search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / cmd / cmd-inet / usr.bin / pppd / auth.c
blob6470a36e50c65b2864c6c585ba00fad300e6ff75
1 /*
2 * auth.c - PPP authentication and phase control.
3 *
4 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
5 * Use is subject to license terms.
6 *
7 * Copyright (c) 1993 The Australian National University.
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms are permitted
11 * provided that the above copyright notice and this paragraph are
12 * duplicated in all such forms and that any documentation,
13 * advertising materials, and other materials related to such
14 * distribution and use acknowledge that the software was developed
15 * by the Australian National University. The name of the University
16 * may not be used to endorse or promote products derived from this
17 * software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
20 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 *
22 * Copyright (c) 1989 Carnegie Mellon University.
23 * All rights reserved.
24 *
25 * Redistribution and use in source and binary forms are permitted
26 * provided that the above copyright notice and this paragraph are
27 * duplicated in all such forms and that any documentation,
28 * advertising materials, and other materials related to such
29 * distribution and use acknowledge that the software was developed
30 * by Carnegie Mellon University. The name of the
31 * University may not be used to endorse or promote products derived
32 * from this software without specific prior written permission.
33 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
34 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
35 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
36 */
37
38 #define RCSID "$Id: auth.c,v 1.65 2000/04/15 01:27:10 masputra Exp $"
39
40 /* Pull in crypt() definition. */
41 #define __EXTENSIONS__
42
43 #include <stdio.h>
44 #include <stddef.h>
45 #include <stdlib.h>
46 #include <unistd.h>
47 #include <pwd.h>
48 #include <grp.h>
49 #include <string.h>
50 #include <sys/types.h>
51 #include <sys/stat.h>
52 #include <sys/socket.h>
53 #include <utmp.h>
54 #include <fcntl.h>
55 #if defined(_PATH_LASTLOG) && (defined(_linux_) || defined(__linux__))
56 #include <lastlog.h>
57 #endif
58
59 #if defined(_linux_) || defined(__linux__)
60 #include <crypt.h>
61 #endif
62
63 #include <netdb.h>
64 #include <netinet/in.h>
65 #include <arpa/inet.h>
66
67 /* Backward compatibility with old Makefiles */
68 #if defined(USE_PAM) && !defined(ALLOW_PAM)
69 #define ALLOW_PAM
70 #endif
71
72 #ifdef ALLOW_PAM
73 #include <security/pam_appl.h>
74 #endif
75
76 #ifdef HAS_SHADOW
77 #include <shadow.h>
78 #ifndef PW_PPP
79 #define PW_PPP PW_LOGIN
80 #endif
81 #endif
82
83 #include "pppd.h"
84 #include "fsm.h"
85 #include "lcp.h"
86 #include "ipcp.h"
87 #include "upap.h"
88 #include "chap.h"
89 #ifdef CBCP_SUPPORT
90 #include "cbcp.h"
91 #endif
92 #include "pathnames.h"
93
94 static const char rcsid[] = RCSID;
95
96 /* Bits in scan_authfile return value */
97 #define NONWILD_SERVER 1
98 #define NONWILD_CLIENT 2
99
100 #define ISWILD(word) (word[0] == '*' && word[1] == '\0')
101
102 /* The name by which the peer authenticated itself to us. */
103 char peer_authname[MAXNAMELEN];
104
105 /* Records which authentication operations haven't completed yet. */
106 static int auth_pending[NUM_PPP];
107
108 /* Set if we have successfully called plogin() */
109 static int logged_in;
110
111 /* List of addresses which the peer may use. */
112 static struct permitted_ip *addresses[NUM_PPP];
113
114 /* Wordlist giving addresses which the peer may use
115 without authenticating itself. */
116 static struct wordlist *noauth_addrs;
117
118 /* Extra options to apply, from the secrets file entry for the peer. */
119 static struct wordlist *extra_options;
120
121 /* Source of those extra options. */
122 static const char *extra_opt_filename;
123 static int extra_opt_line;
124
125 /* Number of network protocols which we have opened. */
126 static int num_np_open;
127
128 /* Number of network protocols which have come up. */
129 static int num_np_up;
130
131 /* Set if we got the contents of passwd[] from the pap-secrets file. */
132 static int passwd_from_file;
133
134 /* Set if we require authentication only because we have a default route. */
135 static bool default_auth;
136
137 /* Hook to enable a plugin to control the idle time limit */
138 int (*idle_time_hook) __P((struct ppp_idle *)) = NULL;
139
140 /* Hook for a plugin to say whether we can possibly authenticate any peer */
141 int (*pap_check_hook) __P((void)) = NULL;
142
143 /* Hook for a plugin to check the PAP user and password */
144 int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp,
145 struct wordlist **paddrs,
146 struct wordlist **popts)) = NULL;
147
148 /* Hook for a plugin to know about the PAP user logout */
149 void (*pap_logout_hook) __P((void)) = NULL;
150
151 /* Hook for a plugin to get the PAP password for authenticating us */
152 int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL;
153
154 /*
155 * This is used to ensure that we don't start an auth-up/down
156 * script while one is already running.
157 */
158 enum script_state {
159 s_down,
160 s_up
161 };
162
163 static enum script_state auth_state = s_down;
164 static enum script_state auth_script_state = s_down;
165 static pid_t auth_script_pid = 0;
166
167 /*
168 * This is set by scan_authfile if a client matches, but server doesn't
169 * (possible configuration error).
170 */
171 static char scan_server_match_failed[MAXWORDLEN];
172
173 /*
174 * Option variables.
175 */
176 bool uselogin = 0; /* Use /etc/passwd for checking PAP */
177 bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */
178 bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */
179 bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */
180 bool usehostname = 0; /* Use hostname for our_name */
181 bool auth_required = 0; /* Always require authentication from peer */
182 bool allow_any_ip = 0; /* Allow peer to use any IP address */
183 bool explicit_remote = 0; /* User specified explicit remote name */
184 char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
185
186 #ifdef CHAPMS
187 bool refuse_mschap = 0; /* Don't wanna auth. ourself with MS-CHAPv1 */
188 #else
189 bool refuse_mschap = 1; /* Never auth. ourself with MS-CHAPv1 */
190 #endif
191 #ifdef CHAPMSV2
192 bool refuse_mschapv2 = 0; /* Don't wanna auth. ourself with MS-CHAPv2 */
193 #else
194 bool refuse_mschapv2 = 1; /* Never auth. ourself with MS-CHAPv2 */
195 #endif
196
197 #ifdef USE_PAM
198 bool use_pam = 1; /* Enable use of PAM by default */
199 #else
200 bool use_pam = 0; /* Disable use of PAM by default */
201 #endif
202
203 /* Bits in auth_pending[] */
204 #define PAP_WITHPEER 1
205 #define PAP_PEER 2
206 #define CHAP_WITHPEER 4
207 #define CHAP_PEER 8
208
209 /* Prototypes for procedures local to this file. */
210
211 static void network_phase __P((int));
212 static void check_idle __P((void *));
213 static void connect_time_expired __P((void *));
214 static int plogin __P((char *, char *, char **));
215 static void plogout __P((void));
216 static int null_login __P((int));
217 static int get_pap_passwd __P((char *));
218 static int have_pap_secret __P((int *));
219 static int have_chap_secret __P((char *, char *, int, int *));
220 static int ip_addr_check __P((u_int32_t, struct permitted_ip *));
221 static int scan_authfile __P((FILE *, char *, char *, char *,
222 struct wordlist **, struct wordlist **,
223 char *));
224 static void free_wordlist __P((struct wordlist *));
225 static void auth_script __P((char *));
226 static void auth_script_done __P((void *, int));
227 static void set_allowed_addrs __P((int, struct wordlist *, struct wordlist *));
228 static int some_ip_ok __P((struct wordlist *));
229 static int setupapfile __P((char **, option_t *));
230 static int privgroup __P((char **, option_t *));
231 static int set_noauth_addr __P((char **, option_t *));
232 static void check_access __P((FILE *, char *));
233
234 /*
235 * Authentication-related options.
