1 | /*****************************************************************************
|
---|
2 | * pap.c - Network Password Authentication Protocol program file.
|
---|
3 | *
|
---|
4 | * Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
|
---|
5 | * portions Copyright (c) 1997 by Global Election Systems Inc.
|
---|
6 | *
|
---|
7 | * The authors hereby grant permission to use, copy, modify, distribute,
|
---|
8 | * and license this software and its documentation for any purpose, provided
|
---|
9 | * that existing copyright notices are retained in all copies and that this
|
---|
10 | * notice and the following disclaimer are included verbatim in any
|
---|
11 | * distributions. No written agreement, license, or royalty fee is required
|
---|
12 | * for any of the authorized uses.
|
---|
13 | *
|
---|
14 | * THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
|
---|
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
---|
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
---|
17 | * IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
---|
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
---|
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
---|
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
---|
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
---|
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
---|
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
---|
24 | *
|
---|
25 | ******************************************************************************
|
---|
26 | * REVISION HISTORY
|
---|
27 | *
|
---|
28 | * 03-01-01 Marc Boucher <marc@mbsi.ca>
|
---|
29 | * Ported to lwIP.
|
---|
30 | * 97-12-12 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
|
---|
31 | * Original.
|
---|
32 | *****************************************************************************/
|
---|
33 | /*
|
---|
34 | * upap.c - User/Password Authentication Protocol.
|
---|
35 | *
|
---|
36 | * Copyright (c) 1989 Carnegie Mellon University.
|
---|
37 | * All rights reserved.
|
---|
38 | *
|
---|
39 | * Redistribution and use in source and binary forms are permitted
|
---|
40 | * provided that the above copyright notice and this paragraph are
|
---|
41 | * duplicated in all such forms and that any documentation,
|
---|
42 | * advertising materials, and other materials related to such
|
---|
43 | * distribution and use acknowledge that the software was developed
|
---|
44 | * by Carnegie Mellon University. The name of the
|
---|
45 | * University may not be used to endorse or promote products derived
|
---|
46 | * from this software without specific prior written permission.
|
---|
47 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
|
---|
48 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
|
---|
49 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
---|
50 | */
|
---|
51 |
|
---|
52 | #include "lwip/opt.h"
|
---|
53 |
|
---|
54 | #if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
|
---|
55 |
|
---|
56 | #if PAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
|
---|
57 |
|
---|
58 | #include "ppp_impl.h"
|
---|
59 | #include "pppdebug.h"
|
---|
60 |
|
---|
61 | #include "auth.h"
|
---|
62 | #include "pap.h"
|
---|
63 |
|
---|
64 | #include <string.h>
|
---|
65 |
|
---|
66 | #if 0 /* UNUSED */
|
---|
67 | static bool hide_password = 1;
|
---|
68 |
|
---|
69 | /*
|
---|
70 | * Command-line options.
|
---|
71 | */
|
---|
72 | static option_t pap_option_list[] = {
|
---|
73 | { "hide-password", o_bool, &hide_password,
|
---|
74 | "Don't output passwords to log", 1 },
|
---|
75 | { "show-password", o_bool, &hide_password,
|
---|
76 | "Show password string in debug log messages", 0 },
|
---|
77 | { "pap-restart", o_int, &upap[0].us_timeouttime,
|
---|
78 | "Set retransmit timeout for PAP" },
|
---|
79 | { "pap-max-authreq", o_int, &upap[0].us_maxtransmits,
|
---|
80 | "Set max number of transmissions for auth-reqs" },
|
---|
81 | { "pap-timeout", o_int, &upap[0].us_reqtimeout,
|
---|
82 | "Set time limit for peer PAP authentication" },
|
---|
83 | { NULL }
|
---|
84 | };
|
---|
85 | #endif
|
---|
86 |
|
---|
87 | /*
|
---|
88 | * Protocol entry points.
