1 /* 2 * upap.c - User/Password Authentication Protocol. 3 * 4 * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 18 * 3. The name "Carnegie Mellon University" must not be used to 19 * endorse or promote products derived from this software without 20 * prior written permission. For permission or any legal 21 * details, please contact 22 * Office of Technology Transfer 23 * Carnegie Mellon University 24 * 5000 Forbes Avenue 25 * Pittsburgh, PA 15213-3890 26 * (412) 268-4387, fax: (412) 268-7395 27 * tech-transfer (at) andrew.cmu.edu 28 * 29 * 4. Redistributions of any form whatsoever must retain the following 30 * acknowledgment: 31 * "This product includes software developed by Computing Services 32 * at Carnegie Mellon University (http://www.cmu.edu/computing/)." 33 * 34 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 35 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 36 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 37 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 38 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 39 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 40 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 41 */ 42 43 #define RCSID "$Id: upap.c,v 1.30 2005/07/13 10:41:58 paulus Exp $" 44 45 /* 46 * TODO: 47 */ 48 49 #include <stdio.h> 50 #include <string.h> 51 52 #include "pppd.h" 53 #include "upap.h" 54 55 static const char rcsid[] = RCSID; 56 57 static bool hide_password = 1; 58 59 /* 60 * Command-line options. 61 */ 62 static option_t pap_option_list[] = { 63 { "hide-password", o_bool, &hide_password, 64 "Don't output passwords to log", OPT_PRIO | 1 }, 65 { "show-password", o_bool, &hide_password, 66 "Show password string in debug log messages", OPT_PRIOSUB | 0 }, 67 68 { "pap-restart", o_int, &upap[0].us_timeouttime, 69 "Set retransmit timeout for PAP", OPT_PRIO }, 70 { "pap-max-authreq", o_int, &upap[0].us_maxtransmits, 71 "Set max number of transmissions for auth-reqs", OPT_PRIO }, 72 { "pap-timeout", o_int, &upap[0].us_reqtimeout, 73 "Set time limit for peer PAP authentication", OPT_PRIO }, 74 75 { NULL } 76 }; 77 78 /* 79 * Protocol entry points. 80 */ 81 static void upap_init __P((int)); 82 static void upap_lowerup __P((int)); 83 static void upap_lowerdown __P((int)); 84 static void upap_input __P((int, u_char *, int)); 85 static void upap_protrej __P((int)); 86 static int upap_printpkt __P((u_char *, int, 87 void (*) __P((void *, char *, ...)), void *)); 88 89 struct protent pap_protent = { 90 PPP_PAP, 91 upap_init, 92 upap_input, 93 upap_protrej, 94 upap_lowerup, 95 upap_lowerdown, 96 NULL, 97 NULL, 98 upap_printpkt, 99 NULL, 100 1, 101 "PAP", 102 NULL, 103 pap_option_list, 104 NULL, 105 NULL, 106 NULL 107 }; 108 109 upap_state upap[NUM_PPP]; /* UPAP state; one for each unit */ 110 111 static void upap_timeout __P((void *)); 112 static void upap_reqtimeout __P((void *)); 113 static void upap_rauthreq __P((upap_state *, u_char *, int, int)); 114 static void upap_rauthack __P((upap_state *, u_char *, int, int)); 115 static void upap_rauthnak __P((upap_state *, u_char *, int, int)); 116 static void upap_sauthreq __P((upap_state *)); 117 static void upap_sresp __P((upap_state *, int, int, char *, int)); 118 119 120 /* 121 * upap_init - Initialize a UPAP unit. 122 */ 123 static void 124 upap_init(unit) 125 int unit; 126 { 127 upap_state *u = &upap[unit]; 128 129 u->us_unit = unit; 130 u->us_user = NULL; 131 u->us_userlen = 0; 132 u->us_passwd = NULL; 133 u->us_passwdlen = 0; 134 u->us_clientstate = UPAPCS_INITIAL; 135 u->us_serverstate = UPAPSS_INITIAL; 136 u->us_id = 0; 137 u->us_timeouttime = UPAP_DEFTIMEOUT; 138 u->us_maxtransmits = 10; 139 u->us_reqtimeout = UPAP_DEFREQTIME; 140 } 141 142 143 /* 144 * upap_authwithpeer - Authenticate us with our peer (start client). 145 * 146 * Set new state and send authenticate's. 147 */ 148 void 149 upap_authwithpeer(unit, user, password) 150 int unit; 151 char *user, *password; 152 { 153 upap_state *u = &upap[unit]; 154 155 /* Save the username and password we're given */ 156 u->us_user = user; 157 u->us_userlen = strlen(user); 158 u->us_passwd = password; 159 u->us_passwdlen = strlen(password); 160 u->us_transmits = 0; 161 162 /* Lower layer up yet? */ 163 if (u->us_clientstate == UPAPCS_INITIAL || 164 u->us_clientstate == UPAPCS_PENDING) { 165 u->us_clientstate = UPAPCS_PENDING; 166 return; 167 } 168 169 upap_sauthreq(u); /* Start protocol */ 170 } 171 172 173 /* 174 * upap_authpeer - Authenticate our peer (start server). 175 * 176 * Set new state. 177 */ 178 void 179 upap_authpeer(unit) 180 int unit; 181 { 182 upap_state *u = &upap[unit]; 183 184 /* Lower layer up yet? */ 185 if (u->us_serverstate == UPAPSS_INITIAL || 186 u->us_serverstate == UPAPSS_PENDING) { 187 u->us_serverstate = UPAPSS_PENDING; 188 return; 189 } 190 191 u->us_serverstate = UPAPSS_LISTEN; 192 if (u->us_reqtimeout > 0) 193 TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout); 194 } 195 196 197 /* 198 * upap_timeout - Retransmission timer for sending auth-reqs expired. 199 */ 200 static void 201 upap_timeout(arg) 202 void *arg; 203 { 204 upap_state *u = (upap_state *) arg; 205 206 if (u->us_clientstate != UPAPCS_AUTHREQ) 207 return; 208 209 if (u->us_transmits >= u->us_maxtransmits) { 210 /* give up in disgust */ 211 error("No response to PAP authenticate-requests"); 212 u->us_clientstate = UPAPCS_BADAUTH; 213 auth_withpeer_fail(u->us_unit, PPP_PAP); 214 return; 215 } 216 217 upap_sauthreq(u); /* Send Authenticate-Request */ 218 } 219 220 221 /* 222 * upap_reqtimeout - Give up waiting for the peer to send an auth-req. 223 */ 224 static void 225 upap_reqtimeout(arg) 226 void *arg; 227 { 228 upap_state *u = (upap_state *) arg; 229 230 if (u->us_serverstate != UPAPSS_LISTEN) 231 return; /* huh?? */ 232 233 auth_peer_fail(u->us_unit, PPP_PAP); 234 u->us_serverstate = UPAPSS_BADAUTH; 235 } 236 237 238 /* 239 * upap_lowerup - The lower layer is up. 240 * 241 * Start authenticating if pending. 242 */ 243 static void 244 upap_lowerup(unit) 245 int unit; 246 { 247 upap_state *u = &upap[unit]; 248 249 if (u->us_clientstate == UPAPCS_INITIAL) 250 u->us_clientstate = UPAPCS_CLOSED; 251 else if (u->us_clientstate == UPAPCS_PENDING) { 252 upap_sauthreq(u); /* send an auth-request */ 253 } 254 255 if (u->us_serverstate == UPAPSS_INITIAL) 256 u->us_serverstate = UPAPSS_CLOSED; 257 else if (u->us_serverstate == UPAPSS_PENDING) { 258 u->us_serverstate = UPAPSS_LISTEN; 259 if (u->us_reqtimeout > 0) 260 TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout); 261 } 262 } 263 264 265 /* 266 * upap_lowerdown - The lower layer is down. 267 * 268 * Cancel all timeouts. 