236 */
237 option_t auth_options[] = {
238 { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap,
239 "Require PAP authentication from peer", 1, &auth_required },
240 { "+pap", o_bool, &lcp_wantoptions[0].neg_upap,
241 "Require PAP authentication from peer", 1, &auth_required },
242 { "refuse-pap", o_bool, &refuse_pap,
243 "Don't agree to auth to peer with PAP", 1 },
244 { "-pap", o_bool, &refuse_pap,
245 "Don't allow PAP authentication with peer", 1 },
246 { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
247 "Require CHAP authentication from peer", 1, &auth_required },
248 { "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
249 "Require CHAP authentication from peer", 1, &auth_required },
250 { "refuse-chap", o_bool, &refuse_chap,
251 "Don't agree to auth to peer with CHAP", 1 },
252 { "-chap", o_bool, &refuse_chap,
253 "Don't allow CHAP authentication with peer", 1 },
254 { "name", o_string, our_name,
255 "Set local name for authentication",
256 OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN },
257 { "user", o_string, user,
258 "Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN },
259 { "usehostname", o_bool, &usehostname,
260 "Must use hostname for authentication", 1 },
261 { "remotename", o_string, remote_name,
262 "Set remote name for authentication", OPT_STATIC,
263 &explicit_remote, MAXNAMELEN },
264 { "auth", o_bool, &auth_required,
265 "Require authentication from peer", 1 },
266 { "noauth", o_bool, &auth_required,
267 "Don't require peer to authenticate", OPT_PRIV, &allow_any_ip },
268 { "login", o_bool, &uselogin,
269 "Use system password database for PAP", 1 },
270 { "papcrypt", o_bool, &cryptpap,
271 "PAP passwords are encrypted", 1 },
272 { "+ua", o_special, (void *)setupapfile,
273 "Get PAP user and password from file" },
274 { "password", o_string, passwd,
275 "Password for authenticating us to the peer", OPT_STATIC,
276 NULL, MAXSECRETLEN },
277 { "privgroup", o_special, (void *)privgroup,
278 "Allow group members to use privileged options", OPT_PRIV },
279 { "allow-ip", o_special, (void *)set_noauth_addr,
280 "Set peer IP address(es) usable without authentication",
281 OPT_PRIV },
282 #ifdef CHAPMS
283 { "require-mschap", o_bool, &lcp_wantoptions[0].neg_mschap,
284 "Require MS-CHAPv1 authentication from peer", 1, &auth_required },
285 { "refuse-mschap", o_bool, &refuse_mschap,
286 "Don't agree to authenticate to peer with MS-CHAPv1", 1 },
287 #endif
288 #ifdef CHAPMSV2
289 { "require-mschapv2", o_bool, &lcp_wantoptions[0].neg_mschapv2,
290 "Require MS-CHAPv2 authentication from peer", 1, &auth_required },
291 { "refuse-mschapv2", o_bool, &refuse_mschapv2,
292 "Don't agree to authenticate to peer with MS-CHAPv2", 1 },
293 #endif
294 #ifdef ALLOW_PAM
295 { "pam", o_bool, &use_pam,
296 "Enable use of Pluggable Authentication Modules", OPT_PRIV|1 },
297 { "nopam", o_bool, &use_pam,
298 "Disable use of Pluggable Authentication Modules", OPT_PRIV|0 },
299 #endif
300 { NULL }
301 };
302
303 /*
304 * setupapfile - specifies UPAP info for authenticating with peer.
305 */
306 /*ARGSUSED*/
307 static int
308 setupapfile(argv, opt)
309 char **argv;
310 option_t *opt;
311 {
312 FILE * ufile;
313 int l;
314
315 lcp_allowoptions[0].neg_upap = 1;
316
317 /* open user info file */
318 (void) seteuid(getuid());
319 ufile = fopen(*argv, "r");
320 (void) seteuid(0);
321 if (ufile == NULL) {
322 option_error("unable to open user login data file %s", *argv);
323 return 0;
324 }
325 check_access(ufile, *argv);
326
327 /* get username */
328 if (fgets(user, MAXNAMELEN - 1, ufile) == NULL
329 || fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){
330 option_error("unable to read user login data file %s", *argv);
331 return 0;
332 }
333 (void) fclose(ufile);
334
335 /* get rid of newlines */
336 l = strlen(user);
337 if (l > 0 && user[l-1] == '\n')
338 user[l-1] = '\0';
339 l = strlen(passwd);
340 if (l > 0 && passwd[l-1] == '\n')
341 passwd[l-1] = '\0';
342
343 return (1);
344 }
345
346
347 /*
348 * privgroup - allow members of the group to have privileged access.
349 */
350 /*ARGSUSED*/
351 static int
352 privgroup(argv, opt)
353 char **argv;
354 option_t *opt;
355 {
356 struct group *g;
357 int i;
358
359 g = getgrnam(*argv);
360 if (g == NULL) {
361 option_error("group %s is unknown", *argv);
362 return 0;
363 }
364 for (i = 0; i < ngroups; ++i) {
365 if (groups[i] == g->gr_gid) {
366 privileged = 1;
367 break;
368 }
369 }
370 return 1;
371 }
372
373
374 /*
375 * set_noauth_addr - set address(es) that can be used without authentication.
376 * Equivalent to specifying an entry like `"" * "" addr' in pap-secrets.
377 */
378 /*ARGSUSED*/
379 static int
380 set_noauth_addr(argv, opt)
381 char **argv;
382 option_t *opt;
383 {
384 char *addr = *argv;
385 int l = strlen(addr);
386 struct wordlist *wp;
387
388 wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l + 1);
389 if (wp == NULL)
390 novm("allow-ip argument");
391 wp->word = (char *) (wp + 1);
392 wp->next = noauth_addrs;
393 (void) strcpy(wp->word, addr);
394 noauth_addrs = wp;
395 return 1;
396 }
397
398 /*
399 * An Open on LCP has requested a change from Dead to Establish phase.
400 * Do what's necessary to bring the physical layer up.
401 */
402 /*ARGSUSED*/
403 void
404 link_required(unit)
405 int unit;
406 {
407 }
408
409 /*
410 * LCP has terminated the link; go to the Dead phase and take the
411 * physical layer down.
412 */
413 /*ARGSUSED*/
414 void
415 link_terminated(unit)
416 int unit;
417 {
418 const char *pn1, *pn2;
419
420 if (phase == PHASE_DEAD)
421 return;
422 if (pap_logout_hook != NULL) {
423 (*pap_logout_hook)();
424 } else {
425 if (logged_in)
426 plogout();
427 }
428 new_phase(PHASE_DEAD);
429 if (peer_nak_auth) {
430 if ((pn1 = protocol_name(nak_auth_orig)) == NULL)
431 pn1 = "?";
432 if ((pn2 = protocol_name(nak_auth_proto)) == NULL)
433 pn2 = "?";
434 warn("Peer sent Configure-Nak for 0x%x (%s) to suggest 0x%x (%s)",
435 nak_auth_orig, pn1, nak_auth_proto, pn2);
436 }
437 if (unsolicited_nak_auth) {
438 if ((pn1 = protocol_name(unsolicit_auth_proto)) == NULL)
439 pn1 = "?";
440 warn("Peer unexpectedly asked us to authenticate with 0x%x (%s)",
441 unsolicit_auth_proto, pn1);
442 }
443 if (peer_reject_auth) {
444 if ((pn1 = protocol_name(reject_auth_proto)) == NULL)
445 pn1 = "?";
446 warn("Peer rejected our demand for 0x%x (%s)",
447 reject_auth_proto, pn1);
448 }
449 if (naked_peers_auth) {
450 if ((pn1 = protocol_name(naked_auth_orig)) == NULL)
451 pn1 = "?";
452 if ((pn2 = protocol_name(naked_auth_proto)) == NULL)
453 pn2 = "?";
454 warn("We set Configure-Nak for 0x%x (%s) to suggest 0x%x (%s)",
455 naked_auth_orig, pn1, naked_auth_proto, pn2);
456 }
457 if (rejected_peers_auth) {
458 if ((pn1 = protocol_name(rejected_auth_proto)) == NULL)
459 pn1 = "?";
460 warn("We rejected the peer's demand for 0x%x (%s)",
461 rejected_auth_proto, pn1);
462 }
463
464 peer_nak_auth = unsolicited_nak_auth = peer_reject_auth =
465 rejected_peers_auth = naked_peers_auth = 0;
466 nak_auth_proto = nak_auth_orig = unsolicit_auth_proto = reject_auth_proto =
467 rejected_auth_proto = naked_auth_orig = naked_auth_proto = 0;
468 notice("Connection terminated.");
469 }
470
471 /*
472 * LCP has gone down; it will either die or try to re-establish.
473 */
474 void
475 link_down(unit)
476 int unit;
477 {
478 int i;
479 struct protent *protp;
480
481 auth_state = s_down;
482 if (auth_script_state == s_up && auth_script_pid == 0) {
483 update_link_stats(unit);
484 auth_script_state = s_down;
485 auth_script(_PATH_AUTHDOWN);
486 }
487 for (i = 0; (protp = protocols[i]) != NULL; ++i) {
488 if (!protp->enabled_flag)
489 continue;
490 if (protp->protocol != PPP_LCP && protp->lowerdown != NULL)
491 (*protp->lowerdown)(unit);
492 if (protp->protocol < 0xC000 && protp->close != NULL)
493 (*protp->close)(unit, "LCP down");
494 }
495 num_np_open = 0;
496 num_np_up = 0;
497 if (phase != PHASE_DEAD)
498 new_phase(PHASE_TERMINATE);
499 }
500
501 /*
502 * The link is established.
503 * Proceed to the Dead, Authenticate or Network phase as appropriate.
