4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp)
6 * Copyright (C) 1993-94, Internet Initiative Japan, Inc.
7 * All rights reserverd.
9 * Redistribution and use in source and binary forms are permitted
10 * provided that the above copyright notice and this paragraph are
11 * duplicated in all such forms and that any documentation,
12 * advertising materials, and other materials related to such
13 * distribution and use acknowledge that the software was developed
14 * by the Internet Initiative Japan, Inc. The name of the
15 * IIJ may not be used to endorse or promote products derived
16 * from this software without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
19 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
25 #include <sys/param.h>
26 #include <netinet/in.h>
27 #include <netinet/in_systm.h>
28 #include <netinet/ip.h>
32 #include <string.h> /* strlen/memcpy */
48 #include "throughput.h"
51 #include "descriptor.h"
54 #include "slcompress.h"
67 static const char * const papcodes[] = {
68 "???", "REQUEST", "SUCCESS", "FAILURE"
70 #define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1)
73 pap_Req(struct authinfo *authp)
75 struct bundle *bundle = authp->physical->dl->bundle;
79 int namelen, keylen, plen;
81 namelen = strlen(bundle->cfg.auth.name);
82 keylen = strlen(bundle->cfg.auth.key);
83 plen = namelen + keylen + 2;
84 log_Printf(LogDEBUG, "pap_Req: namelen = %d, keylen = %d\n", namelen, keylen);
85 log_Printf(LogPHASE, "Pap Output: %s ********\n", bundle->cfg.auth.name);
86 if (*bundle->cfg.auth.name == '\0')
87 log_Printf(LogWARN, "Sending empty PAP authname!\n");
88 lh.code = PAP_REQUEST;
90 lh.length = htons(plen + sizeof(struct fsmheader));
91 bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
92 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
93 cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
95 memcpy(cp, bundle->cfg.auth.name, namelen);
98 memcpy(cp, bundle->cfg.auth.key, keylen);
99 link_PushPacket(&authp->physical->link, bp, bundle,
100 LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
104 SendPapCode(struct authinfo *authp, int code, const char *message)
113 mlen = strlen(message);
115 lh.length = htons(plen + sizeof(struct fsmheader));
116 bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
117 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
118 cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
120 * If our message is longer than 255 bytes, truncate the length to
121 * 255 and send the entire message anyway. Maybe the other end will
122 * display it... (see pap_Input() !)
124 *cp++ = mlen > 255 ? 255 : mlen;
125 memcpy(cp, message, mlen);
126 log_Printf(LogPHASE, "Pap Output: %s\n", papcodes[code]);
128 link_PushPacket(&authp->physical->link, bp, authp->physical->dl->bundle,
129 LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
133 pap_Success(struct authinfo *authp)
135 datalink_GotAuthname(authp->physical->dl, authp->in.name);
136 SendPapCode(authp, PAP_ACK, "Greetings!!");
137 authp->physical->link.lcp.auth_ineed = 0;
138 if (Enabled(authp->physical->dl->bundle, OPT_UTMP))
139 physical_Login(authp->physical, authp->in.name);
141 if (authp->physical->link.lcp.auth_iwait == 0)
143 * Either I didn't need to authenticate, or I've already been
144 * told that I got the answer right.
146 datalink_AuthOk(authp->physical->dl);
150 pap_Failure(struct authinfo *authp)
152 SendPapCode(authp, PAP_NAK, "Login incorrect");
153 datalink_AuthNotOk(authp->physical->dl);
157 pap_Init(struct authinfo *pap, struct physical *p)
159 auth_Init(pap, p, pap_Req, pap_Success, pap_Failure);
163 pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
165 struct physical *p = link2physical(l);
166 struct authinfo *authp = &p->dl->pap;
167 u_char nlen, klen, *key;
172 log_Printf(LogERROR, "pap_Input: Not a physical link - dropped\n");
177 if (bundle_Phase(bundle) != PHASE_NETWORK &&
178 bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
179 log_Printf(LogPHASE, "Unexpected pap input - dropped !\n");
184 if ((bp = auth_ReadHeader(authp, bp)) == NULL &&
185 ntohs(authp->in.hdr.length) == 0) {
186 log_Printf(LogWARN, "Pap Input: Truncated header !\n");
190 if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {
191 log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code);
196 if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id &&
197 Enabled(bundle, OPT_IDCHECK)) {
198 /* Wrong conversation dude ! */
199 log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n",
200 papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id);
204 m_settype(bp, MB_PAPIN);
205 authp->id = authp->in.hdr.id; /* We respond with this id */
208 bp = mbuf_Read(bp, &nlen, 1);
209 if (authp->in.hdr.code == PAP_ACK) {
211 * Don't restrict the length of our acknowledgement freetext to
212 * nlen (a one-byte length). Show the rest of the ack packet
213 * instead. This isn't really part of the protocol.....
217 txtlen = m_length(bp);
219 bp = auth_ReadName(authp, bp, nlen);
220 txt = authp->in.name;
221 txtlen = strlen(authp->in.name);
228 log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n",
229 papcodes[authp->in.hdr.code], txtlen, txt);
231 switch (authp->in.hdr.code) {
234 log_Printf(LogPHASE, "Pap Input: No key given !\n");
237 bp = mbuf_Read(bp, &klen, 1);
238 if (m_length(bp) < klen) {
239 log_Printf(LogERROR, "Pap Input: Truncated key !\n");
242 if ((key = malloc(klen+1)) == NULL) {
243 log_Printf(LogERROR, "Pap Input: Out of memory !\n");
246 bp = mbuf_Read(bp, key, klen);
250 if (*bundle->radius.cfg.file)
251 radius_Authenticate(&bundle->radius, authp, authp->in.name,
255 if (auth_Validate(bundle, authp->in.name, key, p))
264 auth_StopTimer(authp);
265 if (p->link.lcp.auth_iwait == PROTO_PAP) {
266 p->link.lcp.auth_iwait = 0;
267 if (p->link.lcp.auth_ineed == 0)
269 * We've succeeded in our ``login''
270 * If we're not expecting the peer to authenticate (or he already
271 * has), proceed to network phase.
273 datalink_AuthOk(p->dl);
278 auth_StopTimer(authp);
279 datalink_AuthNotOk(p->dl);