|
---|
89 | */
|
---|
90 | static void upap_init (int);
|
---|
91 | static void upap_lowerup (int);
|
---|
92 | static void upap_lowerdown (int);
|
---|
93 | static void upap_input (int, u_char *, int);
|
---|
94 | static void upap_protrej (int);
|
---|
95 | #if PPP_ADDITIONAL_CALLBACKS
|
---|
96 | static int upap_printpkt (u_char *, int, void (*)(void *, char *, ...), void *);
|
---|
97 | #endif /* PPP_ADDITIONAL_CALLBACKS */
|
---|
98 |
|
---|
99 | struct protent pap_protent = {
|
---|
100 | PPP_PAP,
|
---|
101 | upap_init,
|
---|
102 | upap_input,
|
---|
103 | upap_protrej,
|
---|
104 | upap_lowerup,
|
---|
105 | upap_lowerdown,
|
---|
106 | NULL,
|
---|
107 | NULL,
|
---|
108 | #if PPP_ADDITIONAL_CALLBACKS
|
---|
109 | upap_printpkt,
|
---|
110 | NULL,
|
---|
111 | #endif /* PPP_ADDITIONAL_CALLBACKS */
|
---|
112 | 1,
|
---|
113 | "PAP",
|
---|
114 | #if PPP_ADDITIONAL_CALLBACKS
|
---|
115 | NULL,
|
---|
116 | NULL,
|
---|
117 | NULL
|
---|
118 | #endif /* PPP_ADDITIONAL_CALLBACKS */
|
---|
119 | };
|
---|
120 |
|
---|
121 | upap_state upap[NUM_PPP]; /* UPAP state; one for each unit */
|
---|
122 |
|
---|
123 | static void upap_timeout (void *);
|
---|
124 | static void upap_reqtimeout(void *);
|
---|
125 | static void upap_rauthreq (upap_state *, u_char *, u_char, int);
|
---|
126 | static void upap_rauthack (upap_state *, u_char *, int, int);
|
---|
127 | static void upap_rauthnak (upap_state *, u_char *, int, int);
|
---|
128 | static void upap_sauthreq (upap_state *);
|
---|
129 | static void upap_sresp (upap_state *, u_char, u_char, char *, int);
|
---|
130 |
|
---|
131 |
|
---|
132 | /*
|
---|
133 | * upap_init - Initialize a UPAP unit.
|
---|
134 | */
|
---|
135 | static void
|
---|
136 | upap_init(int unit)
|
---|
137 | {
|
---|
138 | upap_state *u = &upap[unit];
|
---|
139 |
|
---|
140 | UPAPDEBUG(LOG_INFO, ("upap_init: %d\n", unit));
|
---|
141 | u->us_unit = unit;
|
---|
142 | u->us_user = NULL;
|
---|
143 | u->us_userlen = 0;
|
---|
144 | u->us_passwd = NULL;
|
---|
145 | u->us_passwdlen = 0;
|
---|
146 | u->us_clientstate = UPAPCS_INITIAL;
|
---|
147 | u->us_serverstate = UPAPSS_INITIAL;
|
---|
148 | u->us_id = 0;
|
---|
149 | u->us_timeouttime = UPAP_DEFTIMEOUT;
|
---|
150 | u->us_maxtransmits = 10;
|
---|
151 | u->us_reqtimeout = UPAP_DEFREQTIME;
|
---|
152 | }
|
---|
153 |
|
---|
154 | /*
|
---|
155 | * upap_authwithpeer - Authenticate us with our peer (start client).
|
---|
156 | *
|
---|
157 | * Set new state and send authenticate's.