504 */
505 void
506 link_established(unit)
507 int unit;
508 {
509 int auth;
510 lcp_options *wo = &lcp_wantoptions[unit];
511 lcp_options *go = &lcp_gotoptions[unit];
512 lcp_options *ho = &lcp_hisoptions[unit];
513 int i;
514 struct protent *protp;
515
516 /*
517 * Tell higher-level protocols that LCP is up.
518 */
519 for (i = 0; (protp = protocols[i]) != NULL; ++i)
520 if (protp->protocol != PPP_LCP && protp->enabled_flag
521 && protp->lowerup != NULL)
522 (*protp->lowerup)(unit);
523
524 if (auth_required && !(go->neg_chap || go->neg_mschap ||
525 go->neg_mschapv2 || go->neg_upap)) {
526 /*
527 * We wanted the peer to authenticate itself, and it refused:
528 * if we have some address(es) it can use without auth, fine,
529 * otherwise treat it as though it authenticated with PAP using
530 * a username * of "" and a password of "". If that's not OK,
531 * boot it out.
532 */
533 if (noauth_addrs != NULL) {
534 set_allowed_addrs(unit, noauth_addrs, NULL);
535 } else if (!wo->neg_upap || !null_login(unit)) {
536 warn("peer refused to authenticate: terminating link");
537 lcp_close(unit, "peer refused to authenticate");
538 status = EXIT_PEER_AUTH_FAILED;
539 return;
540 }
541 }
542
543 new_phase(PHASE_AUTHENTICATE);
544 auth = 0;
545 if (go->neg_chap || go->neg_mschap || go->neg_mschapv2) {
546 if (go->neg_chap) {
547 if (debug)
548 dbglog("Authenticating peer with standard CHAP");
549 go->chap_mdtype = CHAP_DIGEST_MD5;
550 } else if (go->neg_mschap) {
551 if (debug)
552 dbglog("Authenticating peer with MS-CHAPv1");
553 go->chap_mdtype = CHAP_MICROSOFT;
554 } else {
555 if (debug)
556 dbglog("Authenticating peer with MS-CHAPv2");
557 go->chap_mdtype = CHAP_MICROSOFT_V2;
558 }
559 ChapAuthPeer(unit, our_name, go->chap_mdtype);
560 auth |= CHAP_PEER;
561 } else if (go->neg_upap) {
562 if (debug)
563 dbglog("Authenticating peer with PAP");
564 upap_authpeer(unit);
565 auth |= PAP_PEER;
566 }
567 if (ho->neg_chap || ho->neg_mschap || ho->neg_mschapv2) {
568 switch (ho->chap_mdtype) {
569 case CHAP_DIGEST_MD5:
570 if (debug)
571 dbglog("Authenticating to peer with standard CHAP");
572 break;
573 case CHAP_MICROSOFT:
574 if (debug)
575 dbglog("Authenticating to peer with MS-CHAPv1");
576 break;
577 case CHAP_MICROSOFT_V2:
578 if (debug)
579 dbglog("Authenticating to peer with MS-CHAPv2");
580 break;
581 default:
582 if (debug)
583 dbglog("Authenticating to peer with CHAP 0x%x", ho->chap_mdtype);
584 break;
585 }
586 ChapAuthWithPeer(unit, user, ho->chap_mdtype);
587 auth |= CHAP_WITHPEER;
588 } else if (ho->neg_upap) {
589 if (passwd[0] == '\0') {
590 passwd_from_file = 1;
591 if (!get_pap_passwd(passwd))
592 error("No secret found for PAP login");
593 }
594 if (debug)
595 dbglog("Authenticating to peer with PAP");
596 upap_authwithpeer(unit, user, passwd);
597 auth |= PAP_WITHPEER;
598 }
599 auth_pending[unit] = auth;
600
601 if (!auth)
602 network_phase(unit);
603 }
604
605 /*
606 * Proceed to the network phase.
607 */
608 static void
609 network_phase(unit)
610 int unit;
611 {
612 lcp_options *go = &lcp_gotoptions[unit];
613
614 /*
615 * If the peer had to authenticate, run the auth-up script now.
616 */
617 if (go->neg_chap || go->neg_mschap || go->neg_mschapv2 || go->neg_upap) {
618 auth_state = s_up;
619 if (auth_script_state == s_down && auth_script_pid == 0) {
620 auth_script_state = s_up;
621 auth_script(_PATH_AUTHUP);
622 }
623 }
624
625 /*
626 * Process extra options from the secrets file
627 */
628 if (extra_options != NULL) {
629 option_source = (char *)extra_opt_filename;
630 option_line = extra_opt_line;
631 (void) options_from_list(extra_options, 1);
632 free_wordlist(extra_options);
633 extra_options = NULL;
634 }
635
636 #ifdef CBCP_SUPPORT
637 /*
638 * If we negotiated callback, do it now.
639 */
640 if (go->neg_cbcp) {
641 new_phase(PHASE_CALLBACK);
642 (*cbcp_protent.open)(unit);
643 return;
644 }
645 #endif
646
647 start_networks();
648 }
649
650 void
651 start_networks()
652 {
653 int i;
654 struct protent *protp;
655
656 new_phase(PHASE_NETWORK);
657
658 #ifdef HAVE_MULTILINK
659 if (multilink) {
660 if (mp_join_bundle()) {
661 if (updetach && !nodetach)
662 detach();
663 return;
664 }
665 }
666 #endif /* HAVE_MULTILINK */
667
668 #if 0
669 if (!demand)
670 set_filters(&pass_filter, &active_filter);
671 #endif
672 for (i = 0; (protp = protocols[i]) != NULL; ++i)
673 if (protp->protocol < 0xC000 && protp->enabled_flag
674 && protp->open != NULL) {
675 (*protp->open)(0);
676 if (protp->protocol != PPP_CCP)
677 ++num_np_open;
678 }
679
680 if (num_np_open == 0)
681 /* nothing to do */
682 lcp_close(0, "No network protocols running");
683 }
684
685 /*
686 * The peer has failed to authenticate himself using `protocol'.
687 */
688 /*ARGSUSED*/
689 void
690 auth_peer_fail(unit, protocol)
691 int unit, protocol;
692 {
693 /*
694 * Authentication failure: take the link down
695 */
696 lcp_close(unit, "Authentication failed");
697 status = EXIT_PEER_AUTH_FAILED;
698 }
699
700 /*
701 * The peer has been successfully authenticated using `protocol'.
702 */
703 void
704 auth_peer_success(unit, protocol, name, namelen)
705 int unit, protocol;
706 char *name;
707 int namelen;
708 {
709 int bit;
710
711 switch (protocol) {
712 case PPP_CHAP:
713 bit = CHAP_PEER;
714 break;
715 case PPP_PAP:
716 bit = PAP_PEER;
717 break;
718 default:
719 warn("auth_peer_success: unknown protocol %x", protocol);
720 return;
721 }
722
723 /*
724 * Save the authenticated name of the peer for later.
725 */
726 if (namelen > sizeof(peer_authname) - 1)
727 namelen = sizeof(peer_authname) - 1;
728 BCOPY(name, peer_authname, namelen);
729 peer_authname[namelen] = '\0';
730 script_setenv("PEERNAME", peer_authname, 0);
731
732 /*
733 * If there is no more authentication still to be done,
734 * proceed to the network (or callback) phase.
735 */
736 if ((auth_pending[unit] &= ~bit) == 0)
737 network_phase(unit);
738 }
739
740 /*
741 * We have failed to authenticate ourselves to the peer using `protocol'.
742 */
743 /*ARGSUSED*/
744 void
745 auth_withpeer_fail(unit, protocol)
746 int unit, protocol;
747 {
748 if (passwd_from_file)
749 BZERO(passwd, MAXSECRETLEN);
750 /*
751 * We've failed to authenticate ourselves to our peer.
752 * Some servers keep sending CHAP challenges, but there
753 * is no point in persisting without any way to get updated
754 * authentication secrets.
755 */
756 lcp_close(unit, "Failed to authenticate ourselves to peer");
757 status = EXIT_AUTH_TOPEER_FAILED;
758 }
759
760 /*
761 * We have successfully authenticated ourselves with the peer using `protocol'.
762 */
763 void
764 auth_withpeer_success(unit, protocol)
765 int unit, protocol;
766 {
767 int bit;
768
769 switch (protocol) {
770 case PPP_CHAP:
771 bit = CHAP_WITHPEER;
772 break;
773 case PPP_PAP:
774 if (passwd_from_file)
775 BZERO(passwd, MAXSECRETLEN);
776 bit = PAP_WITHPEER;
777 break;
778 default:
779 warn("auth_withpeer_success: unknown protocol %x", protocol);
780 bit = 0;
781 }
782
783 /*
784 * If there is no more authentication still being done,
785 * proceed to the network (or callback) phase.
786 */
787 if ((auth_pending[unit] &= ~bit) == 0)
788 network_phase(unit);
789 }
790
791
792 /*
793 * np_up - a network protocol has come up.
794 */
795 /*ARGSUSED*/
796 void
797 np_up(unit, proto)
798 int unit, proto;
799 {
800 int tlim;
801
802 if (num_np_up == 0) {
803 /*
804 * At this point we consider that the link has come up successfully.
