/* * The peer has been successfully authenticated using `protocol'. */ void auth_peer_success(int unit, u16_t protocol, char *name, int namelen) { int pbit; AUTHDEBUG((LOG_INFO, "auth_peer_success: %d proto=%X\n", unit, protocol)); switch (protocol) { case PPP_CHAP: pbit = CHAP_PEER; break; case PPP_PAP: pbit = PAP_PEER; break; default: AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol)); return; } /* * Save the authenticated name of the peer for later. */ if (namelen > sizeof(peer_authname) - 1) { namelen = sizeof(peer_authname) - 1; } BCOPY(name, peer_authname, namelen); peer_authname[namelen] = 0; /* * If there is no more authentication still to be done, * proceed to the network (or callback) phase. */ if ((auth_pending[unit] &= ~pbit) == 0) { network_phase(unit); } }
/* * We have successfully authenticated ourselves with the peer using `protocol'. */ void auth_withpeer_success(int unit, u16_t protocol) { int pbit; AUTHDEBUG((LOG_INFO, "auth_withpeer_success: %d proto=%X\n", unit, protocol)); switch (protocol) { case PPP_CHAP: pbit = CHAP_WITHPEER; break; case PPP_PAP: if (passwd_from_file) { BZERO(ppp_settings.passwd, MAXSECRETLEN); } pbit = PAP_WITHPEER; break; default: AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol)); pbit = 0; } /* * If there is no more authentication still being done, * proceed to the network (or callback) phase. */ if ((auth_pending[unit] &= ~pbit) == 0) { network_phase(unit); } }
/* * We have successfully authenticated ourselves with the peer using `protocol'. */ void auth_withpeer_success(int unit, int protocol) { int bit; switch (protocol) { case PPP_CHAP: bit = CHAP_WITHPEER; break; case PPP_PAP: if (passwd_from_file) BZERO(passwd, MAXSECRETLEN); bit = PAP_WITHPEER; break; default: syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", protocol); bit = 0; } /* * If we have overridden addresses based on auth info * then set that information now before continuing. */ auth_set_ip_addr(unit); /* * If there is no more authentication still being done, * proceed to the network (or callback) phase. */ if ((auth_pending[unit] &= ~bit) == 0) network_phase(unit); }
static void upap_rauthack (void) { if (client_state == PAP_CS_AUTHREQ) { client_state = PAP_CS_OPEN; network_phase(); } }
/* * The link is established. * Proceed to the Dead, Authenticate or Network phase as appropriate. */ void link_established(int unit) { int auth; lcp_options *wo = &lcp_wantoptions[unit]; lcp_options *go = &lcp_gotoptions[unit]; lcp_options *ho = &lcp_hisoptions[unit]; int i; struct protent *protp; /* * Tell higher-level protocols that LCP is up. */ for (i = 0; (protp = protocols[i]) != NULL; ++i) if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL) (*protp->lowerup)(unit); if (auth_required && !(go->neg_chap || go->neg_upap)) { /* * We wanted the peer to authenticate itself, and it refused: * treat it as though it authenticated with PAP using a username * of "" and a password of "". If that's not OK, boot it out. */ if (!wo->neg_upap || !null_login(unit)) { syslog(LOG_WARNING, "peer refused to authenticate"); lcp_close(unit, "peer refused to authenticate"); return; } } phase = PHASE_AUTHENTICATE; auth = 0; if (go->neg_chap) { ChapAuthPeer(unit, our_name, go->chap_mdtype); auth |= CHAP_PEER; } else if (go->neg_upap) { upap_authpeer(unit); auth |= PAP_PEER; } if (ho->neg_chap) { ChapAuthWithPeer(unit, user, ho->chap_mdtype); auth |= CHAP_WITHPEER; } else if (ho->neg_upap) { if (passwd[0] == 0) { passwd_from_file = 1; if (!get_pap_passwd(passwd)) syslog(LOG_ERR, "No secret found for PAP login"); } upap_authwithpeer(unit, user, passwd); auth |= PAP_WITHPEER; } auth_pending[unit] = auth; if (!auth) network_phase(unit); }
/* * The peer has been successfully authenticated using `protocol'. */ void auth_peer_success(int unit, int protocol, char *name, int namelen) { int bit; switch (protocol) { case PPP_CHAP: bit = CHAP_PEER; break; case PPP_PAP: bit = PAP_PEER; break; default: syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", protocol); return; } /* * Save the authenticated name of the peer for later. */ if (namelen > sizeof(peer_authname) - 1) namelen = sizeof(peer_authname) - 1; BCOPY(name, peer_authname, namelen); peer_authname[namelen] = 0; /* * If we have overridden addresses based on auth info * then set that information now before continuing. */ auth_set_ip_addr(unit); script_setenv("PEERNAME", peer_authname); /* * If there is no more authentication still to be done, * proceed to the network (or callback) phase. */ if ((auth_pending[unit] &= ~bit) == 0) network_phase(unit); }