269 */ 270 static void 271 upap_lowerdown(unit) 272 int unit; 273 { 274 upap_state *u = &upap[unit]; 275 276 if (u->us_clientstate == UPAPCS_AUTHREQ) /* Timeout pending? */ 277 UNTIMEOUT(upap_timeout, u); /* Cancel timeout */ 278 if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0) 279 UNTIMEOUT(upap_reqtimeout, u); 280 281 u->us_clientstate = UPAPCS_INITIAL; 282 u->us_serverstate = UPAPSS_INITIAL; 283 } 284 285 286 /* 287 * upap_protrej - Peer doesn't speak this protocol. 288 * 289 * This shouldn't happen. In any case, pretend lower layer went down. 290 */ 291 static void 292 upap_protrej(unit) 293 int unit; 294 { 295 upap_state *u = &upap[unit]; 296 297 if (u->us_clientstate == UPAPCS_AUTHREQ) { 298 error("PAP authentication failed due to protocol-reject"); 299 auth_withpeer_fail(unit, PPP_PAP); 300 } 301 if (u->us_serverstate == UPAPSS_LISTEN) { 302 error("PAP authentication of peer failed (protocol-reject)"); 303 auth_peer_fail(unit, PPP_PAP); 304 } 305 upap_lowerdown(unit); 306 } 307 308 309 /* 310 * upap_input - Input UPAP packet. 311 */ 312 static void 313 upap_input(unit, inpacket, l) 314 int unit; 315 u_char *inpacket; 316 int l; 317 { 318 upap_state *u = &upap[unit]; 319 u_char *inp; 320 u_char code, id; 321 int len; 322 323 /* 324 * Parse header (code, id and length). 325 * If packet too short, drop it. 326 */ 327 inp = inpacket; 328 if (l < UPAP_HEADERLEN) { 329 UPAPDEBUG(("pap_input: rcvd short header.")); 330 return; 331 } 332 GETCHAR(code, inp); 333 GETCHAR(id, inp); 334 GETSHORT(len, inp); 335 if (len < UPAP_HEADERLEN) { 336 UPAPDEBUG(("pap_input: rcvd illegal length.")); 337 return; 338 } 339 if (len > l) { 340 UPAPDEBUG(("pap_input: rcvd short packet.")); 341 return; 342 } 343 len -= UPAP_HEADERLEN; 344 345 /* 346 * Action depends on code. 347 */ 348 switch (code) { 349 case UPAP_AUTHREQ: 350 upap_rauthreq(u, inp, id, len); 351 break; 352 353 case UPAP_AUTHACK: 354 upap_rauthack(u, inp, id, len); 355 break; 356 357 case UPAP_AUTHNAK: 358 upap_rauthnak(u, inp, id, len); 359 break; 360 361 default: /* XXX Need code reject */ 362 break; 363 } 364 } 365 366 367 /* 368 * upap_rauth - Receive Authenticate. 369 */ 370 static void 371 upap_rauthreq(u, inp, id, len) 372 upap_state *u; 373 u_char *inp; 374 int id; 375 int len; 376 { 377 u_char ruserlen, rpasswdlen; 378 char *ruser, *rpasswd; 379 char rhostname[256]; 380 int retcode; 381 char *msg; 382 int msglen; 383 384 if (u->us_serverstate < UPAPSS_LISTEN) 385 return; 386 387 /* 388 * If we receive a duplicate authenticate-request, we are 389 * supposed to return the same status as for the first request. 390 */ 391 if (u->us_serverstate == UPAPSS_OPEN) { 392 upap_sresp(u, UPAP_AUTHACK, id, "", 0); /* return auth-ack */ 393 return; 394 } 395 if (u->us_serverstate == UPAPSS_BADAUTH) { 396 upap_sresp(u, UPAP_AUTHNAK, id, "", 0); /* return auth-nak */ 397 return; 398 } 399 400 /* 401 * Parse user/passwd. 