816 plogin(char *user
, char *passwd
, char **msg
, int *msglen
)
821 struct pam_conv pam_conversation
;
825 * Fill the pam_conversion structure
827 memset (&pam_conversation
, '\0', sizeof (struct pam_conv
));
828 pam_conversation
.conv
= &pam_conv
;
830 pam_error
= pam_start ("ppp", user
, &pam_conversation
, &pamh
);
832 if (pam_error
!= PAM_SUCCESS
) {
833 *msg
= MY_PAM_STRERROR (pam_error
);
837 * Define the fields for the credintial validation
839 pam_set_item (pamh
, PAM_TTY
, devnam
);
841 PAM_password
= passwd
;
845 pam_error
= pam_authenticate (pamh
, PAM_SILENT
);
846 if (pam_error
== PAM_SUCCESS
) {
847 pam_error
= pam_acct_mgmt (pamh
, PAM_SILENT
);
849 /* start a session for this user. Session closed when link ends. */
850 if (pam_error
== PAM_SUCCESS
)
851 pam_open_session (pamh
, PAM_SILENT
);
854 *msg
= MY_PAM_STRERROR (pam_error
);
861 pam_end (pamh
, pam_error
);
863 if (pam_error
!= PAM_SUCCESS
)
866 * Use the non-PAM methods directly
868 #else /* #ifdef USE_PAM */
877 struct spwd
*getspnam();
883 return (UPAP_AUTHNAK
);
886 * Check that the user is not listed in /etc/ppp/ppp.deny
887 * and that the user's shell is listed in /etc/ppp/ppp.shells
888 * if /etc/ppp/ppp.shells exists.
891 if (checkfile(_PATH_PPPDENY
, user
) == 1) {
892 syslog(LOG_WARNING
, "upap user %s: login denied in %s",
893 user
, _PATH_PPPDENY
);
894 return (UPAP_AUTHNAK
);
897 if (checkfile(_PATH_PPPSHELLS
, pw
->pw_shell
) == 0) {
898 syslog(LOG_WARNING
, "upap user %s: shell %s not in %s",
899 user
, pw
->pw_shell
, _PATH_PPPSHELLS
);
900 return (UPAP_AUTHNAK
);
904 spwd
= getspnam(user
);
907 /* check the age of the password entry */
908 long now
= time(NULL
) / 86400L;
910 if ((spwd
->sp_expire
> 0 && now
>= spwd
->sp_expire
)
911 || ((spwd
->sp_max
>= 0 && spwd
->sp_max
< 10000)
912 && spwd
->sp_lstchg
>= 0
913 && now
>= spwd
->sp_lstchg
+ spwd
->sp_max
)) {
914 syslog(LOG_WARNING
, "Password for %s has expired", user
);
915 return (UPAP_AUTHNAK
);
917 pw
->pw_passwd
= spwd
->sp_pwdp
;
922 * If no passwd, don't let them login.
924 if (pw
->pw_passwd
== NULL
|| *pw
->pw_passwd
== '\0'
925 || strcmp(crypt(passwd
, pw
->pw_passwd
), pw
->pw_passwd
) != 0)
926 return (UPAP_AUTHNAK
);
929 gettimeofday(&tp
, (struct timezone
*)NULL
);
930 if (tp
.tv_sec
>= pw
->pw_expire
) {
931 syslog(LOG_INFO
, "pap user %s account expired", user
);
932 return (UPAP_AUTHNAK
);
936 /* These functions are not enabled for PAM. The reason for this is that */
937 /* there is not necessarily a "passwd" entry for this user. That is */
938 /* real purpose of 'PAM' -- to virtualize the account data from the */
939 /* application. If you want to do the same thing, write the entry in */
940 /* the 'session' hook. */
942 /* Log in wtmp and utmp using login() */
945 if (strncmp(tty
, _PATH_DEV
, sizeof _PATH_DEV
- 1) == 0)
948 if (logout(tty
)) /* Already entered (by login?) */
949 logwtmp(tty
, "", "");
951 #if defined(_PATH_LASTLOG)
956 if ((fd
= open(_PATH_LASTLOG
, O_RDWR
, 0)) >= 0) {
957 lseek(fd
, (off_t
)(pw
->pw_uid
* sizeof(ll
)), SEEK_SET
);
958 memset((void *)&ll
, 0, sizeof(ll
));
960 strncpy(ll
.ll_line
, tty
, sizeof(ll
.ll_line
));
961 write(fd
, (char *)&ll
, sizeof(ll
));
967 memset((void *)&utmp
, 0, sizeof(utmp
));
969 strncpy(utmp
.ut_name
, user
, sizeof(utmp
.ut_name
));
970 strncpy(utmp
.ut_host
, ":PPP", sizeof(utmp
.ut_host
));
971 strncpy(utmp
.ut_line
, tty
, sizeof(utmp
.ut_line
));
972 login(&utmp
); /* This logs us in wtmp too */
974 #endif /* #ifdef USE_PAM */
976 syslog(LOG_INFO
, "user %s logged in", user
);
979 return (UPAP_AUTHACK
);
983 * plogout - Logout the user.