805 */
806 status = EXIT_OK;
807 unsuccess = 0;
808
809 peer_nak_auth = unsolicited_nak_auth = peer_reject_auth =
810 rejected_peers_auth = naked_peers_auth = 0;
811 nak_auth_proto = nak_auth_orig = unsolicit_auth_proto =
812 reject_auth_proto = rejected_auth_proto = naked_auth_orig =
813 naked_auth_proto = 0;
814
815 new_phase(PHASE_RUNNING);
816
817 if (idle_time_hook != NULL)
818 tlim = (*idle_time_hook)(NULL);
819 else
820 tlim = idle_time_limit;
821 if (tlim > 0)
822 TIMEOUT(check_idle, NULL, tlim);
823
824 /*
825 * Set a timeout to close the connection once the maximum
826 * connect time has expired.
827 */
828 if (maxconnect > 0) {
829 TIMEOUT(connect_time_expired, &lcp_fsm[unit], maxconnect);
830
831 /*
832 * Tell LCP to send Time-Remaining packets. One should be
833 * sent out now, at maxconnect-300, at maxconnect-120, and
834 * again at maxconnect-30.
835 */
836 lcp_settimeremaining(unit, maxconnect, maxconnect);
837 if (maxconnect > 300)
838 lcp_settimeremaining(unit, maxconnect, 300);
839 if (maxconnect > 120)
840 lcp_settimeremaining(unit, maxconnect, 120);
841 if (maxconnect > 30)
842 lcp_settimeremaining(unit, maxconnect, 30);
843 }
844
845 /*
846 * Detach now, if the updetach option was given.
847 */
848 if (updetach && !nodetach)
849 detach();
850 }
851 ++num_np_up;
852 }
853
854 /*
855 * np_down - a network protocol has gone down.
856 */
857 /*ARGSUSED*/
858 void
859 np_down(unit, proto)
860 int unit, proto;
861 {
862 if (--num_np_up == 0) {
863 UNTIMEOUT(check_idle, NULL);
864 new_phase(PHASE_NETWORK);
865 }
866 }
867
868 /*
869 * np_finished - a network protocol has finished using the link.
870 */
871 /*ARGSUSED*/
872 void
873 np_finished(unit, proto)
874 int unit, proto;
875 {
876 if (--num_np_open <= 0) {
877 /* no further use for the link: shut up shop. */
878 lcp_close(0, "No network protocols running");
879 }
880 }
881
882 /*
883 * check_idle - check whether the link has been idle for long
884 * enough that we can shut it down.
885 */
886 /*ARGSUSED*/
887 static void
888 check_idle(arg)
889 void *arg;
890 {
891 struct ppp_idle idle;
892 time_t itime;
893 int tlim;
894
895 if (!get_idle_time(0, &idle))
896 return;
897 if (idle_time_hook != NULL) {
898 tlim = (*idle_time_hook)(&idle);
899 } else {
900 itime = MIN(idle.xmit_idle, idle.recv_idle);
901 tlim = idle_time_limit - itime;
902 }
903 if (tlim <= 0) {
904 /* link is idle: shut it down. */
905 notice("Terminating connection due to lack of activity.");
906 lcp_close(0, "Link inactive");
907 need_holdoff = 0;
908 status = EXIT_IDLE_TIMEOUT;
909 } else {
910 TIMEOUT(check_idle, NULL, tlim);
911 }
912 }
913
914 /*
915 * connect_time_expired - log a message and close the connection.
916 */
917 /*ARGSUSED*/
918 static void
919 connect_time_expired(arg)
920 void *arg;
921 {
922 fsm *f = (fsm *)arg;
923
924 info("Connect time expired");
925 lcp_close(f->unit, "Connect time expired"); /* Close connection */
926 status = EXIT_CONNECT_TIME;
927 }
928
929 /*
930 * auth_check_options - called to check authentication options.
931 */
932 void
933 auth_check_options()
934 {
935 lcp_options *wo = &lcp_wantoptions[0];
936 int can_auth;
937 int lacks_ip;
938
939 /* Default our_name to hostname, and user to our_name */
940 if (our_name[0] == '\0' || usehostname)
941 (void) strlcpy(our_name, hostname, sizeof(our_name));
942 if (user[0] == '\0')
943 (void) strlcpy(user, our_name, sizeof(user));
944
945 /*
946 * If we have a default route, require the peer to authenticate
947 * unless the noauth option was given or the real user is root.
948 */
949 if (!auth_required && !allow_any_ip && have_route_to(0) && !privileged) {
950 auth_required = 1;
951 default_auth = 1;
952 }
953
954 /* If authentication is required, ask peer for CHAP or PAP. */
955 if (auth_required) {
956 if (!wo->neg_chap && !wo->neg_mschap && !wo->neg_mschapv2 &&
957 !wo->neg_upap) {
958 wo->neg_chap = 1;
959 #ifdef CHAPMS
960 wo->neg_mschap = 1;
961 #endif
962 #ifdef CHAPMSV2
963 wo->neg_mschapv2 = 1;
964 #endif
965 wo->chap_mdtype = CHAP_DIGEST_MD5;
966 wo->neg_upap = 1;
967 }
968 } else {
969 wo->neg_chap = 0;
970 wo->neg_mschap = 0;
971 wo->neg_mschapv2 = 0;
972 wo->neg_upap = 0;
973 }
974
975 /*
976 * Check whether we have appropriate secrets to use
977 * to authenticate the peer.
978 */
979 lacks_ip = 0;
980 can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip));
981 if (!can_auth && (wo->neg_chap || wo->neg_mschap || wo->neg_mschapv2)) {
982 can_auth = have_chap_secret((explicit_remote? remote_name: NULL),
983 our_name, 1, &lacks_ip);
984 }
985
986 if (auth_required && !can_auth && noauth_addrs == NULL) {
987 if (default_auth) {
988 option_error(
989 "By default the remote system is required to authenticate itself");
990 option_error(
991 "(because this system has a default route to the Internet)");
992 } else if (explicit_remote)
993 option_error(
994 "The remote system (%s) is required to authenticate itself",
995 remote_name);
996 else
997 option_error(
998 "The remote system is required to authenticate itself");
999 option_error(
1000 "but I couldn't find any suitable secret (password) for it to use to do so.");
1001 if (lacks_ip)
1002 option_error(
1003 "(None of the available passwords would let it use an IP address.)");
1004
1005 exit(1);
1006 }
1007 }
1008
1009 /*
1010 * auth_reset - called when LCP is starting negotiations to recheck
1011 * authentication options, i.e. whether we have appropriate secrets
1012 * to use for authenticating ourselves and/or the peer.
1013 */
1014 void
1015 auth_reset(unit)
1016 int unit;
1017 {
1018 lcp_options *go = &lcp_gotoptions[unit];
1019 lcp_options *ao = &lcp_allowoptions[unit];
1020 int havesecret;
1021
1022 ao->neg_upap = !refuse_pap && (passwd[0] != '\0' || get_pap_passwd(NULL));
1023
1024 havesecret = passwd[0] != '\0' ||
1025 have_chap_secret(user, (explicit_remote? remote_name: NULL), 0, NULL);
1026 ao->neg_chap = !refuse_chap && havesecret;
1027 ao->neg_mschap = !refuse_mschap && havesecret;
1028 ao->neg_mschapv2 = !refuse_mschapv2 && havesecret;
1029 if (ao->neg_chap)
1030 ao->chap_mdtype = CHAP_DIGEST_MD5;
1031 else if (ao->neg_mschap)
1032 ao->chap_mdtype = CHAP_MICROSOFT;
1033 else
1034 ao->chap_mdtype = CHAP_MICROSOFT_V2;
1035
1036 if (go->neg_upap && !uselogin && !have_pap_secret(NULL))
1037 go->neg_upap = 0;
1038 if (go->neg_chap || go->neg_mschap || go->neg_mschapv2) {
1039 havesecret = have_chap_secret((explicit_remote? remote_name: NULL),
1040 our_name, 1, NULL);
1041 if (!havesecret)
1042 go->neg_chap = go->neg_mschap = go->neg_mschapv2 = 0;
1043 else if (go->neg_chap)
1044 go->chap_mdtype = CHAP_DIGEST_MD5;
1045 else if (go->neg_mschap)
1046 go->chap_mdtype = CHAP_MICROSOFT;
1047 else
1048 go->chap_mdtype = CHAP_MICROSOFT_V2;
1049 }
1050 }
1051
1052
1053 /*
1054 * check_passwd - Check the user name and passwd against the PAP secrets
1055 * file. If requested, also check against the system password database,
1056 * and login the user if OK.
1057 *
1058 * returns:
1059 * UPAP_AUTHNAK: Authentication failed.
1060 * UPAP_AUTHACK: Authentication succeeded.
1061 * In either case, msg points to an appropriate message.
