Context Navigation

pap.c@ 167

Last change on this file since 167 was 167, checked in by coas-nagasima, 8 years ago
MIMEにSJISを設定
Property svn:eol-style set to `native` Property svn:keywords set to `Id` Property svn:mime-type set to `text/x-csrc; charset=SHIFT_JIS`
File size: 15.7 KB

Line
1	/*****************************************************************************
2	* pap.c - Network Password Authentication Protocol program file.
3	*
4	* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
5	* portions Copyright (c) 1997 by Global Election Systems Inc.
6	*
7	* The authors hereby grant permission to use, copy, modify, distribute,
8	* and license this software and its documentation for any purpose, provided
9	* that existing copyright notices are retained in all copies and that this
10	* notice and the following disclaimer are included verbatim in any
11	* distributions. No written agreement, license, or royalty fee is required
12	* for any of the authorized uses.
13	*
14	* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS AS IS AND ANY EXPRESS OR
15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17	* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24	*
25	******************************************************************************
26	* REVISION HISTORY
27	*
28	* 03-01-01 Marc Boucher <marc@mbsi.ca>
29	* Ported to lwIP.
30	* 97-12-12 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
31	* Original.
32	*****************************************************************************/
33	/*
34	* upap.c - User/Password Authentication Protocol.
35	*
36	* Copyright (c) 1989 Carnegie Mellon University.
37	* All rights reserved.
38	*
39	* Redistribution and use in source and binary forms are permitted
40	* provided that the above copyright notice and this paragraph are
41	* duplicated in all such forms and that any documentation,
42	* advertising materials, and other materials related to such
43	* distribution and use acknowledge that the software was developed
44	* by Carnegie Mellon University. The name of the
45	* University may not be used to endorse or promote products derived
46	* from this software without specific prior written permission.
47	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
48	* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
49	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
50	*/
51
52	#include "lwip/opt.h"
53
54	#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
55
56	#if PAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
57
58	#include "ppp_impl.h"
59	#include "pppdebug.h"
60
61	#include "auth.h"
62	#include "pap.h"
63
64	#include <string.h>
65
66	#if 0 /* UNUSED */
67	static bool hide_password = 1;
68
69	/*
70	* Command-line options.
71	*/
72	static option_t pap_option_list[] = {
73	{ "hide-password", o_bool, &hide_password,
74	"Don't output passwords to log", 1 },
75	{ "show-password", o_bool, &hide_password,
76	"Show password string in debug log messages", 0 },
77	{ "pap-restart", o_int, &upap[0].us_timeouttime,
78	"Set retransmit timeout for PAP" },
79	{ "pap-max-authreq", o_int, &upap[0].us_maxtransmits,
80	"Set max number of transmissions for auth-reqs" },
81	{ "pap-timeout", o_int, &upap[0].us_reqtimeout,
82	"Set time limit for peer PAP authentication" },
83	{ NULL }
84	};
85	#endif
86
87	/*
88	* Protocol entry points.
89	*/
90	static void upap_init (int);
91	static void upap_lowerup (int);
92	static void upap_lowerdown (int);
93	static void upap_input (int, u_char *, int);
94	static void upap_protrej (int);
95	#if PPP_ADDITIONAL_CALLBACKS
96	static int upap_printpkt (u_char , int, void ()(void , char , ...), void *);
97	#endif /* PPP_ADDITIONAL_CALLBACKS */
98
99	struct protent pap_protent = {
100	PPP_PAP,
101	upap_init,
102	upap_input,
103	upap_protrej,
104	upap_lowerup,
105	upap_lowerdown,
106	NULL,
107	NULL,
108	#if PPP_ADDITIONAL_CALLBACKS
109	upap_printpkt,
110	NULL,
111	#endif /* PPP_ADDITIONAL_CALLBACKS */
112	1,
113	"PAP",
114	#if PPP_ADDITIONAL_CALLBACKS
115	NULL,
116	NULL,
117	NULL
118	#endif /* PPP_ADDITIONAL_CALLBACKS */
119	};
120
121	upap_state upap[NUM_PPP]; /* UPAP state; one for each unit */
122
123	static void upap_timeout (void *);
124	static void upap_reqtimeout(void *);
125	static void upap_rauthreq (upap_state , u_char , u_char, int);
126	static void upap_rauthack (upap_state , u_char , int, int);
127	static void upap_rauthnak (upap_state , u_char , int, int);
128	static void upap_sauthreq (upap_state *);
129	static void upap_sresp (upap_state , u_char, u_char, char , int);
130
131
132	/*
133	* upap_init - Initialize a UPAP unit.