402 */ 403 if (len < 1) { 404 UPAPDEBUG(("pap_rauth: rcvd short packet.")); 405 return; 406 } 407 GETCHAR(ruserlen, inp); 408 len -= sizeof (u_char) + ruserlen + sizeof (u_char); 409 if (len < 0) { 410 UPAPDEBUG(("pap_rauth: rcvd short packet.")); 411 return; 412 } 413 ruser = (char *) inp; 414 INCPTR(ruserlen, inp); 415 GETCHAR(rpasswdlen, inp); 416 if (len < rpasswdlen) { 417 UPAPDEBUG(("pap_rauth: rcvd short packet.")); 418 return; 419 } 420 rpasswd = (char *) inp; 421 422 /* 423 * Check the username and password given. 424 */ 425 retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd, 426 rpasswdlen, &msg); 427 BZERO(rpasswd, rpasswdlen); 428 429 /* 430 * Check remote number authorization. A plugin may have filled in 431 * the remote number or added an allowed number, and rather than 432 * return an authenticate failure, is leaving it for us to verify. 433 */ 434 if (retcode == UPAP_AUTHACK) { 435 if (!auth_number()) { 436 /* We do not want to leak info about the pap result. */ 437 retcode = UPAP_AUTHNAK; /* XXX exit value will be "wrong" */ 438 warn("calling number %q is not authorized", remote_number); 439 } 440 } 441 442 msglen = strlen(msg); 443 if (msglen > 255) 444 msglen = 255; 445 upap_sresp(u, retcode, id, msg, msglen); 446 447 /* Null terminate and clean remote name. */ 448 slprintf(rhostname, sizeof(rhostname), "%.*v", ruserlen, ruser); 449 450 if (retcode == UPAP_AUTHACK) { 451 u->us_serverstate = UPAPSS_OPEN; 452 notice("PAP peer authentication succeeded for %q", rhostname); 453 auth_peer_success(u->us_unit, PPP_PAP, 0, ruser, ruserlen); 454 } else { 455 u->us_serverstate = UPAPSS_BADAUTH; 456 warn("PAP peer authentication failed for %q", rhostname); 457 auth_peer_fail(u->us_unit, PPP_PAP); 458 } 459 460 if (u->us_reqtimeout > 0) 461 UNTIMEOUT(upap_reqtimeout, u); 462 } 463 464 465 /* 466 * upap_rauthack - Receive Authenticate-Ack. 467 */ 468 static void 469 upap_rauthack(u, inp, id, len) 470 upap_state *u; 471 u_char *inp; 472 int id; 473 int len; 474 { 475 u_char msglen; 476 char *msg; 477 478 if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */ 479 return; 480 481 /* 482 * Parse message. 483 */ 484 if (len < 1) { 485 UPAPDEBUG(("pap_rauthack: ignoring missing msg-length.")); 486 } else { 487 GETCHAR(msglen, inp); 488 if (msglen > 0) { 489 len -= sizeof (u_char); 490 if (len < msglen) { 491 UPAPDEBUG(("pap_rauthack: rcvd short packet.")); 492 return; 493 } 494 msg = (char *) inp; 495 PRINTMSG(msg, msglen); 496 } 497 } 498 499 u->us_clientstate = UPAPCS_OPEN; 500 501 auth_withpeer_success(u->us_unit, PPP_PAP, 0); 502 } 503 504 505 /* 506 * upap_rauthnak - Receive Authenticate-Nak. 507 */ 508 static void 509 upap_rauthnak(u, inp, id, len) 510 upap_state *u; 511 u_char *inp; 512 int id; 513 int len; 514 { 515 u_char msglen; 516 char *msg; 517 518 if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */ 519 return; 520 521 /* 522 * Parse message. 523 */ 524 if (len < 1) { 525 UPAPDEBUG(("pap_rauthnak: ignoring missing msg-length.")); 526 } else { 527 GETCHAR(msglen, inp); 528 if (msglen > 0) { 529 len -= sizeof (u_char); 530 if (len < msglen) { 531 UPAPDEBUG(("pap_rauthnak: rcvd short packet.")); 532 return; 533 } 534 msg = (char *) inp; 535 PRINTMSG(msg, msglen); 536 } 537 } 538 539 u->us_clientstate = UPAPCS_BADAUTH; 540 541 error("PAP authentication failed"); 542 auth_withpeer_fail(u->us_unit, PPP_PAP); 543 } 544 545 546 /* 547 * upap_sauthreq - Send an Authenticate-Request. 