|
---|
158 | */
|
---|
159 | void
|
---|
160 | upap_authwithpeer(int unit, char *user, char *password)
|
---|
161 | {
|
---|
162 | upap_state *u = &upap[unit];
|
---|
163 |
|
---|
164 | UPAPDEBUG(LOG_INFO, ("upap_authwithpeer: %d user=%s password=%s s=%d\n",
|
---|
165 | unit, user, password, u->us_clientstate));
|
---|
166 |
|
---|
167 | /* Save the username and password we're given */
|
---|
168 | u->us_user = user;
|
---|
169 | u->us_userlen = (int)strlen(user);
|
---|
170 | u->us_passwd = password;
|
---|
171 | u->us_passwdlen = (int)strlen(password);
|
---|
172 |
|
---|
173 | u->us_transmits = 0;
|
---|
174 |
|
---|
175 | /* Lower layer up yet? */
|
---|
176 | if (u->us_clientstate == UPAPCS_INITIAL ||
|
---|
177 | u->us_clientstate == UPAPCS_PENDING) {
|
---|
178 | u->us_clientstate = UPAPCS_PENDING;
|
---|
179 | return;
|
---|
180 | }
|
---|
181 |
|
---|
182 | upap_sauthreq(u); /* Start protocol */
|
---|
183 | }
|
---|
184 |
|
---|
185 |
|
---|
186 | /*
|
---|
187 | * upap_authpeer - Authenticate our peer (start server).
|
---|
188 | *
|
---|
189 | * Set new state.
|
---|
190 | */
|
---|
191 | void
|
---|
192 | upap_authpeer(int unit)
|
---|
193 | {
|
---|
194 | upap_state *u = &upap[unit];
|
---|
195 |
|
---|
196 | /* Lower layer up yet? */
|
---|
197 | if (u->us_serverstate == UPAPSS_INITIAL ||
|
---|
198 | u->us_serverstate == UPAPSS_PENDING) {
|
---|
199 | u->us_serverstate = UPAPSS_PENDING;
|
---|
200 | return;
|
---|
201 | }
|
---|
202 |
|
---|
203 | u->us_serverstate = UPAPSS_LISTEN;
|
---|
204 | if (u->us_reqtimeout > 0) {
|
---|
205 | TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
|
---|
206 | }
|
---|
207 | }
|
---|
208 |
|
---|
209 | /*
|
---|
210 | * upap_timeout - Retransmission timer for sending auth-reqs expired.
|
---|
211 | */
|
---|
212 | static void
|
---|
213 | upap_timeout(void *arg)
|
---|
214 | {
|
---|
215 | upap_state *u = (upap_state *) arg;
|
---|
216 |
|
---|
217 | UPAPDEBUG(LOG_INFO, ("upap_timeout: %d timeout %d expired s=%d\n",
|
---|
218 | u->us_unit, u->us_timeouttime, u->us_clientstate));
|
---|
219 |
|
---|
220 | if (u->us_clientstate != UPAPCS_AUTHREQ) {
|
---|
221 | UPAPDEBUG(LOG_INFO, ("upap_timeout: not in AUTHREQ state!\n"));
|
---|
222 | return;
|
---|
223 | }
|
---|
224 |
|
---|
225 | if (u->us_transmits >= u->us_maxtransmits) {
|
---|
226 | /* give up in disgust */
|
---|
227 | UPAPDEBUG(LOG_ERR, ("No response to PAP authenticate-requests\n"));
|
---|
228 | u->us_clientstate = UPAPCS_BADAUTH;
|
---|
229 | auth_withpeer_fail(u->us_unit, PPP_PAP);
|
---|
230 | return;
|
---|
231 | }
|
---|
232 |
|
---|
233 | upap_sauthreq(u); /* Send Authenticate-Request and set upap timeout*/
|
---|
234 | }
|
---|
235 |
|
---|
236 |
|
---|
237 | /*
|
---|
238 | * upap_reqtimeout - Give up waiting for the peer to send an auth-req.
