/*
* The peer has been successfully authenticated using `protocol'.
*/
void
auth_peer_success(int unit, u16_t protocol, char *name, int namelen)
{
int pbit;
AUTHDEBUG((LOG_INFO, "auth_peer_success: %d proto=%X\n", unit, protocol));
switch (protocol) {
case PPP_CHAP:
pbit = CHAP_PEER;
break;
case PPP_PAP:
pbit = PAP_PEER;
break;
default:
AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol));
return;
}
/*
* Save the authenticated name of the peer for later.
*/
if (namelen > sizeof(peer_authname) - 1) {
namelen = sizeof(peer_authname) - 1;
}
BCOPY(name, peer_authname, namelen);
peer_authname[namelen] = 0;
/*
* If there is no more authentication still to be done,
* proceed to the network (or callback) phase.
*/
if ((auth_pending[unit] &= ~pbit) == 0) {
network_phase(unit);
}
}
/*
* We have successfully authenticated ourselves with the peer using `protocol'.
*/
void
auth_withpeer_success(int unit, u16_t protocol)
{
int pbit;
AUTHDEBUG((LOG_INFO, "auth_withpeer_success: %d proto=%X\n", unit, protocol));
switch (protocol) {
case PPP_CHAP:
pbit = CHAP_WITHPEER;
break;
case PPP_PAP:
if (passwd_from_file) {
BZERO(ppp_settings.passwd, MAXSECRETLEN);
}
pbit = PAP_WITHPEER;
break;
default:
AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol));
pbit = 0;
}
/*
* If there is no more authentication still being done,
* proceed to the network (or callback) phase.
*/
if ((auth_pending[unit] &= ~pbit) == 0) {
network_phase(unit);
}
}
/*
* We have successfully authenticated ourselves with the peer using `protocol'.
*/
void
auth_withpeer_success(int unit, int protocol)
{
int bit;
switch (protocol) {
case PPP_CHAP:
bit = CHAP_WITHPEER;
break;
case PPP_PAP:
if (passwd_from_file)
BZERO(passwd, MAXSECRETLEN);
bit = PAP_WITHPEER;
break;
default:
syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x",
protocol);
bit = 0;
}
/*
* If we have overridden addresses based on auth info
* then set that information now before continuing.
*/
auth_set_ip_addr(unit);
/*
* If there is no more authentication still being done,
* proceed to the network (or callback) phase.
*/
if ((auth_pending[unit] &= ~bit) == 0)
network_phase(unit);
}
static void
upap_rauthack (void)
{
if (client_state == PAP_CS_AUTHREQ) {
client_state = PAP_CS_OPEN;
network_phase();
}
}
/*
* The link is established.
* Proceed to the Dead, Authenticate or Network phase as appropriate.
*/
void
link_established(int unit)
{
int auth;
lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ho = &lcp_hisoptions[unit];
int i;
struct protent *protp;
/*
* Tell higher-level protocols that LCP is up.
*/
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->protocol != PPP_LCP && protp->enabled_flag
&& protp->lowerup != NULL)
(*protp->lowerup)(unit);
if (auth_required && !(go->neg_chap || go->neg_upap)) {
/*
* We wanted the peer to authenticate itself, and it refused:
* treat it as though it authenticated with PAP using a username
* of "" and a password of "". If that's not OK, boot it out.
*/
if (!wo->neg_upap || !null_login(unit)) {
syslog(LOG_WARNING, "peer refused to authenticate");
lcp_close(unit, "peer refused to authenticate");
return;
}
}
phase = PHASE_AUTHENTICATE;
auth = 0;
if (go->neg_chap) {
ChapAuthPeer(unit, our_name, go->chap_mdtype);
auth |= CHAP_PEER;
} else if (go->neg_upap) {
upap_authpeer(unit);
auth |= PAP_PEER;
}
if (ho->neg_chap) {
ChapAuthWithPeer(unit, user, ho->chap_mdtype);
auth |= CHAP_WITHPEER;
} else if (ho->neg_upap) {
if (passwd[0] == 0) {
passwd_from_file = 1;
if (!get_pap_passwd(passwd))
syslog(LOG_ERR, "No secret found for PAP login");
}
upap_authwithpeer(unit, user, passwd);
auth |= PAP_WITHPEER;
}
auth_pending[unit] = auth;
if (!auth)
network_phase(unit);
}
/*
* The peer has been successfully authenticated using `protocol'.