1062 */
1063 int
1064 check_passwd(unit, auser, userlen, apasswd, passwdlen, msg)
1065 int unit;
1066 char *auser;
1067 int userlen;
1068 char *apasswd;
1069 int passwdlen;
1070 char **msg;
1071 {
1072 int ret;
1073 char *filename;
1074 FILE *f;
1075 struct wordlist *addrs = NULL, *opts = NULL;
1076 char passwd[256], user[256];
1077 char secret[MAXWORDLEN];
1078 static int attempts = 0;
1079
1080 /*
1081 * Make copies of apasswd and auser, then null-terminate them.
1082 * If there are unprintable characters in the password, make
1083 * them visible.
1084 */
1085 (void) slprintf(passwd, sizeof(passwd), "%.*v", passwdlen, apasswd);
1086 (void) slprintf(user, sizeof(user), "%.*v", userlen, auser);
1087 *msg = "";
1088
1089 /*
1090 * Check if a plugin wants to handle this.
1091 */
1092 if (pap_auth_hook != NULL) {
1093 /* Set a default and allow the plug-in to change it. */
1094 extra_opt_filename = "plugin";
1095 extra_opt_line = 0;
1096 ret = (*pap_auth_hook)(user, passwd, msg, &addrs, &opts);
1097 if (ret >= 0) {
1098 if (ret > 0)
1099 set_allowed_addrs(unit, addrs, opts);
1100 BZERO(passwd, sizeof(passwd));
1101 if (addrs != NULL)
1102 free_wordlist(addrs);
1103 return ret? UPAP_AUTHACK: UPAP_AUTHNAK;
1104 }
1105 }
1106
1107 /*
1108 * Open the file of pap secrets and scan for a suitable secret
1109 * for authenticating this user.
1110 */
1111 filename = _PATH_UPAPFILE;
1112 addrs = opts = NULL;
1113 ret = UPAP_AUTHNAK;
1114 f = fopen(filename, "r");
1115 if (f == NULL) {
1116 error("Can't open PAP password file %s: %m", filename);
1117
1118 } else {
1119 check_access(f, filename);
1120 if (scan_authfile(f, user, our_name, secret, &addrs, &opts, filename) < 0) {
1121 warn("no PAP secret found for %s", user);
1122 if (scan_server_match_failed[0] != '\0')
1123 warn("possible configuration error: local name is %q, but "
1124 "found %q instead", our_name, scan_server_match_failed);
1125 } else if (secret[0] != '\0') {
1126 /* password given in pap-secrets - must match */
1127 if ((!cryptpap && strcmp(passwd, secret) == 0)
1128 || strcmp(crypt(passwd, secret), secret) == 0)
1129 ret = UPAP_AUTHACK;
1130 else
1131 warn("PAP authentication failure for %s", user);
1132 } else if (uselogin) {
1133 /* empty password in pap-secrets and login option */
1134 ret = plogin(user, passwd, msg);
1135 if (ret == UPAP_AUTHNAK)
1136 warn("PAP login failure for %s", user);
1137 } else {
1138 /* empty password in pap-secrets and login option not used */
1139 ret = UPAP_AUTHACK;
1140 }
1141 (void) fclose(f);
1142 }
1143
1144 if (ret == UPAP_AUTHNAK) {
1145 if (**msg == '\0')
1146 *msg = "Login incorrect";
1147 /*
1148 * Frustrate passwd stealer programs.
1149 * Allow 10 tries, but start backing off after 3 (stolen from login).
1150 * On 10'th, drop the connection.
1151 */
1152 if (attempts++ >= 10) {
1153 warn("%d LOGIN FAILURES ON %s, %s", attempts, devnam, user);
1154 lcp_close(unit, "login failed");
1155 }
1156 if (attempts > 3)
1157 (void) sleep((u_int) (attempts - 3) * 5);
1158 if (opts != NULL)
1159 free_wordlist(opts);
1160
1161 } else {
1162 attempts = 0; /* Reset count */
1163 if (**msg == '\0')
1164 *msg = "Login ok";
1165 set_allowed_addrs(unit, addrs, opts);
1166 }
1167
1168 if (addrs != NULL)
1169 free_wordlist(addrs);
1170 BZERO(passwd, sizeof(passwd));
1171 BZERO(secret, sizeof(secret));
1172
1173 return ret;
1174 }
1175
1176 /*
1177 * This function is needed for PAM.
1178 */
1179
1180 #ifdef ALLOW_PAM
1181 /* Static variables used to communicate between the conversation function
1182 * and the server_login function
1183 */
1184 static char *PAM_username;
1185 static char *PAM_password;
1186 static int PAM_error = 0;
1187 static pam_handle_t *pamh = NULL;
1188
1189 /* PAM conversation function
1190 * Here we assume (for now, at least) that echo on means login name, and
1191 * echo off means password.
1192 */
1193
1194 /*ARGSUSED*/
1195 static int PAM_conv (int num_msg,
1196 #ifndef SOL2
1197 const
1198 #endif
1199 struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
1200 {
1201 int replies = 0;
1202 struct pam_response *reply = NULL;
1203
1204 #define COPY_STRING(s) (s) ? strdup(s) : NULL
1205
1206 reply = malloc(sizeof(struct pam_response) * num_msg);
1207 if (reply == NULL)
1208 return PAM_CONV_ERR;
1209
1210 for (replies = 0; replies < num_msg; replies++) {
1211 switch (msg[replies]->msg_style) {
1212 case PAM_PROMPT_ECHO_ON:
1213 reply[replies].resp_retcode = PAM_SUCCESS;
1214 reply[replies].resp = COPY_STRING(PAM_username);
1215 /* PAM frees resp */
1216 break;
1217 case PAM_PROMPT_ECHO_OFF:
1218 reply[replies].resp_retcode = PAM_SUCCESS;
1219 reply[replies].resp = COPY_STRING(PAM_password);
1220 /* PAM frees resp */
1221 break;
1222 case PAM_TEXT_INFO:
1223 /* fall through */
1224 case PAM_ERROR_MSG:
1225 /* ignore it, but pam still wants a NULL response... */
1226 reply[replies].resp_retcode = PAM_SUCCESS;
1227 reply[replies].resp = NULL;
1228 break;
1229 default:
1230 /* Must be an error of some sort... */
1231 free (reply);
1232 PAM_error = 1;
1233 return PAM_CONV_ERR;
1234 }
1235 }
1236 *resp = reply;
1237 return PAM_SUCCESS;
1238 }
1239
1240 static struct pam_conv PAM_conversation = {
1241 PAM_conv, NULL
1242 };
1243 #endif /* ALLOW_PAM */
1244
1245 /*
1246 * plogin - Check the user name and password against the system
1247 * password database, and login the user if OK.
1248 *
1249 * returns:
1250 * UPAP_AUTHNAK: Login failed.
1251 * UPAP_AUTHACK: Login succeeded.
1252 * In either case, msg points to an appropriate message.
1253 */
1254
1255 static int
1256 plogin(user, passwd, msg)
1257 char *user;
1258 char *passwd;
1259 char **msg;
1260 {
1261 char *tty;
1262 #ifdef HAS_SHADOW
1263 struct spwd *spwd;
1264 #endif
1265 struct passwd *pw = NULL;
1266
1267 #ifdef ALLOW_PAM
1268 int pam_error;
1269
1270 if (use_pam) {
1271 if (debug)
1272 dbglog("using PAM for user authentication");
1273 pam_error = pam_start ("ppp", user, &PAM_conversation, &pamh);
1274 if (pam_error != PAM_SUCCESS) {
1275 *msg = (char *) pam_strerror (pamh, pam_error);
1276 reopen_log();
1277 return UPAP_AUTHNAK;
1278 }
1279 /*
1280 * Define the fields for the credential validation
1281 */
1282
1283 PAM_username = user;
1284 PAM_password = passwd;
1285 PAM_error = 0;
1286 /* this might be useful to some modules; required for Solaris */
1287 tty = devnam;
1288 if (*tty == '\0')
1289 tty = ppp_devnam;
1290 (void) pam_set_item(pamh, PAM_TTY, tty);
1291 #ifdef PAM_RHOST
1292 (void) pam_set_item(pamh, PAM_RHOST, "");
1293 #endif
1294
1295 /*
1296 * Validate the user
1297 */
1298 pam_error = pam_authenticate (pamh, PAM_SILENT);
1299 if (pam_error == PAM_SUCCESS && !PAM_error) {
1300 pam_error = pam_acct_mgmt (pamh, PAM_SILENT);
1301 if (pam_error == PAM_SUCCESS)
1302 (void) pam_open_session (pamh, PAM_SILENT);
1303 }
1304
1305 *msg = (char *) pam_strerror (pamh, pam_error);
1306
1307 /*
1308 * Clean up the mess
1309 */
1310 reopen_log(); /* apparently the PAM stuff does closelog() */
1311 PAM_username = NULL;
1312 PAM_password = NULL;
1313 if (pam_error != PAM_SUCCESS)
1314 return UPAP_AUTHNAK;
1315 } else
1316 #endif /* ALLOW_PAM */
1317
1318 {
1319 if (debug) {
1320 #ifdef HAS_SHADOW
1321 dbglog("using passwd/shadow for user authentication");
1322 #else
1323 dbglog("using passwd for user authentication");
1324 #endif
1325 }
1326 /*
1327 * Use the non-PAM methods directly
1328 */
1329
1330 pw = getpwnam(user);
1331
1332 endpwent();
1333 if (pw == NULL)
1334 return (UPAP_AUTHNAK);
1335
1336 #ifdef HAS_SHADOW
1337 spwd = getspnam(user);
1338 endspent();
1339 if (spwd != NULL) {
1340 /* check the age of the password entry */
1341 long now = time(NULL) / 86400L;
1342
1343 if ((spwd->sp_expire > 0 && now >= spwd->sp_expire)
1344 || ((spwd->sp_max >= 0 && spwd->sp_max < 10000)
1345 && spwd->sp_lstchg >= 0
1346 && now >= spwd->sp_lstchg + spwd->sp_max)) {
1347 warn("Password for %s has expired", user);
1348 return (UPAP_AUTHNAK);
1349 }
1350 pw->pw_passwd = spwd->sp_pwdp;
1351 }
1352 #endif
1353
1354 /*
1355 * If no passwd, don't let them login.