|
---|
239 | */
|
---|
240 | static void
|
---|
241 | upap_reqtimeout(void *arg)
|
---|
242 | {
|
---|
243 | upap_state *u = (upap_state *) arg;
|
---|
244 |
|
---|
245 | if (u->us_serverstate != UPAPSS_LISTEN) {
|
---|
246 | return; /* huh?? */
|
---|
247 | }
|
---|
248 |
|
---|
249 | auth_peer_fail(u->us_unit, PPP_PAP);
|
---|
250 | u->us_serverstate = UPAPSS_BADAUTH;
|
---|
251 | }
|
---|
252 |
|
---|
253 |
|
---|
254 | /*
|
---|
255 | * upap_lowerup - The lower layer is up.
|
---|
256 | *
|
---|
257 | * Start authenticating if pending.
|
---|
258 | */
|
---|
259 | static void
|
---|
260 | upap_lowerup(int unit)
|
---|
261 | {
|
---|
262 | upap_state *u = &upap[unit];
|
---|
263 |
|
---|
264 | UPAPDEBUG(LOG_INFO, ("upap_lowerup: init %d clientstate s=%d\n", unit, u->us_clientstate));
|
---|
265 |
|
---|
266 | if (u->us_clientstate == UPAPCS_INITIAL) {
|
---|
267 | u->us_clientstate = UPAPCS_CLOSED;
|
---|
268 | } else if (u->us_clientstate == UPAPCS_PENDING) {
|
---|
269 | upap_sauthreq(u); /* send an auth-request */
|
---|
270 | /* now client state is UPAPCS__AUTHREQ */
|
---|
271 | }
|
---|
272 |
|
---|
273 | if (u->us_serverstate == UPAPSS_INITIAL) {
|
---|
274 | u->us_serverstate = UPAPSS_CLOSED;
|
---|
275 | } else if (u->us_serverstate == UPAPSS_PENDING) {
|
---|
276 | u->us_serverstate = UPAPSS_LISTEN;
|
---|
277 | if (u->us_reqtimeout > 0) {
|
---|
278 | TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
|
---|
279 | }
|
---|
280 | }
|
---|
281 | }
|
---|
282 |
|
---|
283 |
|
---|
284 | /*
|
---|
285 | * upap_lowerdown - The lower layer is down.
|
---|
286 | *
|
---|
287 | * Cancel all timeouts.
|
---|
288 | */
|
---|
289 | static void
|
---|
290 | upap_lowerdown(int unit)
|
---|
291 | {
|
---|
292 | upap_state *u = &upap[unit];
|
---|
293 |
|
---|
294 | UPAPDEBUG(LOG_INFO, ("upap_lowerdown: %d s=%d\n", unit, u->us_clientstate));
|
---|
295 |
|
---|
296 | if (u->us_clientstate == UPAPCS_AUTHREQ) { /* Timeout pending? */
|
---|
297 | UNTIMEOUT(upap_timeout, u); /* Cancel timeout */
|
---|
298 | }
|
---|
299 | if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0) {
|
---|
300 | UNTIMEOUT(upap_reqtimeout, u);
|
---|
301 | }
|
---|
302 |
|
---|
303 | u->us_clientstate = UPAPCS_INITIAL;
|
---|
304 | u->us_serverstate = UPAPSS_INITIAL;
|
---|
305 | }
|
---|
306 |
|
---|
307 |
|
---|
308 | /*
|
---|
309 | * upap_protrej - Peer doesn't speak this protocol.
|
---|
310 | *
|
---|
311 | * This shouldn't happen. In any case, pretend lower layer went down.
|
---|
312 | */
|
---|
313 | static void
|
---|
314 | upap_protrej(int unit)
|
---|
315 | {
|
---|
316 | upap_state *u = &upap[unit];
|
---|
317 |
|
---|
318 | if (u->us_clientstate == UPAPCS_AUTHREQ) {
|
---|
319 | UPAPDEBUG(LOG_ERR, ("PAP authentication failed due to protocol-reject\n"));
|
---|
320 | auth_withpeer_fail(unit, PPP_PAP);
|
---|
321 | }
|
---|
322 | if (u->us_serverstate == UPAPSS_LISTEN) {
|
---|
323 | UPAPDEBUG(LOG_ERR, ("PAP authentication of peer failed (protocol-reject)\n"));
|
---|
324 | auth_peer_fail(unit, PPP_PAP);
|
---|
325 | }
|
---|
326 | upap_lowerdown(unit);
|
---|
327 | }
|
---|
328 |
|
---|
329 |
|
---|
330 | /*
|
---|
331 | * upap_input - Input UPAP packet.