989 struct pam_conv pam_conversation
;
993 * Fill the pam_conversion structure. The PAM specification states that the
994 * session must be able to be closed by a totally different handle from which
995 * it was created. Hold the PAM group to their own specification!
997 memset (&pam_conversation
, '\0', sizeof (struct pam_conv
));
998 pam_conversation
.conv
= &pam_conv
;
1000 pam_error
= pam_start ("ppp", user
, &pam_conversation
, &pamh
);
1001 if (pam_error
== PAM_SUCCESS
) {
1002 pam_set_item (pamh
, PAM_TTY
, devnam
);
1003 pam_close_session (pamh
, PAM_SILENT
);
1004 pam_end (pamh
, PAM_SUCCESS
);
1011 if (strncmp(tty
, _PATH_DEV
, sizeof _PATH_DEV
- 1) == 0)
1013 logwtmp(tty
, "", ""); /* Wipe out wtmp logout entry */
1014 logout(tty
); /* Wipe out utmp */
1022 * null_login - Check if a username of "" and a password of "" are
1023 * acceptable, and iff so, set the list of acceptable IP addresses
1027 null_login(int unit
)
1032 struct wordlist
*addrs
;
1033 char secret
[MAXWORDLEN
];
1036 * Open the file of pap secrets and scan for a suitable secret.
1037 * We don't accept a wildcard client.
1039 filename
= _PATH_UPAPFILE
;
1041 f
= fopen(filename
, "r");
1044 check_access(f
, filename
);
1046 i
= scan_authfile(f
, "", our_name
, (u_int32_t
)0, secret
, &addrs
, filename
);
1047 ret
= i
>= 0 && (i
& NONWILD_CLIENT
) != 0 && secret
[0] == 0;
1048 BZERO(secret
, sizeof(secret
));
1051 set_allowed_addrs(unit
, addrs
);
1053 free_wordlist(addrs
);
1061 * get_pap_passwd - get a password for authenticating ourselves with
1062 * our peer using PAP. Returns 1 on success, 0 if no suitable password
1066 get_pap_passwd(char *passwd
)
1071 struct wordlist
*addrs
;
1072 char secret
[MAXWORDLEN
];
1074 filename
= _PATH_UPAPFILE
;
1076 f
= fopen(filename
, "r");
1079 check_access(f
, filename
);
1080 ret
= scan_authfile(f
, user
,
1081 remote_name
[0]? remote_name
: NULL
,
1082 (u_int32_t
)0, secret
, NULL
, filename
);
1086 if (passwd
!= NULL
) {
1087 strncpy(passwd
, secret
, MAXSECRETLEN
);
1088 passwd
[MAXSECRETLEN
-1] = 0;
1090 BZERO(secret
, sizeof(secret
));
1096 * have_pap_secret - check whether we have a PAP file with any
1097 * secrets that we could possibly use for authenticating the peer.
1100 have_pap_secret(void)
1105 ipcp_options
*ipwo
= &ipcp_wantoptions
[0];
1108 filename
= _PATH_UPAPFILE
;
1109 f
= fopen(filename
, "r");
1113 remote
= ipwo
->accept_remote
? 0: ipwo
->hisaddr
;
1114 ret
= scan_authfile(f
, NULL
, our_name
, remote
, NULL
, NULL
, filename
);
1124 * have_chap_secret - check whether we have a CHAP file with a
1125 * secret that we could possibly use for authenticating `client'
1126 * on `server'. Either can be the null string, meaning we don't
1127 * know the identity yet.
1130 have_chap_secret(char *client
, char *server
, u_int32_t remote
)
1136 filename
= _PATH_CHAPFILE
;
1137 f
= fopen(filename
, "r");
1143 else if (server
[0] == 0)
1146 ret
= scan_authfile(f
, client
, server
, remote
, NULL
, NULL
, filename
);
1156 * get_secret - open the CHAP secret file and return the secret
1157 * for authenticating the given client on the given server.
1158 * (We could be either client or server).
1161 get_secret(int unit
, char *client
, char *server
, char *secret
, int *secret_len
,
1167 struct wordlist
*addrs
;
1168 char secbuf
[MAXWORDLEN
];
1170 filename
= _PATH_CHAPFILE
;
1174 f
= fopen(filename
, "r");
1176 syslog(LOG_ERR
, "Can't open chap secret file %s: %m", filename
);
1179 check_access(f
, filename
);
1181 ret
= scan_authfile(f
, client
, server
, (u_int32_t
)0,
1182 secbuf
, &addrs
, filename
);
1188 set_allowed_addrs(unit
, addrs
);
1190 len
= strlen(secbuf
);
1191 if (len
> MAXSECRETLEN
) {
1192 syslog(LOG_ERR
, "Secret for %s on %s is too long", client
, server
);
1195 BCOPY(secbuf
, secret
, len
);
1196 BZERO(secbuf
, sizeof(secbuf
));
1203 * set_allowed_addrs() - set the list of allowed addresses.
1206 set_allowed_addrs(int unit
, struct wordlist
*addrs
)
1208 if (addresses
[unit
] != NULL
)
1209 free_wordlist(addresses
[unit
]);
1210 addresses
[unit
] = addrs
;
1213 * If there's only one authorized address we might as well
1214 * ask our peer for that one right away
1216 if (addrs
!= NULL
&& addrs
->next
== NULL
) {
1217 char *p
= addrs
->word
;
1218 struct ipcp_options
*wo
= &ipcp_wantoptions
[unit
];
1222 if (*p
!= '!' && *p
!= '-' && strchr(p
, '/') == NULL
) {
1223 hp
= gethostbyname(p
);
1224 if (hp
!= NULL
&& hp
->h_addrtype
== AF_INET
)
1225 a
= *(u_int32_t
*)hp
->h_addr
;
1228 if (a
!= (u_int32_t
) -1)
1235 auth_set_ip_addr(int unit
)
1237 struct wordlist
*addrs
;
1239 if (non_wildclient
&& (addrs
= addresses
[unit
]) != NULL
) {
1240 for (; addrs
!= NULL
; addrs
= addrs
->next
) {
1241 /* Look for address overrides, and set them if we have any */
1242 if (strchr(addrs
->word
, ':') != NULL
) {
1243 if (setipaddr(addrs
->word
))
1251 * auth_ip_addr - check whether the peer is authorized to use
1252 * a given IP address. Returns 1 if authorized, 0 otherwise.
1255 auth_ip_addr(int unit
, u_int32_t addr
)
1257 return ip_addr_check(addr
, addresses
[unit
]);
1261 ip_addr_check(u_int32_t addr
, struct wordlist
*addrs
)
1264 u_int32_t a
, mask
, ah
;
1266 char *ptr_word
, *ptr_mask
;
1270 /* don't allow loopback or multicast address */
1271 if (bad_ip_adrs(addr
))
1275 return !auth_required
; /* no addresses authorized */
1278 for (; addrs
!= NULL
; addrs
= addrs
->next
) {
1280 /* "-" means no addresses authorized, "*" means any address allowed */
1281 ptr_word
= addrs
->word
;
1282 if (strcmp(ptr_word
, "-") == 0)
1284 if (strcmp(ptr_word
, "*") == 0)
1288 * A colon in the string means that we wish to force a specific
1289 * local:remote address, but we ignore these for now.
1291 if (strchr(addrs
->word
, ':') != NULL
)
1296 if (*ptr_word
== '!') {
1301 mask
= ~ (u_int32_t
) 0;
1302 ptr_mask
= strchr (ptr_word
, '/');
1303 if (ptr_mask
!= NULL
) {
1306 bit_count
= (int) strtol (ptr_mask
+1, (char **) 0, 10);
1307 if (bit_count
<= 0 || bit_count
> 32) {
1308 syslog (LOG_WARNING
,
1309 "invalid address length %s in auth. address list",
1314 mask
<<= 32 - bit_count
;
1317 hp
= gethostbyname(ptr_word
);
1318 if (hp
!= NULL
&& hp
->h_addrtype
== AF_INET
) {
1319 a
= *(u_int32_t
*)hp
->h_addr
;
1321 np
= getnetbyname (ptr_word
);
1322 if (np
!= NULL
&& np
->n_addrtype
== AF_INET
) {
1323 a
= htonl (*(u_int32_t
*)np
->n_net
);
1324 if (ptr_mask
== NULL
) {
1325 /* calculate appropriate mask for net */
1328 mask
= IN_CLASSA_NET
;
1329 else if (IN_CLASSB(ah
))
1330 mask
= IN_CLASSB_NET
;
1331 else if (IN_CLASSC(ah
))
1332 mask
= IN_CLASSC_NET
;
1335 a
= inet_addr (ptr_word
);
1339 if (ptr_mask
!= NULL
)
1342 if (a
== (u_int32_t
)-1L)
1343 syslog (LOG_WARNING
,
1344 "unknown host %s in auth. address list",
1347 /* Here a and addr are in network byte order,
1348 and mask is in host order. */
1349 if (((addr
^ a
) & htonl(mask
)) == 0)
1353 return x
== y
; /* not in list => can't have it */
1357 * bad_ip_adrs - return 1 if the IP address is one we don't want
1358 * to use, such as an address in the loopback net or a multicast address.
1359 * addr is in network byte order.
1362 bad_ip_adrs(u_int32_t addr
)
1365 return (addr
>> IN_CLASSA_NSHIFT
) == IN_LOOPBACKNET
1366 || IN_MULTICAST(addr
) || IN_BADCLASS(addr
);
1370 * check_access - complain if a secret file has too-liberal permissions.
1373 check_access(FILE *f
, char *filename
)
1377 if (fstat(fileno(f
), &sbuf
) < 0) {
1378 syslog(LOG_WARNING
, "cannot stat secret file %s: %m", filename
);
1379 } else if ((sbuf
.st_mode
& (S_IRWXG
| S_IRWXO
)) != 0) {
1380 syslog(LOG_WARNING
, "Warning - secret file %s has world and/or group access", filename
);
1386 * scan_authfile - Scan an authorization file for a secret suitable
1387 * for authenticating `client' on `server'. The return value is -1
1388 * if no secret is found, otherwise >= 0. The return value has
1389 * NONWILD_CLIENT set if the secret didn't have "*" for the client, and
1390 * NONWILD_SERVER set if the secret didn't have "*" for the server.
1391 * Any following words on the line (i.e. address authorization
1392 * info) are placed in a wordlist and returned in *addrs.
1395 scan_authfile(FILE *f
, char *client
, char *server
, u_int32_t ipaddr
,
1396 char *secret
, struct wordlist
**addrs
, char *filename
)
1399 int got_flag
, best_flag
;
1401 struct wordlist
*ap
, *addr_list
, *alist
, *alast
;
1402 char word
[MAXWORDLEN
];
1403 char atfile
[MAXWORDLEN
];
1404 char lsecret
[MAXWORDLEN
];
1409 if (!getword(f
, word
, &newline
, filename
))
1410 return -1; /* file is empty??? */
1415 * Skip until we find a word at the start of a line.
1417 while (!newline
&& getword(f
, word
, &newline
, filename
))
1420 break; /* got to end of file */
1423 * Got a client - check if it's a match or a wildcard.
1426 if (client
!= NULL
&& strcmp(word
, client
) != 0 && !ISWILD(word
)) {
1431 got_flag
= NONWILD_CLIENT
;
1434 * Now get a server and check if it matches.
1436 if (!getword(f
, word
, &newline
, filename
))
1440 if (server
!= NULL
&& strcmp(word
, server
) != 0 && !ISWILD(word
))
1443 got_flag
|= NONWILD_SERVER
;
1446 * Got some sort of a match - see if it's better than what
1449 if (got_flag
<= best_flag
)
1455 if (!getword(f
, word
, &newline
, filename
))
1461 * Special syntax: @filename means read secret from file.
1463 if (word
[0] == '@') {
1464 strcpy(atfile
, word
+1);
1465 if ((sf
= fopen(atfile
, "r")) == NULL
) {
1466 syslog(LOG_WARNING
, "can't open indirect secret file %s",
1470 check_access(sf
, atfile
);
1471 if (!getword(sf
, word
, &xxx
, atfile
)) {
1472 syslog(LOG_WARNING
, "no secret in indirect secret file %s",
1480 strcpy(lsecret
, word
);
1483 * Now read address authorization info and make a wordlist.
1485 alist
= alast
= NULL
;
1487 if (!getword(f
, word
, &newline
, filename
) || newline
)
1489 ap
= (struct wordlist
*) malloc(sizeof(struct wordlist
)
1492 novm("authorized addresses");
1494 strcpy(ap
->word
, word
);
1503 * Check if the given IP address is allowed by the wordlist.
1505 if (ipaddr
!= 0 && !ip_addr_check(ipaddr
, alist
)) {
1506 free_wordlist(alist
);
1511 * This is the best so far; remember it.
1513 best_flag
= got_flag
;
1515 free_wordlist(addr_list
);
1518 strcpy(secret
, lsecret
);
1526 else if (addr_list
!= NULL
)
1527 free_wordlist(addr_list
);
1529 non_wildclient
= (best_flag
& NONWILD_CLIENT
) && client
!= NULL
&&
1535 * free_wordlist - release memory allocated for a wordlist.
1538 free_wordlist(struct wordlist
*wp
)
1540 struct wordlist
*next
;
1542 while (wp
!= NULL
) {
1550 * auth_script - execute a script with arguments
1551 * interface-name peer-name real-user tty speed
1554 auth_script(char *script
)
1562 if ((pw
= getpwuid(getuid())) != NULL
&& pw
->pw_name
!= NULL
)
1563 user_name
= pw
->pw_name
;
1565 sprintf(struid
, "%d", getuid());
1568 sprintf(strspeed
, "%d", baud_rate
);
1572 argv
[2] = peer_authname
;
1573 argv
[3] = user_name
;
1578 run_program(script
, argv
, 0);