1356 */
1357 if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2 ||
1358 strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0)
1359 return (UPAP_AUTHNAK);
1360 }
1361
1362 /*
1363 * Write a wtmp entry for this user.
1364 */
1365
1366 tty = devnam;
1367 if (strncmp(tty, "/dev/", 5) == 0)
1368 tty += 5;
1369 logwtmp(tty, user, remote_name); /* Add wtmp login entry */
1370
1371 info("user %s logged in", user);
1372 logged_in = 1;
1373
1374 return (UPAP_AUTHACK);
1375 }
1376
1377 /*
1378 * plogout - Logout the user.
1379 */
1380 static void
1381 plogout()
1382 {
1383 char *tty;
1384
1385 #ifdef ALLOW_PAM
1386 int pam_error;
1387
1388 if (use_pam) {
1389 if (pamh != NULL) {
1390 pam_error = pam_close_session (pamh, PAM_SILENT);
1391 (void) pam_end (pamh, pam_error);
1392 pamh = NULL;
1393 }
1394 /* Apparently the pam stuff does closelog(). */
1395 reopen_log();
1396 } else
1397 #endif /* ALLOW_PAM */
1398
1399 {
1400 tty = devnam;
1401 if (strncmp(tty, "/dev/", 5) == 0)
1402 tty += 5;
1403 /* Wipe out utmp logout entry */
1404 logwtmp(tty, "", "");
1405 }
1406 logged_in = 0;
1407 }
1408
1409
1410 /*
1411 * null_login - Check if a username of "" and a password of "" are
1412 * acceptable, and iff so, set the list of acceptable IP addresses
1413 * and return 1.
1414 */
1415 static int
1416 null_login(unit)
1417 int unit;
1418 {
1419 char *filename;
1420 FILE *f;
1421 int i, ret;
1422 struct wordlist *addrs, *opts;
1423 char secret[MAXWORDLEN];
1424
1425 /*
1426 * Open the file of pap secrets and scan for a suitable secret.
1427 */
1428 filename = _PATH_UPAPFILE;
1429 addrs = NULL;
1430 f = fopen(filename, "r");
1431 if (f == NULL)
1432 return 0;
1433 check_access(f, filename);
1434
1435 i = scan_authfile(f, "", our_name, secret, &addrs, &opts, filename);
1436 ret = i >= 0 && secret[0] == '\0';
1437 BZERO(secret, sizeof(secret));
1438
1439 if (ret)
1440 set_allowed_addrs(unit, addrs, opts);
1441 else if (opts != NULL)
1442 free_wordlist(opts);
1443 if (addrs != NULL)
1444 free_wordlist(addrs);
1445
1446 (void) fclose(f);
1447 return ret;
1448 }
1449
1450
1451 /*
1452 * get_pap_passwd - get a password for authenticating ourselves with
1453 * our peer using PAP. Returns 1 on success, 0 if no suitable password
1454 * could be found.
1455 * Assumes passwd points to MAXSECRETLEN bytes of space (if non-null).
1456 */
1457 static int
1458 get_pap_passwd(passwd)
1459 char *passwd;
1460 {
1461 char *filename;
1462 FILE *f;
1463 int ret;
1464 char secret[MAXWORDLEN];
1465
1466 /*
1467 * Check whether a plugin wants to supply this.
1468 */
1469 if (pap_passwd_hook != NULL) {
1470 ret = (*pap_passwd_hook)(user, passwd);
1471 if (ret >= 0)
1472 return ret;
1473 }
1474
1475 filename = _PATH_UPAPFILE;
1476 f = fopen(filename, "r");
1477 if (f == NULL)
1478 return 0;
1479 check_access(f, filename);
1480 ret = scan_authfile(f, user,
1481 (remote_name[0] != '\0' ? remote_name: NULL),
1482 secret, NULL, NULL, filename);
1483 (void) fclose(f);
1484 if (ret < 0)
1485 return 0;
1486 if (passwd != NULL)
1487 (void) strlcpy(passwd, secret, MAXSECRETLEN);
1488 BZERO(secret, sizeof(secret));
1489 return 1;
1490 }
1491
1492
1493 /*
1494 * have_pap_secret - check whether we have a PAP file with any
1495 * secrets that we could possibly use for authenticating the peer.
1496 */
1497 static int
1498 have_pap_secret(lacks_ipp)
1499 int *lacks_ipp;
1500 {
1501 FILE *f;
1502 int ret;
1503 char *filename;
1504 struct wordlist *addrs;
1505
1506 /* let the plugin decide, if there is one */
1507 if (pap_check_hook != NULL) {
1508 ret = (*pap_check_hook)();
1509 if (ret >= 0)
1510 return ret;
1511 }
1512
1513 filename = _PATH_UPAPFILE;
1514 f = fopen(filename, "r");
1515 if (f == NULL)
1516 return 0;
1517
1518 ret = scan_authfile(f, (explicit_remote? remote_name: NULL), our_name,
1519 NULL, &addrs, NULL, filename);
1520 (void) fclose(f);
1521 if (ret >= 0 && !some_ip_ok(addrs)) {
1522 if (lacks_ipp != NULL)
1523 *lacks_ipp = 1;
1524 ret = -1;
1525 }
1526 if (addrs != NULL)
1527 free_wordlist(addrs);
1528
1529 return ret >= 0;
1530 }
1531
1532
1533 /*
1534 * have_chap_secret - check whether we have a CHAP file with a secret
1535 * that we could possibly use for authenticating `client' on `server'.
1536 * Either or both can be the null string, meaning we don't know the
1537 * identity yet.
1538 */
1539 static int
1540 have_chap_secret(client, server, need_ip, lacks_ipp)
1541 char *client;
1542 char *server;
1543 int need_ip;
1544 int *lacks_ipp;
1545 {
1546 FILE *f;
1547 int ret;
1548 char *filename;
1549 struct wordlist *addrs;
1550
1551 filename = _PATH_CHAPFILE;
1552 f = fopen(filename, "r");
1553 if (f == NULL)
1554 return 0;
1555
1556 if (client != NULL && client[0] == '\0')
1557 client = NULL;
1558 if (server != NULL && server[0] == '\0')
1559 server = NULL;
1560
1561 ret = scan_authfile(f, client, server, NULL, &addrs, NULL, filename);
1562 (void) fclose(f);
1563 if (ret >= 0 && need_ip && !some_ip_ok(addrs)) {
1564 if (lacks_ipp != NULL)
1565 *lacks_ipp = 1;
1566 ret = -1;
1567 }
1568 if (addrs != NULL)
1569 free_wordlist(addrs);
1570
1571 return ret >= 0;
1572 }
1573
1574
1575 /*
1576 * get_secret - open the CHAP secret file and return the secret
1577 * for authenticating the given client on the given server.
1578 *
1579 * "am_server" means that we're the authenticator (demanding
1580 * identity from the peer).
1581 *
1582 * "!am_server" means that we're the authenticatee (supplying
1583 * identity to the peer).
1584 */
1585 int
1586 get_secret(unit, client, server, secret, secret_len, am_server)
1587 int unit;
1588 char *client;
1589 char *server;
1590 char *secret;
1591 int *secret_len;
1592 int am_server;
1593 {
1594 FILE *f;
1595 int ret, len;
1596 char *filename;
1597 struct wordlist *addrs, *opts;
1598 char secbuf[MAXWORDLEN];
1599
1600 /*
1601 * Support the 'password' option on authenticatee only in order to
1602 * avoid obvious security problem (authenticator and authenticatee
1603 * within a given implementation must never share secrets).