|
---|
332 | */
|
---|
333 | static void
|
---|
334 | upap_input(int unit, u_char *inpacket, int l)
|
---|
335 | {
|
---|
336 | upap_state *u = &upap[unit];
|
---|
337 | u_char *inp;
|
---|
338 | u_char code, id;
|
---|
339 | int len;
|
---|
340 |
|
---|
341 | /*
|
---|
342 | * Parse header (code, id and length).
|
---|
343 | * If packet too short, drop it.
|
---|
344 | */
|
---|
345 | inp = inpacket;
|
---|
346 | if (l < (int)UPAP_HEADERLEN) {
|
---|
347 | UPAPDEBUG(LOG_INFO, ("pap_input: rcvd short header.\n"));
|
---|
348 | return;
|
---|
349 | }
|
---|
350 | GETCHAR(code, inp);
|
---|
351 | GETCHAR(id, inp);
|
---|
352 | GETSHORT(len, inp);
|
---|
353 | if (len < (int)UPAP_HEADERLEN) {
|
---|
354 | UPAPDEBUG(LOG_INFO, ("pap_input: rcvd illegal length.\n"));
|
---|
355 | return;
|
---|
356 | }
|
---|
357 | if (len > l) {
|
---|
358 | UPAPDEBUG(LOG_INFO, ("pap_input: rcvd short packet.\n"));
|
---|
359 | return;
|
---|
360 | }
|
---|
361 | len -= UPAP_HEADERLEN;
|
---|
362 |
|
---|
363 | /*
|
---|
364 | * Action depends on code.
|
---|
365 | */
|
---|
366 | switch (code) {
|
---|
367 | case UPAP_AUTHREQ:
|
---|
368 | upap_rauthreq(u, inp, id, len);
|
---|
369 | break;
|
---|
370 |
|
---|
371 | case UPAP_AUTHACK:
|
---|
372 | upap_rauthack(u, inp, id, len);
|
---|
373 | break;
|
---|
374 |
|
---|
375 | case UPAP_AUTHNAK:
|
---|
376 | upap_rauthnak(u, inp, id, len);
|
---|
377 | break;
|
---|
378 |
|
---|
379 | default: /* XXX Need code reject */
|
---|
380 | UPAPDEBUG(LOG_INFO, ("pap_input: UNHANDLED default: code: %d, id: %d, len: %d.\n", code, id, len));
|
---|
381 | break;
|
---|
382 | }
|
---|
383 | }
|
---|
384 |
|
---|
385 |
|
---|
386 | /*
|
---|
387 | * upap_rauth - Receive Authenticate.
|
---|
388 | */
|
---|
389 | static void
|
---|
390 | upap_rauthreq(upap_state *u, u_char *inp, u_char id, int len)
|
---|
391 | {
|
---|
392 | u_char ruserlen, rpasswdlen;
|
---|
393 | char *ruser, *rpasswd;
|
---|
394 | u_char retcode;
|
---|
395 | char *msg;
|
---|
396 | int msglen;
|
---|
397 |
|
---|
398 | UPAPDEBUG(LOG_INFO, ("pap_rauth: Rcvd id %d.\n", id));
|
---|
399 |
|
---|
400 | if (u->us_serverstate < UPAPSS_LISTEN) {
|
---|
401 | return;
|
---|
402 | }
|
---|
403 |
|
---|
404 | /*
|
---|
405 | * If we receive a duplicate authenticate-request, we are
|
---|
406 | * supposed to return the same status as for the first request.