134	*/
135	static void
136	upap_init(int unit)
137	{
138	upap_state *u = &upap[unit];
139
140	UPAPDEBUG(LOG_INFO, ("upap_init: %d\n", unit));
141	u->us_unit = unit;
142	u->us_user = NULL;
143	u->us_userlen = 0;
144	u->us_passwd = NULL;
145	u->us_passwdlen = 0;
146	u->us_clientstate = UPAPCS_INITIAL;
147	u->us_serverstate = UPAPSS_INITIAL;
148	u->us_id = 0;
149	u->us_timeouttime = UPAP_DEFTIMEOUT;
150	u->us_maxtransmits = 10;
151	u->us_reqtimeout = UPAP_DEFREQTIME;
152	}
153
154	/*
155	* upap_authwithpeer - Authenticate us with our peer (start client).
156	*
157	* Set new state and send authenticate's.
158	*/
159	void
160	upap_authwithpeer(int unit, char user, char password)
161	{
162	upap_state *u = &upap[unit];
163
164	UPAPDEBUG(LOG_INFO, ("upap_authwithpeer: %d user=%s password=%s s=%d\n",
165	unit, user, password, u->us_clientstate));
166
167	/* Save the username and password we're given */
168	u->us_user = user;
169	u->us_userlen = (int)strlen(user);
170	u->us_passwd = password;
171	u->us_passwdlen = (int)strlen(password);
172
173	u->us_transmits = 0;
174
175	/* Lower layer up yet? */
176	if (u->us_clientstate == UPAPCS_INITIAL \|\|
177	u->us_clientstate == UPAPCS_PENDING) {
178	u->us_clientstate = UPAPCS_PENDING;
179	return;
180	}
181
182	upap_sauthreq(u); /* Start protocol */
183	}
184
185
186	/*
187	* upap_authpeer - Authenticate our peer (start server).
188	*
189	* Set new state.
190	*/
191	void
192	upap_authpeer(int unit)
193	{
194	upap_state *u = &upap[unit];
195
196	/* Lower layer up yet? */
197	if (u->us_serverstate == UPAPSS_INITIAL \|\|
198	u->us_serverstate == UPAPSS_PENDING) {
199	u->us_serverstate = UPAPSS_PENDING;
200	return;
201	}
202
203	u->us_serverstate = UPAPSS_LISTEN;
204	if (u->us_reqtimeout > 0) {
205	TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
206	}
207	}
208
209	/*
210	* upap_timeout - Retransmission timer for sending auth-reqs expired.
211	*/
212	static void
213	upap_timeout(void *arg)
214	{
215	upap_state u = (upap_state ) arg;
216
217	UPAPDEBUG(LOG_INFO, ("upap_timeout: %d timeout %d expired s=%d\n",
218	u->us_unit, u->us_timeouttime, u->us_clientstate));
219
220	if (u->us_clientstate != UPAPCS_AUTHREQ) {
221	UPAPDEBUG(LOG_INFO, ("upap_timeout: not in AUTHREQ state!\n"));
222	return;
223	}
224
225	if (u->us_transmits >= u->us_maxtransmits) {
226	/* give up in disgust */
227	UPAPDEBUG(LOG_ERR, ("No response to PAP authenticate-requests\n"));
228	u->us_clientstate = UPAPCS_BADAUTH;
229	auth_withpeer_fail(u->us_unit, PPP_PAP);
230	return;
231	}
232
233	upap_sauthreq(u); /* Send Authenticate-Request and set upap timeout*/
234	}
235
236
237	/*
238	* upap_reqtimeout - Give up waiting for the peer to send an auth-req.
239	*/
240	static void
241	upap_reqtimeout(void *arg)
242	{
243	upap_state u = (upap_state ) arg;
244
245	if (u->us_serverstate != UPAPSS_LISTEN) {
246	return; /* huh?? */
247	}
248
249	auth_peer_fail(u->us_unit, PPP_PAP);
250	u->us_serverstate = UPAPSS_BADAUTH;
251	}
252
253
254	/*
255	* upap_lowerup - The lower layer is up.
256	*
257	* Start authenticating if pending.