*/
void
auth_peer_success(int unit, int protocol, char *name, int namelen)
{
int bit;
switch (protocol) {
case PPP_CHAP:
bit = CHAP_PEER;
break;
case PPP_PAP:
bit = PAP_PEER;
break;
default:
syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x",
protocol);
return;
}
/*
* Save the authenticated name of the peer for later.
*/
if (namelen > sizeof(peer_authname) - 1)
namelen = sizeof(peer_authname) - 1;
BCOPY(name, peer_authname, namelen);
peer_authname[namelen] = 0;
/*
* If we have overridden addresses based on auth info
* then set that information now before continuing.
*/
auth_set_ip_addr(unit);
script_setenv("PEERNAME", peer_authname);
/*
* If there is no more authentication still to be done,
* proceed to the network (or callback) phase.
*/
if ((auth_pending[unit] &= ~bit) == 0)
network_phase(unit);
}
/*
* The link is established.
* Proceed to the Dead, Authenticate or Network phase as appropriate.
*/
void
link_established(int unit)
{
int auth;
int i;
struct protent *protp;
lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit];
#if PAP_SUPPORT || CHAP_SUPPORT
lcp_options *ho = &lcp_hisoptions[unit];
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
AUTHDEBUG((LOG_INFO, "link_established: %d\n", unit));
/*
* Tell higher-level protocols that LCP is up.
*/
for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL) {
(*protp->lowerup)(unit);
}
}
if (ppp_settings.auth_required && !(go->neg_chap || go->neg_upap)) {
/*
* We wanted the peer to authenticate itself, and it refused:
* treat it as though it authenticated with PAP using a username
* of "" and a password of "". If that's not OK, boot it out.
*/
if (!wo->neg_upap || !null_login(unit)) {
AUTHDEBUG((LOG_WARNING, "peer refused to authenticate\n"));
lcp_close(unit, "peer refused to authenticate");
return;
}
}
lcp_phase[unit] = PHASE_AUTHENTICATE;
auth = 0;
#if CHAP_SUPPORT
if (go->neg_chap) {
ChapAuthPeer(unit, ppp_settings.our_name, go->chap_mdtype);
auth |= CHAP_PEER;
}
#endif /* CHAP_SUPPORT */
#if PAP_SUPPORT && CHAP_SUPPORT
else
#endif /* PAP_SUPPORT && CHAP_SUPPORT */
#if PAP_SUPPORT
if (go->neg_upap) {
upap_authpeer(unit);
auth |= PAP_PEER;
}
#endif /* PAP_SUPPORT */
#if CHAP_SUPPORT
if (ho->neg_chap) {
ChapAuthWithPeer(unit, ppp_settings.user, ho->chap_mdtype);
auth |= CHAP_WITHPEER;
}
#endif /* CHAP_SUPPORT */
#if PAP_SUPPORT && CHAP_SUPPORT
else
#endif /* PAP_SUPPORT && CHAP_SUPPORT */
#if PAP_SUPPORT
if (ho->neg_upap) {
if (ppp_settings.passwd[0] == 0) {
passwd_from_file = 1;
if (!get_pap_passwd(unit, ppp_settings.user, ppp_settings.passwd)) {
AUTHDEBUG((LOG_ERR, "No secret found for PAP login\n"));
}
}
upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd);
auth |= PAP_WITHPEER;
}
#endif /* PAP_SUPPORT */
auth_pending[unit] = auth;
if (!auth) {
network_phase(unit);
}
}
void
link_established (void)
{
int_t ix;
T_PPP_PROTENT *proto;
#if defined(LCP_CFG_CHAP) || defined(LCP_CFG_PAP)
int auth;
#endif /* of #if defined(LCP_CFG_CHAP) || defined(LCP_CFG_PAP) */
/* 上位プロトコルを起動する */
for (ix = 0; (proto = protocols[ix]) != NULL; ix ++)
if (proto->lowerup != NULL)
(*proto->lowerup)();
/* 認証オプションを確認する。【未実装】*/
ppp_phase = PPP_PHASE_AUTHENTICATE;
#if defined(LCP_CFG_CHAP) || defined(LCP_CFG_PAP)
auth = 0;
#ifdef AUTH_CFG_SERVER
#if defined(LCP_CFG_CHAP)
if (lcp_local_ack_cfg.options & LCP_CFG_CHAP) {
chap_auth_server();
auth |= CHAP_PEND_SERVER;
}
#endif /* of #if defined(LCP_CFG_CHAP) */
#if defined(LCP_CFG_PAP)
if (lcp_local_ack_cfg.options & LCP_CFG_PAP) {
upap_auth_server();
auth |= PAP_PEND_SERVER;
}
#endif /* of #if defined(LCP_CFG_PAP) */
#endif /* of #ifdef AUTH_CFG_SERVER */
#ifdef AUTH_CFG_CLIENT
#if defined(LCP_CFG_PAP)
if (lcp_remote_ack_cfg.options & LCP_CFG_PAP) {
upap_auth_client();
auth |= PAP_PEND_CLIENT;
}
#endif /* of #if defined(LCP_CFG_PAP) */
#endif /* of #ifdef AUTH_CFG_CLIENT */
if (auth == 0)
network_phase();
#else /* of #if defined(LCP_CFG_CHAP) || defined(LCP_CFG_PAP) */
network_phase();
#endif /* of #if defined(LCP_CFG_CHAP) || defined(LCP_CFG_PAP) */
}
static void
upap_rauthreq (T_NET_BUF *input)
{
int16_t cplen;
uint8_t *data, *user, ulen, plen, code, id;
if (server_state < PAP_SS_LISTEN)
return;
/*
* 再要求があったときの処理
*/
id = GET_PPP_CP_HDR(input)->id;
if (server_state == PAP_SS_OPEN) {
upap_sresp(PAP_AUTHACK, id);
return;
}
if (server_state == PAP_SS_BADAUTH) {
upap_sresp(PAP_AUTHNAK, id);
return;
}
cplen = GET_PPP_CP_HDR(input)->len;
data = input->buf + sizeof(T_PPP_HDR) + sizeof(T_PPP_CP_HDR);
/*
* ユーザ名を特定する。
*/
ulen = *data;
if (cplen < sizeof(T_PPP_CP_HDR) + ulen + sizeof(uint8_t)) {
syslog(LOG_WARNING, "[PPP/PAP] bad req len: %d.", cplen);
return;
}
user = ++ data;
data += ulen;
/*
* パスワードを特定する。
*/
plen = *data;
if (cplen < sizeof(T_PPP_CP_HDR) + ulen + plen + sizeof(uint8_t) * 2) {
syslog(LOG_WARNING, "[PPP/PAP] bad req len: %d.", cplen);
return;
}
/*
* ユーザ名とパスワードをチェックする。
*/
if (compare(user, AUTH_LOCAL_USER, ulen) &&
compare(data + 1, AUTH_LOCAL_PASSWD, plen))
code = PAP_AUTHACK;
else
code = PAP_AUTHNAK;
upap_sresp(code, id);
if (code == PAP_AUTHACK) {
network_phase();
server_state = PAP_SS_OPEN;
}
else {
lcp_close();
server_state = PAP_SS_BADAUTH;
}
#if defined(DEF_PAP_REQTIME)
untimeout((FP)upap_reqtimeout, NULL);
#endif /* of #if defined(DEF_PAP_REQTIME) */
}