|
---|
407 | */
|
---|
408 | if (u->us_serverstate == UPAPSS_OPEN) {
|
---|
409 | upap_sresp(u, UPAP_AUTHACK, id, "", 0); /* return auth-ack */
|
---|
410 | return;
|
---|
411 | }
|
---|
412 | if (u->us_serverstate == UPAPSS_BADAUTH) {
|
---|
413 | upap_sresp(u, UPAP_AUTHNAK, id, "", 0); /* return auth-nak */
|
---|
414 | return;
|
---|
415 | }
|
---|
416 |
|
---|
417 | /*
|
---|
418 | * Parse user/passwd.
|
---|
419 | */
|
---|
420 | if (len < (int)sizeof (u_char)) {
|
---|
421 | UPAPDEBUG(LOG_INFO, ("pap_rauth: rcvd short packet.\n"));
|
---|
422 | return;
|
---|
423 | }
|
---|
424 | GETCHAR(ruserlen, inp);
|
---|
425 | len -= sizeof (u_char) + ruserlen + sizeof (u_char);
|
---|
426 | if (len < 0) {
|
---|
427 | UPAPDEBUG(LOG_INFO, ("pap_rauth: rcvd short packet.\n"));
|
---|
428 | return;
|
---|
429 | }
|
---|
430 | ruser = (char *) inp;
|
---|
431 | INCPTR(ruserlen, inp);
|
---|
432 | GETCHAR(rpasswdlen, inp);
|
---|
433 | if (len < rpasswdlen) {
|
---|
434 | UPAPDEBUG(LOG_INFO, ("pap_rauth: rcvd short packet.\n"));
|
---|
435 | return;
|
---|
436 | }
|
---|
437 | rpasswd = (char *) inp;
|
---|
438 |
|
---|
439 | /*
|
---|
440 | * Check the username and password given.
|
---|
441 | */
|
---|
442 | retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd, rpasswdlen, &msg, &msglen);
|
---|
443 | /* lwip: currently retcode is always UPAP_AUTHACK */
|
---|
444 | BZERO(rpasswd, rpasswdlen);
|
---|
445 |
|
---|
446 | upap_sresp(u, retcode, id, msg, msglen);
|
---|
447 |
|
---|
448 | if (retcode == UPAP_AUTHACK) {
|
---|
449 | u->us_serverstate = UPAPSS_OPEN;
|
---|
450 | auth_peer_success(u->us_unit, PPP_PAP, ruser, ruserlen);
|
---|
451 | } else {
|
---|
452 | u->us_serverstate = UPAPSS_BADAUTH;
|
---|
453 | auth_peer_fail(u->us_unit, PPP_PAP);
|
---|
454 | }
|
---|
455 |
|
---|
456 | if (u->us_reqtimeout > 0) {
|
---|
457 | UNTIMEOUT(upap_reqtimeout, u);
|
---|
458 | }
|
---|
459 | }
|
---|
460 |
|
---|
461 |
|
---|
462 | /*
|
---|
463 | * upap_rauthack - Receive Authenticate-Ack.
|
---|
464 | */
|
---|
465 | static void
|
---|
466 | upap_rauthack(upap_state *u, u_char *inp, int id, int len)
|
---|
467 | {
|
---|
468 | u_char msglen;
|
---|
469 | char *msg;
|
---|
470 |
|
---|
471 | LWIP_UNUSED_ARG(id);
|
---|
472 |
|
---|
473 | UPAPDEBUG(LOG_INFO, ("pap_rauthack: Rcvd id %d s=%d\n", id, u->us_clientstate));
|
---|
474 |
|
---|
475 | if (u->us_clientstate != UPAPCS_AUTHREQ) { /* XXX */
|
---|
476 | UPAPDEBUG(LOG_INFO, ("pap_rauthack: us_clientstate != UPAPCS_AUTHREQ\n"));
|
---|
477 | return;
|
---|
478 | }
|
---|
479 |
|
---|
480 | /*
|
---|
481 | * Parse message.
|
---|
482 | */
|
---|
483 | if (len < (int)sizeof (u_char)) {
|
---|
484 | UPAPDEBUG(LOG_INFO, ("pap_rauthack: ignoring missing msg-length.\n"));
|
---|
485 | } else {
|
---|
486 | GETCHAR(msglen, inp);
|
---|
487 | if (msglen > 0) {
|
---|
488 | len -= sizeof (u_char);
|
---|
489 | if (len < msglen) {
|
---|
490 | UPAPDEBUG(LOG_INFO, ("pap_rauthack: rcvd short packet.\n"));
|
---|
491 | return;
|
---|
492 | }
|
---|
493 | msg = (char *) inp;
|
---|
494 | PRINTMSG(msg, msglen);
|
---|
495 | }
|
---|
496 | }
|
---|
497 | UNTIMEOUT(upap_timeout, u); /* Cancel timeout */
|
---|
498 | u->us_clientstate = UPAPCS_OPEN;
|
---|
499 |
|
---|
500 | auth_withpeer_success(u->us_unit, PPP_PAP);
|
---|
501 | }
|
---|
502 |
|
---|
503 |
|
---|
504 | /*
|
---|
505 | * upap_rauthnak - Receive Authenticate-Nak.
|
---|
506 | */
|
---|
507 | static void
|
---|
508 | upap_rauthnak(upap_state *u, u_char *inp, int id, int len)
|
---|
509 | {
|
---|
510 | u_char msglen;
|
---|
511 | char *msg;
|
---|
512 |
|
---|
513 | LWIP_UNUSED_ARG(id);
|
---|
514 |
|
---|
515 | UPAPDEBUG(LOG_INFO, ("pap_rauthnak: Rcvd id %d s=%d\n", id, u->us_clientstate));
|
---|
516 |
|
---|
517 | if (u->us_clientstate != UPAPCS_AUTHREQ) { /* XXX */
|
---|
518 | return;
|
---|
519 | }
|
---|
520 |
|
---|
521 | /*
|
---|
522 | * Parse message.
|
---|
523 | */
|
---|
524 | if (len < sizeof (u_char)) {
|
---|
525 | UPAPDEBUG(LOG_INFO, ("pap_rauthnak: ignoring missing msg-length.\n"));
|
---|
526 | } else {
|
---|
527 | GETCHAR(msglen, inp);
|
---|
528 | if(msglen > 0) {
|
---|
529 | len -= sizeof (u_char);
|
---|
530 | if (len < msglen) {
|
---|
531 | UPAPDEBUG(LOG_INFO, ("pap_rauthnak: rcvd short packet.\n"));
|
---|
532 | return;
|
---|
533 | }
|
---|
534 | msg = (char *) inp;
|
---|
535 | PRINTMSG(msg, msglen);
|
---|
536 | }
|
---|
537 | }
|
---|
538 |
|
---|
539 | u->us_clientstate = UPAPCS_BADAUTH;
|
---|
540 |
|
---|
541 | UPAPDEBUG(LOG_ERR, ("PAP authentication failed\n"));
|
---|
542 | auth_withpeer_fail(u->us_unit, PPP_PAP);
|
---|
543 | }
|
---|
544 |
|
---|
545 |
|
---|
546 | /*
|
---|
547 | * upap_sauthreq - Send an Authenticate-Request.