548 */ 549 static void 550 upap_sauthreq(u) 551 upap_state *u; 552 { 553 u_char *outp; 554 int outlen; 555 556 outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) + 557 u->us_userlen + u->us_passwdlen; 558 outp = outpacket_buf; 559 560 MAKEHEADER(outp, PPP_PAP); 561 562 PUTCHAR(UPAP_AUTHREQ, outp); 563 PUTCHAR(++u->us_id, outp); 564 PUTSHORT(outlen, outp); 565 PUTCHAR(u->us_userlen, outp); 566 BCOPY(u->us_user, outp, u->us_userlen); 567 INCPTR(u->us_userlen, outp); 568 PUTCHAR(u->us_passwdlen, outp); 569 BCOPY(u->us_passwd, outp, u->us_passwdlen); 570 571 output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN); 572 573 TIMEOUT(upap_timeout, u, u->us_timeouttime); 574 ++u->us_transmits; 575 u->us_clientstate = UPAPCS_AUTHREQ; 576 } 577 578 579 /* 580 * upap_sresp - Send a response (ack or nak). 581 */ 582 static void 583 upap_sresp(u, code, id, msg, msglen) 584 upap_state *u; 585 u_char code, id; 586 char *msg; 587 int msglen; 588 { 589 u_char *outp; 590 int outlen; 591 592 outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen; 593 outp = outpacket_buf; 594 MAKEHEADER(outp, PPP_PAP); 595 596 PUTCHAR(code, outp); 597 PUTCHAR(id, outp); 598 PUTSHORT(outlen, outp); 599 PUTCHAR(msglen, outp); 600 BCOPY(msg, outp, msglen); 601 output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN); 602 } 603 604 /* 605 * upap_printpkt - print the contents of a PAP packet. 606 */ 607 static char *upap_codenames[] = { 608 "AuthReq", "AuthAck", "AuthNak" 609 }; 610 611 static int 612 upap_printpkt(p, plen, printer, arg) 613 u_char *p; 614 int plen; 615 void (*printer) __P((void *, char *, ...)); 616 void *arg; 617 { 618 int code, id, len; 619 int mlen, ulen, wlen; 620 char *user, *pwd, *msg; 621 u_char *pstart; 622 623 if (plen < UPAP_HEADERLEN) 624 return 0; 625 pstart = p; 626 GETCHAR(code, p); 627 GETCHAR(id, p); 628 GETSHORT(len, p); 629 if (len < UPAP_HEADERLEN || len > plen) 630 return 0; 631 632 if (code >= 1 && code <= sizeof(upap_codenames) / sizeof(char *)) 633 printer(arg, " %s", upap_codenames[code-1]); 634 else 635 printer(arg, " code=0x%x", code); 636 printer(arg, " id=0x%x", id); 637 len -= UPAP_HEADERLEN; 638 switch (code) { 639 case UPAP_AUTHREQ: 640 if (len < 1) 641 break; 642 ulen = p[0]; 643 if (len < ulen + 2) 644 break; 645 wlen = p[ulen + 1]; 646 if (len < ulen + wlen + 2) 647 break; 648 user = (char *) (p + 1); 649 pwd = (char *) (p + ulen + 2); 650 p += ulen + wlen + 2; 651 len -= ulen + wlen + 2; 652 printer(arg, " user="); 653 print_string(user, ulen, printer, arg); 654 printer(arg, " password="); 655 if (!hide_password) 656 print_string(pwd, wlen, printer, arg); 657 else 658 printer(arg, "<hidden>"); 659 break; 660 case UPAP_AUTHACK: 661 case UPAP_AUTHNAK: 662 if (len < 1) 663 break; 664 mlen = p[0]; 665 if (len < mlen + 1) 666 break; 667 msg = (char *) (p + 1); 668 p += mlen + 1; 669 len -= mlen + 1; 670 printer(arg, " "); 671 print_string(msg, mlen, printer, arg); 672 break; 673 } 674 675 /* print the rest of the bytes in the packet */ 676 for (; len > 0; --len) { 677 GETCHAR(code, p); 678 printer(arg, " %.2x", code); 679 } 680 681 return p - pstart; 682 } 683