1604 */
1605 if (!am_server && passwd[0] != '\0') {
1606 (void) strlcpy(secbuf, passwd, sizeof(secbuf));
1607 } else {
1608 filename = _PATH_CHAPFILE;
1609 addrs = NULL;
1610 secbuf[0] = '\0';
1611
1612 f = fopen(filename, "r");
1613 if (f == NULL) {
1614 error("Can't open chap secret file %s: %m", filename);
1615 return 0;
1616 }
1617 check_access(f, filename);
1618
1619 ret = scan_authfile(f, client, server, secbuf, &addrs, &opts,
1620 filename);
1621 (void) fclose(f);
1622 if (ret < 0) {
1623 if (scan_server_match_failed[0] != '\0')
1624 warn("possible configuration error: local name is %q, but "
1625 "found %q instead", our_name, scan_server_match_failed);
1626 return 0;
1627 }
1628
1629 /* Only the authenticator cares about limiting peer addresses. */
1630 if (am_server)
1631 set_allowed_addrs(unit, addrs, opts);
1632 else if (opts != NULL)
1633 free_wordlist(opts);
1634 if (addrs != NULL)
1635 free_wordlist(addrs);
1636 }
1637
1638 len = strlen(secbuf);
1639 if (len > MAXSECRETLEN) {
1640 error("Secret for %s on %s is too long", client, server);
1641 len = MAXSECRETLEN;
1642 }
1643 /* Do not leave a temporary copy of the secret on the stack. */
1644 BCOPY(secbuf, secret, len);
1645 BZERO(secbuf, sizeof(secbuf));
1646 *secret_len = len;
1647
1648 return 1;
1649 }
1650
1651 /*
1652 * set_allowed_addrs() - set the list of allowed addresses.
1653 * The caller must also look for `--' indicating options to apply for
1654 * this peer and leaves the following words in extra_options.
1655 */
1656 static void
1657 set_allowed_addrs(unit, addrs, opts)
1658 int unit;
1659 struct wordlist *addrs;
1660 struct wordlist *opts;
1661 {
1662 int n;
1663 struct wordlist *ap, **pap;
1664 struct permitted_ip *ip;
1665 char *ptr_word, *ptr_mask;
1666 struct hostent *hp;
1667 struct netent *np;
1668 u_int32_t a, mask, newmask, ah, offset;
1669 struct ipcp_options *wo = &ipcp_wantoptions[unit];
1670 u_int32_t suggested_ip = 0;
1671 int err_num;
1672
1673 free(addresses[unit]);
1674 addresses[unit] = NULL;
1675 if (extra_options != NULL)
1676 free_wordlist(extra_options);
1677 extra_options = opts;
1678
1679 /*
1680 * Count the number of IP addresses given.
1681 */
1682 for (n = 0, pap = &addrs; (ap = *pap) != NULL; pap = &ap->next)
1683 ++n;
1684 if (n == 0)
1685 return;
1686 ip = (struct permitted_ip *) malloc((n + 1) * sizeof(struct permitted_ip));
1687 if (ip == NULL)
1688 return;
1689
1690 n = 0;
1691 for (ap = addrs; ap != NULL; ap = ap->next) {
1692 /* "-" means no addresses authorized, "*" means any address allowed */
1693 ptr_word = ap->word;
1694 if (strcmp(ptr_word, "-") == 0)
1695 break;
1696 if (strcmp(ptr_word, "*") == 0) {
1697 ip[n].permit = 1;
1698 ip[n].base = ip[n].mask = 0;
1699 ++n;
1700 break;
1701 }
1702
1703 ip[n].permit = 1;
1704 if (*ptr_word == '!') {
1705 ip[n].permit = 0;
1706 ++ptr_word;
1707 }
1708
1709 mask = ~ (u_int32_t) 0;
1710 offset = 0;
1711 ptr_mask = strchr (ptr_word, '/');
1712 if (ptr_mask != NULL) {
1713 int bit_count;
1714 char *endp;
1715
1716 bit_count = (int) strtol (ptr_mask+1, &endp, 10);
1717 if (bit_count <= 0 || bit_count > 32) {
1718 warn("invalid address length %v in authorized address list",
1719 ptr_mask+1);
1720 continue;
1721 }
1722 bit_count = 32 - bit_count; /* # bits in host part */
1723 if (*endp == '+') {
1724 offset = ifunit + 1;
1725 ++endp;
1726 }
1727 if (*endp != '\0') {
1728 warn("invalid address length syntax: %v", ptr_mask+1);
1729 continue;
1730 }
1731 *ptr_mask = '\0';
1732 mask <<= bit_count;
1733 }
1734
1735 /* Try to interpret value as host name or numeric address first */
1736 hp = getipnodebyname(ptr_word, AF_INET, 0, &err_num);
1737 if (hp != NULL) {
1738 (void) memcpy(&a, hp->h_addr, sizeof(a));
1739 freehostent(hp);
1740 } else {
1741 char *cp = ptr_word + strlen(ptr_word);
1742 if (cp > ptr_word)
1743 cp--;
1744 if (*cp == '+') {
1745 offset = ifunit + 1;
1746 *cp = '\0';
1747 }
1748 np = getnetbyname (ptr_word);
1749 if (np != NULL && np->n_addrtype == AF_INET) {
1750 ah = np->n_net;
1751 newmask = (u_int32_t)~0;
1752 if ((ah & 0xff000000ul) == 0)
1753 ah <<= 8, newmask <<= 8;
1754 if ((ah & 0xff000000ul) == 0)
1755 ah <<= 8, newmask <<= 8;
1756 if ((ah & 0xff000000ul) == 0)
1757 ah <<= 8, newmask <<= 8;
1758 if (ptr_mask == NULL)
1759 mask = newmask;
1760 a = htonl(ah);
1761 }
1762 }
1763
1764 if (ptr_mask != NULL)
1765 *ptr_mask = '/';
1766
1767 if (a == (u_int32_t)-1L) {
1768 warn("unknown host %s in auth. address list", ap->word);
1769 continue;
1770 }
1771 if (offset != 0) {
1772 if (offset >= ~mask) {
1773 warn("interface unit %d too large for subnet %v",
1774 ifunit, ptr_word);
1775 continue;
1776 }
1777 a = htonl((ntohl(a) & mask) + offset);
1778 mask = ~(u_int32_t)0;
1779 }
1780 ip[n].mask = htonl(mask);
1781 ip[n].base = a & ip[n].mask;
1782 ++n;
1783 if (~mask == 0 && suggested_ip == 0)
1784 suggested_ip = a;
1785 }
1786
1787 /* Sentinel value at end of list */
1788 ip[n].permit = 0; /* make the last entry forbid all addresses */
1789 ip[n].base = 0; /* to terminate the list */
1790 ip[n].mask = 0;
1791
1792 addresses[unit] = ip;
1793
1794 /*
1795 * If the address given for the peer isn't authorized, or if
1796 * the user hasn't given one, AND there is an authorized address
1797 * which is a single host, then use that if we find one.
1798 */
1799 if (suggested_ip != 0
1800 && (wo->hisaddr == 0 || !auth_ip_addr(unit, wo->hisaddr)))
1801 wo->hisaddr = suggested_ip;
1802 }
1803
1804 /*
1805 * auth_ip_addr - check whether the peer is authorized to use
1806 * a given IP address. Returns 1 if authorized, 0 otherwise.
1807 */
1808 int
1809 auth_ip_addr(unit, addr)
1810 int unit;
1811 u_int32_t addr;
1812 {
1813 int ok;
1814
1815 /* don't allow loopback or multicast address */
1816 if (bad_ip_adrs(addr))
1817 return 0;
1818
1819 if (addresses[unit] != NULL) {
1820 ok = ip_addr_check(addr, addresses[unit]);
1821 if (ok >= 0)
1822 return ok;
1823 }
1824 if (auth_required)
1825 return 0; /* no addresses authorized */
1826 return allow_any_ip || privileged || !have_route_to(addr);
1827 }
1828
1829 static int
1830 ip_addr_check(addr, addrs)
1831 u_int32_t addr;
1832 struct permitted_ip *addrs;
1833 {
1834 /* This loop is safe because of the sentinel value in set_allowed_addrs */
1835 for (; ; ++addrs)
1836 if ((addr & addrs->mask) == addrs->base)
1837 return addrs->permit;
1838 }
1839
1840 /*
1841 * bad_ip_adrs - return 1 if the IP address is one we don't want
1842 * to use, such as an address in the loopback net or a multicast address.
1843 * addr is in network byte order.
1844 */
1845 int
1846 bad_ip_adrs(addr)
1847 u_int32_t addr;
1848 {
1849 addr = ntohl(addr);
1850 return
1851 #ifndef ALLOW_127_NET
1852 (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
1853 #endif
1854 #ifndef ALLOW_0_NET
1855 ((addr >> IN_CLASSA_NSHIFT) == 0 && addr != 0) ||
1856 #endif
1857 IN_MULTICAST(addr);
1858 }
1859
1860 /*
1861 * some_ip_ok - check a wordlist to see if it authorizes any
1862 * IP address(es).