258	*/
259	static void
260	upap_lowerup(int unit)
261	{
262	upap_state *u = &upap[unit];
263
264	UPAPDEBUG(LOG_INFO, ("upap_lowerup: init %d clientstate s=%d\n", unit, u->us_clientstate));
265
266	if (u->us_clientstate == UPAPCS_INITIAL) {
267	u->us_clientstate = UPAPCS_CLOSED;
268	} else if (u->us_clientstate == UPAPCS_PENDING) {
269	upap_sauthreq(u); /* send an auth-request */
270	/* now client state is UPAPCS__AUTHREQ */
271	}
272
273	if (u->us_serverstate == UPAPSS_INITIAL) {
274	u->us_serverstate = UPAPSS_CLOSED;
275	} else if (u->us_serverstate == UPAPSS_PENDING) {
276	u->us_serverstate = UPAPSS_LISTEN;
277	if (u->us_reqtimeout > 0) {
278	TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
279	}
280	}
281	}
282
283
284	/*
285	* upap_lowerdown - The lower layer is down.
286	*
287	* Cancel all timeouts.
288	*/
289	static void
290	upap_lowerdown(int unit)
291	{
292	upap_state *u = &upap[unit];
293
294	UPAPDEBUG(LOG_INFO, ("upap_lowerdown: %d s=%d\n", unit, u->us_clientstate));
295
296	if (u->us_clientstate == UPAPCS_AUTHREQ) { /* Timeout pending? */
297	UNTIMEOUT(upap_timeout, u); /* Cancel timeout */
298	}
299	if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0) {
300	UNTIMEOUT(upap_reqtimeout, u);
301	}
302
303	u->us_clientstate = UPAPCS_INITIAL;
304	u->us_serverstate = UPAPSS_INITIAL;
305	}
306
307
308	/*
309	* upap_protrej - Peer doesn't speak this protocol.
310	*
311	* This shouldn't happen. In any case, pretend lower layer went down.
312	*/
313	static void
314	upap_protrej(int unit)
315	{
316	upap_state *u = &upap[unit];
317
318	if (u->us_clientstate == UPAPCS_AUTHREQ) {
319	UPAPDEBUG(LOG_ERR, ("PAP authentication failed due to protocol-reject\n"));
320	auth_withpeer_fail(unit, PPP_PAP);
321	}
322	if (u->us_serverstate == UPAPSS_LISTEN) {
323	UPAPDEBUG(LOG_ERR, ("PAP authentication of peer failed (protocol-reject)\n"));
324	auth_peer_fail(unit, PPP_PAP);
325	}
326	upap_lowerdown(unit);
327	}
328
329
330	/*
331	* upap_input - Input UPAP packet.
332	*/
333	static void
334	upap_input(int unit, u_char *inpacket, int l)
335	{
336	upap_state *u = &upap[unit];
337	u_char *inp;
338	u_char code, id;
339	int len;
340
341	/*
342	* Parse header (code, id and length).
343	* If packet too short, drop it.
344	*/
345	inp = inpacket;
346	if (l < (int)UPAP_HEADERLEN) {
347	UPAPDEBUG(LOG_INFO, ("pap_input: rcvd short header.\n"));
348	return;
349	}
350	GETCHAR(code, inp);
351	GETCHAR(id, inp);
352	GETSHORT(len, inp);
353	if (len < (int)UPAP_HEADERLEN) {
354	UPAPDEBUG(LOG_INFO, ("pap_input: rcvd illegal length.\n"));
355	return;
356	}
357	if (len > l) {
358	UPAPDEBUG(LOG_INFO, ("pap_input: rcvd short packet.\n"));
359	return;
360	}
361	len -= UPAP_HEADERLEN;
362
363	/*
364	* Action depends on code.
365	*/
366	switch (code) {
367	case UPAP_AUTHREQ:
368	upap_rauthreq(u, inp, id, len);
369	break;
370
371	case UPAP_AUTHACK:
372	upap_rauthack(u, inp, id, len);
373	break;
374
375	case UPAP_AUTHNAK:
376	upap_rauthnak(u, inp, id, len);
377	break;
378
379	default: /* XXX Need code reject */
380	UPAPDEBUG(LOG_INFO, ("pap_input: UNHANDLED default: code: %d, id: %d, len: %d.\n", code, id, len));
381	break;
382	}
383	}
384
385
386	/*
387	* upap_rauth - Receive Authenticate.