/* * The link is established. * Proceed to the Dead, Authenticate or Network phase as appropriate. */ void link_established(int unit) { int auth; int i; struct protent *protp; lcp_options *wo = &lcp_wantoptions[unit]; lcp_options *go = &lcp_gotoptions[unit]; #if PAP_SUPPORT || CHAP_SUPPORT lcp_options *ho = &lcp_hisoptions[unit]; #endif /* PAP_SUPPORT || CHAP_SUPPORT */ AUTHDEBUG((LOG_INFO, "link_established: %d\n", unit)); /* * Tell higher-level protocols that LCP is up. */ for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) { if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL) { (*protp->lowerup)(unit); } } if (ppp_settings.auth_required && !(go->neg_chap || go->neg_upap)) { /* * We wanted the peer to authenticate itself, and it refused: * treat it as though it authenticated with PAP using a username * of "" and a password of "". If that's not OK, boot it out. */ if (!wo->neg_upap || !null_login(unit)) { AUTHDEBUG((LOG_WARNING, "peer refused to authenticate\n")); lcp_close(unit, "peer refused to authenticate"); return; } } lcp_phase[unit] = PHASE_AUTHENTICATE; auth = 0; #if CHAP_SUPPORT if (go->neg_chap) { ChapAuthPeer(unit, ppp_settings.our_name, go->chap_mdtype); auth |= CHAP_PEER; } #endif /* CHAP_SUPPORT */ #if PAP_SUPPORT && CHAP_SUPPORT else #endif /* PAP_SUPPORT && CHAP_SUPPORT */ #if PAP_SUPPORT if (go->neg_upap) { upap_authpeer(unit); auth |= PAP_PEER; } #endif /* PAP_SUPPORT */ #if CHAP_SUPPORT if (ho->neg_chap) { ChapAuthWithPeer(unit, ppp_settings.user, ho->chap_mdtype); auth |= CHAP_WITHPEER; } #endif /* CHAP_SUPPORT */ #if PAP_SUPPORT && CHAP_SUPPORT else #endif /* PAP_SUPPORT && CHAP_SUPPORT */ #if PAP_SUPPORT if (ho->neg_upap) { if (ppp_settings.passwd[0] == 0) { passwd_from_file = 1; if (!get_pap_passwd(unit, ppp_settings.user, ppp_settings.passwd)) { AUTHDEBUG((LOG_ERR, "No secret found for PAP login\n")); } } upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd); auth |= PAP_WITHPEER; } #endif /* PAP_SUPPORT */ auth_pending[unit] = auth; if (!auth) { network_phase(unit); } }
void link_established (void) { int_t ix; T_PPP_PROTENT *proto; #if defined(LCP_CFG_CHAP) || defined(LCP_CFG_PAP) int auth; #endif /* of #if defined(LCP_CFG_CHAP) || defined(LCP_CFG_PAP) */ /* 上位プロトコルを起動する */ for (ix = 0; (proto = protocols[ix]) != NULL; ix ++) if (proto->lowerup != NULL) (*proto->lowerup)(); /* 認証オプションを確認する。【未実装】*/ ppp_phase = PPP_PHASE_AUTHENTICATE; #if defined(LCP_CFG_CHAP) || defined(LCP_CFG_PAP) auth = 0; #ifdef AUTH_CFG_SERVER #if defined(LCP_CFG_CHAP) if (lcp_local_ack_cfg.options & LCP_CFG_CHAP) { chap_auth_server(); auth |= CHAP_PEND_SERVER; } #endif /* of #if defined(LCP_CFG_CHAP) */ #if defined(LCP_CFG_PAP) if (lcp_local_ack_cfg.options & LCP_CFG_PAP) { upap_auth_server(); auth |= PAP_PEND_SERVER; } #endif /* of #if defined(LCP_CFG_PAP) */ #endif /* of #ifdef AUTH_CFG_SERVER */ #ifdef AUTH_CFG_CLIENT #if defined(LCP_CFG_PAP) if (lcp_remote_ack_cfg.options & LCP_CFG_PAP) { upap_auth_client(); auth |= PAP_PEND_CLIENT; } #endif /* of #if defined(LCP_CFG_PAP) */ #endif /* of #ifdef AUTH_CFG_CLIENT */ if (auth == 0) network_phase(); #else /* of #if defined(LCP_CFG_CHAP) || defined(LCP_CFG_PAP) */ network_phase(); #endif /* of #if defined(LCP_CFG_CHAP) || defined(LCP_CFG_PAP) */ }
static void upap_rauthreq (T_NET_BUF *input) { int16_t cplen; uint8_t *data, *user, ulen, plen, code, id; if (server_state < PAP_SS_LISTEN) return; /* * 再要求があったときの処理 */ id = GET_PPP_CP_HDR(input)->id; if (server_state == PAP_SS_OPEN) { upap_sresp(PAP_AUTHACK, id); return; } if (server_state == PAP_SS_BADAUTH) { upap_sresp(PAP_AUTHNAK, id); return; } cplen = GET_PPP_CP_HDR(input)->len; data = input->buf + sizeof(T_PPP_HDR) + sizeof(T_PPP_CP_HDR); /* * ユーザ名を特定する。 */ ulen = *data; if (cplen < sizeof(T_PPP_CP_HDR) + ulen + sizeof(uint8_t)) { syslog(LOG_WARNING, "[PPP/PAP] bad req len: %d.", cplen); return; } user = ++ data; data += ulen; /* * パスワードを特定する。 */ plen = *data; if (cplen < sizeof(T_PPP_CP_HDR) + ulen + plen + sizeof(uint8_t) * 2) { syslog(LOG_WARNING, "[PPP/PAP] bad req len: %d.", cplen); return; } /* * ユーザ名とパスワードをチェックする。 */ if (compare(user, AUTH_LOCAL_USER, ulen) && compare(data + 1, AUTH_LOCAL_PASSWD, plen)) code = PAP_AUTHACK; else code = PAP_AUTHNAK; upap_sresp(code, id); if (code == PAP_AUTHACK) { network_phase(); server_state = PAP_SS_OPEN; } else { lcp_close(); server_state = PAP_SS_BADAUTH; } #if defined(DEF_PAP_REQTIME) untimeout((FP)upap_reqtimeout, NULL); #endif /* of #if defined(DEF_PAP_REQTIME) */ }