1863 */
1864 static int
1865 some_ip_ok(addrs)
1866 struct wordlist *addrs;
1867 {
1868 for (; addrs != NULL; addrs = addrs->next) {
1869 if (addrs->word[0] == '-')
1870 break;
1871 if (addrs->word[0] != '!')
1872 return 1; /* some IP address is allowed */
1873 }
1874 return 0;
1875 }
1876
1877 /*
1878 * check_access - complain if a secret file has too-liberal permissions.
1879 */
1880 static void
1881 check_access(f, filename)
1882 FILE *f;
1883 char *filename;
1884 {
1885 struct stat sbuf;
1886
1887 if (fstat(fileno(f), &sbuf) < 0) {
1888 warn("cannot stat secret file %s: %m", filename);
1889 } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
1890 warn("Warning - secret file %s has world and/or group access",
1891 filename);
1892 }
1893 }
1894
1895
1896 /*
1897 * scan_authfile - Scan an authorization file for a secret suitable
1898 * for authenticating `client' on `server'. The return value is -1 if
1899 * no secret is found, otherwise >= 0. The return value has
1900 * NONWILD_CLIENT set if the secret didn't have "*" for the client,
1901 * and NONWILD_SERVER set if the secret didn't have "*" for the
1902 * server.
1903
1904 * Any following words on the line up to a "--" (i.e. address
1905 * authorization info) are placed in a wordlist and returned in
1906 * *addrs. Any following words (extra options) are placed in a
1907 * wordlist and returned in *opts. If opts is NULL, these are just
1908 * discarded. Otherwise, the extra_opt_* variables are set to
1909 * indicate the source of the options.
1910 *
1911 * We assume secret is NULL or points to MAXWORDLEN bytes of space.
1912 */
1913 static int
1914 scan_authfile(f, client, server, secret, addrs, opts, filename)
1915 FILE *f;
1916 char *client;
1917 char *server;
1918 char *secret;
1919 struct wordlist **addrs;
1920 struct wordlist **opts;
1921 char *filename;
1922 {
1923 int newline, xxx, sline;
1924 int got_flag, best_flag;
1925 FILE *sf;
1926 struct wordlist *ap, *addr_list, *alist, **app;
1927 char word[MAXWORDLEN];
1928 char atfile[MAXWORDLEN];
1929 char lsecret[MAXWORDLEN];
1930
1931 scan_server_match_failed[0] = '\0';
1932
1933 if (addrs != NULL)
1934 *addrs = NULL;
1935 if (opts != NULL)
1936 *opts = NULL;
1937 addr_list = NULL;
1938 option_line = 0;
1939 if (!getword(f, word, &newline, filename)) {
1940 if (debug)
1941 dbglog("%s is apparently empty", filename);
1942 return -1; /* file is empty??? */
1943 }
1944 newline = 1;
1945 best_flag = -1;
1946 for (;;) {
1947 /*
1948 * Skip until we find a word at the start of a line.
1949 */
1950 while (!newline && getword(f, word, &newline, filename))
1951 ;
1952 if (!newline)
1953 break; /* got to end of file */
1954
1955 sline = option_line;
1956 /*
1957 * Got a client - check if it's a match or a wildcard.
1958 */
1959 got_flag = 0;
1960 if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) {
1961 newline = 0;
1962 continue;
1963 }
1964 if (!ISWILD(word))
1965 got_flag = NONWILD_CLIENT;
1966
1967 /*
1968 * Now get a server and check if it matches.
1969 */
1970 if (!getword(f, word, &newline, filename))
1971 break;
1972 if (newline)
1973 continue;
1974 if (!ISWILD(word)) {
1975 if (server != NULL && strcmp(word, server) != 0) {
1976 (void) strcpy(scan_server_match_failed, word);
1977 continue;
1978 }
1979 got_flag |= NONWILD_SERVER;
1980 }
1981
1982 /*
1983 * Got some sort of a match - see if it's better than what
1984 * we have already.
1985 */
1986 if (got_flag <= best_flag)
1987 continue;
1988
1989 /*
1990 * Get the secret.
1991 */
1992 if (!getword(f, word, &newline, filename))
1993 break;
1994 if (newline)
1995 continue;
1996
1997 /*
1998 * Special syntax: @filename means read secret from file.
1999 * Because the secrets files are modifiable only by root,
2000 * it's safe to open this file as root. One small addition --
2001 * if open fails, we try as the regular user; just in case
2002 * it's over NFS and not root-equivalent.
2003 */
2004 if (word[0] == '@') {
2005 (void) strlcpy(atfile, word+1, sizeof(atfile));
2006 if ((sf = fopen(atfile, "r")) == NULL) {
2007 (void) seteuid(getuid());
2008 sf = fopen(atfile, "r");
2009 (void) seteuid(0);
2010 }
2011 if (sf == NULL) {
2012 warn("can't open indirect secret file %s: %m", atfile);
2013 continue;
2014 }
2015 check_access(sf, atfile);
2016 if (!getword(sf, word, &xxx, atfile)) {
2017 warn("no secret in indirect secret file %s", atfile);
2018 (void) fclose(sf);
2019 continue;
2020 }
2021 (void) fclose(sf);
2022 }
2023 if (secret != NULL)
2024 (void) strlcpy(lsecret, word, sizeof(lsecret));
2025
2026 /*
2027 * Now read address authorization info and make a wordlist.
2028 */
2029 app = &alist;
2030 for (;;) {
2031 if (!getword(f, word, &newline, filename) || newline)
2032 break;
2033 ap = (struct wordlist *) malloc(sizeof(struct wordlist));
2034 if (ap == NULL)
2035 novm("authorized addresses");
2036 ap->word = strdup(word);
2037 if (ap->word == NULL)
2038 novm("authorized addresses");
2039 *app = ap;
2040 app = &ap->next;
2041 }
2042 *app = NULL;
2043
2044 /*
2045 * This is the best so far; remember it.
2046 */
2047 best_flag = got_flag;
2048 if (addr_list != NULL)
2049 free_wordlist(addr_list);
2050 addr_list = alist;
2051 if (secret != NULL)
2052 (void) strlcpy(secret, lsecret, MAXWORDLEN);
2053
2054 if (opts != NULL) {
2055 extra_opt_filename = filename;
2056 extra_opt_line = sline;
2057 }
2058
2059 if (!newline)
2060 break;
2061 }
2062
2063 /* scan for a -- word indicating the start of options */
2064 for (app = &addr_list; (ap = *app) != NULL; app = &ap->next)
2065 if (strcmp(ap->word, "--") == 0)
2066 break;
2067 /* ap = start of options */
2068 if (ap != NULL) {
2069 ap = ap->next; /* first option */
2070 free(*app); /* free the "--" word */
2071 *app = NULL; /* terminate addr list */
2072 }
2073 if (opts != NULL)
2074 *opts = ap;
2075 else if (ap != NULL)
2076 free_wordlist(ap);
2077 if (addrs != NULL)
2078 *addrs = addr_list;
2079 else if (addr_list != NULL)
2080 free_wordlist(addr_list);
2081
2082 return best_flag;
2083 }
2084
2085 /*
2086 * free_wordlist - release memory allocated for a wordlist.
2087 */
2088 static void
2089 free_wordlist(wp)
2090 struct wordlist *wp;
2091 {
2092 struct wordlist *next;
2093
2094 while (wp != NULL) {
2095 next = wp->next;
2096 free(wp);
2097 wp = next;
2098 }
2099 }
2100
2101 /*
2102 * auth_script_done - called when the auth-up or auth-down script
2103 * has finished.
2104 */
2105 /*ARGSUSED*/
2106 static void
2107 auth_script_done(arg, status)
2108 void *arg;
2109 int status;
2110 {
2111 auth_script_pid = 0;
2112 switch (auth_script_state) {
2113 case s_up:
2114 if (auth_state == s_down) {
2115 auth_script_state = s_down;
2116 auth_script(_PATH_AUTHDOWN);
2117 }
2118 break;
2119 case s_down:
2120 if (auth_state == s_up) {
2121 auth_script_state = s_up;
2122 auth_script(_PATH_AUTHUP);
2123 }
2124 break;
2125 }
2126 }
2127
2128 /*
2129 * auth_script - execute a script with arguments
2130 * interface-name peer-name real-user tty speed
2131 */
2132 static void
2133 auth_script(script)
2134 char *script;
2135 {
2136 char strspeed[32];
2137 struct passwd *pw;
2138 char struid[32];
2139 char *user_name;
2140 char *argv[8];
2141
2142 if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL)
2143 user_name = pw->pw_name;
2144 else {
2145 (void) slprintf(struid, sizeof(struid), "%d", getuid());
2146 user_name = struid;
2147 }
2148 (void) slprintf(strspeed, sizeof(strspeed), "%d", baud_rate);
2149
2150 argv[0] = script;
2151 argv[1] = ifname;
2152 argv[2] = peer_authname;
2153 argv[3] = user_name;
2154 argv[4] = devnam;
2155 argv[5] = strspeed;
2156 argv[6] = NULL;
2157
2158 auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL);
2159 }
unleashed repo fork