388	*/
389	static void
390	upap_rauthreq(upap_state u, u_char inp, u_char id, int len)
391	{
392	u_char ruserlen, rpasswdlen;
393	char ruser, rpasswd;
394	u_char retcode;
395	char *msg;
396	int msglen;
397
398	UPAPDEBUG(LOG_INFO, ("pap_rauth: Rcvd id %d.\n", id));
399
400	if (u->us_serverstate < UPAPSS_LISTEN) {
401	return;
402	}
403
404	/*
405	* If we receive a duplicate authenticate-request, we are
406	* supposed to return the same status as for the first request.
407	*/
408	if (u->us_serverstate == UPAPSS_OPEN) {
409	upap_sresp(u, UPAP_AUTHACK, id, "", 0); /* return auth-ack */
410	return;
411	}
412	if (u->us_serverstate == UPAPSS_BADAUTH) {
413	upap_sresp(u, UPAP_AUTHNAK, id, "", 0); /* return auth-nak */
414	return;
415	}
416
417	/*
418	* Parse user/passwd.
419	*/
420	if (len < (int)sizeof (u_char)) {
421	UPAPDEBUG(LOG_INFO, ("pap_rauth: rcvd short packet.\n"));
422	return;
423	}
424	GETCHAR(ruserlen, inp);
425	len -= sizeof (u_char) + ruserlen + sizeof (u_char);
426	if (len < 0) {
427	UPAPDEBUG(LOG_INFO, ("pap_rauth: rcvd short packet.\n"));
428	return;
429	}
430	ruser = (char *) inp;
431	INCPTR(ruserlen, inp);
432	GETCHAR(rpasswdlen, inp);
433	if (len < rpasswdlen) {
434	UPAPDEBUG(LOG_INFO, ("pap_rauth: rcvd short packet.\n"));
435	return;
436	}
437	rpasswd = (char *) inp;
438
439	/*
440	* Check the username and password given.
441	*/
442	retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd, rpasswdlen, &msg, &msglen);
443	/* lwip: currently retcode is always UPAP_AUTHACK */
444	BZERO(rpasswd, rpasswdlen);
445
446	upap_sresp(u, retcode, id, msg, msglen);
447
448	if (retcode == UPAP_AUTHACK) {
449	u->us_serverstate = UPAPSS_OPEN;
450	auth_peer_success(u->us_unit, PPP_PAP, ruser, ruserlen);
451	} else {
452	u->us_serverstate = UPAPSS_BADAUTH;
453	auth_peer_fail(u->us_unit, PPP_PAP);
454	}
455
456	if (u->us_reqtimeout > 0) {
457	UNTIMEOUT(upap_reqtimeout, u);
458	}
459	}
460
461
462	/*
463	* upap_rauthack - Receive Authenticate-Ack.
464	*/
465	static void
466	upap_rauthack(upap_state u, u_char inp, int id, int len)
467	{
468	u_char msglen;
469	char *msg;
470
471	LWIP_UNUSED_ARG(id);
472
473	UPAPDEBUG(LOG_INFO, ("pap_rauthack: Rcvd id %d s=%d\n", id, u->us_clientstate));
474
475	if (u->us_clientstate != UPAPCS_AUTHREQ) { /* XXX */
476	UPAPDEBUG(LOG_INFO, ("pap_rauthack: us_clientstate != UPAPCS_AUTHREQ\n"));
477	return;
478	}
479
480	/*
481	* Parse message.
482	*/
483	if (len < (int)sizeof (u_char)) {
484	UPAPDEBUG(LOG_INFO, ("pap_rauthack: ignoring missing msg-length.\n"));
485	} else {
486	GETCHAR(msglen, inp);
487	if (msglen > 0) {
488	len -= sizeof (u_char);
489	if (len < msglen) {
490	UPAPDEBUG(LOG_INFO, ("pap_rauthack: rcvd short packet.\n"));
491	return;
492	}
493	msg = (char *) inp;
494	PRINTMSG(msg, msglen);
495	}
496	}
497	UNTIMEOUT(upap_timeout, u); /* Cancel timeout */
498	u->us_clientstate = UPAPCS_OPEN;
499
500	auth_withpeer_success(u->us_unit, PPP_PAP);
501	}
502
503
504	/*
505	* upap_rauthnak - Receive Authenticate-Nak.
