2 * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
3 * based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
4 * Internet Initiative Japan, Inc (IIJ)
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 #include <sys/param.h>
32 #include <netinet/in.h>
33 #include <netinet/in_systm.h>
34 #include <netinet/ip.h>
38 #include <string.h> /* strlen/memcpy */
54 #include "throughput.h"
57 #include "descriptor.h"
60 #include "slcompress.h"
73 static const char * const papcodes[] = {
74 "???", "REQUEST", "SUCCESS", "FAILURE"
76 #define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1)
79 pap_Req(struct authinfo *authp)
81 struct bundle *bundle = authp->physical->dl->bundle;
85 int namelen, keylen, plen;
87 namelen = strlen(bundle->cfg.auth.name);
88 keylen = strlen(bundle->cfg.auth.key);
89 plen = namelen + keylen + 2;
90 log_Printf(LogDEBUG, "pap_Req: namelen = %d, keylen = %d\n", namelen, keylen);
91 log_Printf(LogPHASE, "Pap Output: %s ********\n", bundle->cfg.auth.name);
92 if (*bundle->cfg.auth.name == '\0')
93 log_Printf(LogWARN, "Sending empty PAP authname!\n");
94 lh.code = PAP_REQUEST;
96 lh.length = htons(plen + sizeof(struct fsmheader));
97 bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
98 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
99 cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
101 memcpy(cp, bundle->cfg.auth.name, namelen);
104 memcpy(cp, bundle->cfg.auth.key, keylen);
105 link_PushPacket(&authp->physical->link, bp, bundle,
106 LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
110 SendPapCode(struct authinfo *authp, int code, const char *message)
119 mlen = strlen(message);
121 lh.length = htons(plen + sizeof(struct fsmheader));
122 bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
123 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
124 cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
126 * If our message is longer than 255 bytes, truncate the length to
127 * 255 and send the entire message anyway. Maybe the other end will
128 * display it... (see pap_Input() !)
130 *cp++ = mlen > 255 ? 255 : mlen;
131 memcpy(cp, message, mlen);
132 log_Printf(LogPHASE, "Pap Output: %s\n", papcodes[code]);
134 link_PushPacket(&authp->physical->link, bp, authp->physical->dl->bundle,
135 LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
139 pap_Success(struct authinfo *authp)
141 datalink_GotAuthname(authp->physical->dl, authp->in.name);
142 SendPapCode(authp, PAP_ACK, "Greetings!!");
143 authp->physical->link.lcp.auth_ineed = 0;
144 if (Enabled(authp->physical->dl->bundle, OPT_UTMP))
145 physical_Login(authp->physical, authp->in.name);
147 if (authp->physical->link.lcp.auth_iwait == 0)
149 * Either I didn't need to authenticate, or I've already been
150 * told that I got the answer right.
152 datalink_AuthOk(authp->physical->dl);
156 pap_Failure(struct authinfo *authp)
158 SendPapCode(authp, PAP_NAK, "Login incorrect");
159 datalink_AuthNotOk(authp->physical->dl);
163 pap_Init(struct authinfo *pap, struct physical *p)
165 auth_Init(pap, p, pap_Req, pap_Success, pap_Failure);
169 pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
171 struct physical *p = link2physical(l);
172 struct authinfo *authp = &p->dl->pap;
173 u_char nlen, klen, *key;
178 log_Printf(LogERROR, "pap_Input: Not a physical link - dropped\n");
183 if (bundle_Phase(bundle) != PHASE_NETWORK &&
184 bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
185 log_Printf(LogPHASE, "Unexpected pap input - dropped !\n");
190 if ((bp = auth_ReadHeader(authp, bp)) == NULL &&
191 ntohs(authp->in.hdr.length) == 0) {
192 log_Printf(LogWARN, "Pap Input: Truncated header !\n");
196 if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {
197 log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code);
202 if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id &&
203 Enabled(bundle, OPT_IDCHECK)) {
204 /* Wrong conversation dude ! */
205 log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n",
206 papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id);
210 m_settype(bp, MB_PAPIN);
211 authp->id = authp->in.hdr.id; /* We respond with this id */
214 bp = mbuf_Read(bp, &nlen, 1);
215 if (authp->in.hdr.code == PAP_ACK) {
217 * Don't restrict the length of our acknowledgement freetext to
218 * nlen (a one-byte length). Show the rest of the ack packet
219 * instead. This isn't really part of the protocol.....
223 txtlen = m_length(bp);
225 bp = auth_ReadName(authp, bp, nlen);
226 txt = authp->in.name;
227 txtlen = strlen(authp->in.name);
234 log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n",
235 papcodes[authp->in.hdr.code], txtlen, txt);
237 switch (authp->in.hdr.code) {
240 log_Printf(LogPHASE, "Pap Input: No key given !\n");
243 bp = mbuf_Read(bp, &klen, 1);
244 if (m_length(bp) < klen) {
245 log_Printf(LogERROR, "Pap Input: Truncated key !\n");
248 if ((key = malloc(klen+1)) == NULL) {
249 log_Printf(LogERROR, "Pap Input: Out of memory !\n");
252 bp = mbuf_Read(bp, key, klen);
256 if (*bundle->radius.cfg.file)
257 radius_Authenticate(&bundle->radius, authp, authp->in.name,
258 key, strlen(key), NULL, 0);
261 if (auth_Validate(bundle, authp->in.name, key, p))
270 auth_StopTimer(authp);
271 if (p->link.lcp.auth_iwait == PROTO_PAP) {
272 p->link.lcp.auth_iwait = 0;
273 if (p->link.lcp.auth_ineed == 0)
275 * We've succeeded in our ``login''
276 * If we're not expecting the peer to authenticate (or he already
277 * has), proceed to network phase.
279 datalink_AuthOk(p->dl);
284 auth_StopTimer(authp);
285 datalink_AuthNotOk(p->dl);