|
---|
548 | */
|
---|
549 | static void
|
---|
550 | upap_sauthreq(upap_state *u)
|
---|
551 | {
|
---|
552 | u_char *outp;
|
---|
553 | int outlen;
|
---|
554 |
|
---|
555 | outlen = UPAP_HEADERLEN + 2 * sizeof (u_char)
|
---|
556 | + u->us_userlen + u->us_passwdlen;
|
---|
557 | outp = outpacket_buf[u->us_unit];
|
---|
558 |
|
---|
559 | MAKEHEADER(outp, PPP_PAP);
|
---|
560 |
|
---|
561 | PUTCHAR(UPAP_AUTHREQ, outp);
|
---|
562 | PUTCHAR(++u->us_id, outp);
|
---|
563 | PUTSHORT(outlen, outp);
|
---|
564 | PUTCHAR(u->us_userlen, outp);
|
---|
565 | BCOPY(u->us_user, outp, u->us_userlen);
|
---|
566 | INCPTR(u->us_userlen, outp);
|
---|
567 | PUTCHAR(u->us_passwdlen, outp);
|
---|
568 | BCOPY(u->us_passwd, outp, u->us_passwdlen);
|
---|
569 |
|
---|
570 | pppWrite(u->us_unit, outpacket_buf[u->us_unit], outlen + PPP_HDRLEN);
|
---|
571 |
|
---|
572 | UPAPDEBUG(LOG_INFO, ("pap_sauth: Sent id %d\n", u->us_id));
|
---|
573 |
|
---|
574 | TIMEOUT(upap_timeout, u, u->us_timeouttime);
|
---|
575 | ++u->us_transmits;
|
---|
576 | u->us_clientstate = UPAPCS_AUTHREQ;
|
---|
577 | }
|
---|
578 |
|
---|
579 |
|
---|
580 | /*
|
---|
581 | * upap_sresp - Send a response (ack or nak).
|
---|
582 | */
|
---|
583 | static void
|
---|
584 | upap_sresp(upap_state *u, u_char code, u_char id, char *msg, int msglen)
|
---|
585 | {
|
---|
586 | u_char *outp;
|
---|
587 | int outlen;
|
---|
588 |
|
---|
589 | outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
|
---|
590 | outp = outpacket_buf[u->us_unit];
|
---|
591 | MAKEHEADER(outp, PPP_PAP);
|
---|
592 |
|
---|
593 | PUTCHAR(code, outp);
|
---|
594 | PUTCHAR(id, outp);
|
---|
595 | PUTSHORT(outlen, outp);
|
---|
596 | PUTCHAR(msglen, outp);
|
---|
597 | BCOPY(msg, outp, msglen);
|
---|
598 | pppWrite(u->us_unit, outpacket_buf[u->us_unit], outlen + PPP_HDRLEN);
|
---|
599 |
|
---|
600 | UPAPDEBUG(LOG_INFO, ("pap_sresp: Sent code %d, id %d s=%d\n", code, id, u->us_clientstate));
|
---|
601 | }
|
---|
602 |
|
---|
603 | #if PPP_ADDITIONAL_CALLBACKS
|
---|
604 | static char *upap_codenames[] = {
|
---|
605 | "AuthReq", "AuthAck", "AuthNak"
|
---|
606 | };
|
---|
607 |
|
---|
608 | /*
|
---|
609 | * upap_printpkt - print the contents of a PAP packet.
|
---|
610 | */
|
---|
611 | static int upap_printpkt(
|
---|
612 | u_char *p,
|
---|
613 | int plen,
|
---|
614 | void (*printer) (void *, char *, ...),
|
---|
615 | void *arg
|
---|
616 | )
|
---|
617 | {
|
---|
618 | LWIP_UNUSED_ARG(p);
|
---|
619 | LWIP_UNUSED_ARG(plen);
|
---|
620 | LWIP_UNUSED_ARG(printer);
|
---|
621 | LWIP_UNUSED_ARG(arg);
|
---|
622 | return 0;
|
---|
623 | }
|
---|
624 | #endif /* PPP_ADDITIONAL_CALLBACKS */
|
---|
625 |
|
---|
626 | #endif /* PAP_SUPPORT */
|
---|
627 |
|
---|
628 | #endif /* PPP_SUPPORT */
|
---|