506	*/
507	static void
508	upap_rauthnak(upap_state u, u_char inp, int id, int len)
509	{
510	u_char msglen;
511	char *msg;
512
513	LWIP_UNUSED_ARG(id);
514
515	UPAPDEBUG(LOG_INFO, ("pap_rauthnak: Rcvd id %d s=%d\n", id, u->us_clientstate));
516
517	if (u->us_clientstate != UPAPCS_AUTHREQ) { /* XXX */
518	return;
519	}
520
521	/*
522	* Parse message.
523	*/
524	if (len < sizeof (u_char)) {
525	UPAPDEBUG(LOG_INFO, ("pap_rauthnak: ignoring missing msg-length.\n"));
526	} else {
527	GETCHAR(msglen, inp);
528	if(msglen > 0) {
529	len -= sizeof (u_char);
530	if (len < msglen) {
531	UPAPDEBUG(LOG_INFO, ("pap_rauthnak: rcvd short packet.\n"));
532	return;
533	}
534	msg = (char *) inp;
535	PRINTMSG(msg, msglen);
536	}
537	}
538
539	u->us_clientstate = UPAPCS_BADAUTH;
540
541	UPAPDEBUG(LOG_ERR, ("PAP authentication failed\n"));
542	auth_withpeer_fail(u->us_unit, PPP_PAP);
543	}
544
545
546	/*
547	* upap_sauthreq - Send an Authenticate-Request.
548	*/
549	static void
550	upap_sauthreq(upap_state *u)
551	{
552	u_char *outp;
553	int outlen;
554
555	outlen = UPAP_HEADERLEN + 2 * sizeof (u_char)
556	+ u->us_userlen + u->us_passwdlen;
557	outp = outpacket_buf[u->us_unit];
558
559	MAKEHEADER(outp, PPP_PAP);
560
561	PUTCHAR(UPAP_AUTHREQ, outp);
562	PUTCHAR(++u->us_id, outp);
563	PUTSHORT(outlen, outp);
564	PUTCHAR(u->us_userlen, outp);
565	BCOPY(u->us_user, outp, u->us_userlen);
566	INCPTR(u->us_userlen, outp);
567	PUTCHAR(u->us_passwdlen, outp);
568	BCOPY(u->us_passwd, outp, u->us_passwdlen);
569
570	pppWrite(u->us_unit, outpacket_buf[u->us_unit], outlen + PPP_HDRLEN);
571
572	UPAPDEBUG(LOG_INFO, ("pap_sauth: Sent id %d\n", u->us_id));
573
574	TIMEOUT(upap_timeout, u, u->us_timeouttime);
575	++u->us_transmits;
576	u->us_clientstate = UPAPCS_AUTHREQ;
577	}
578
579
580	/*
581	* upap_sresp - Send a response (ack or nak).
582	*/
583	static void
584	upap_sresp(upap_state u, u_char code, u_char id, char msg, int msglen)
585	{
586	u_char *outp;
587	int outlen;
588
589	outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
590	outp = outpacket_buf[u->us_unit];
591	MAKEHEADER(outp, PPP_PAP);
592
593	PUTCHAR(code, outp);
594	PUTCHAR(id, outp);
595	PUTSHORT(outlen, outp);
596	PUTCHAR(msglen, outp);
597	BCOPY(msg, outp, msglen);
598	pppWrite(u->us_unit, outpacket_buf[u->us_unit], outlen + PPP_HDRLEN);
599
600	UPAPDEBUG(LOG_INFO, ("pap_sresp: Sent code %d, id %d s=%d\n", code, id, u->us_clientstate));
601	}
602
603	#if PPP_ADDITIONAL_CALLBACKS
604	static char *upap_codenames[] = {
605	"AuthReq", "AuthAck", "AuthNak"
606	};
607
608	/*
609	* upap_printpkt - print the contents of a PAP packet.
610	*/
611	static int upap_printpkt(
612	u_char *p,
613	int plen,
614	void (printer) (void , char *, ...),
615	void *arg
616	)
617	{
618	LWIP_UNUSED_ARG(p);
619	LWIP_UNUSED_ARG(plen);
620	LWIP_UNUSED_ARG(printer);
621	LWIP_UNUSED_ARG(arg);
622	return 0;
623	}
624	#endif /* PPP_ADDITIONAL_CALLBACKS */
625
626	#endif /* PAP_SUPPORT */
627
628	#endif /* PPP_SUPPORT */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: UsbWattMeter/trunk/lwip-1.4.1/src/netif/ppp/pap.c@ 167

Download in other formats: