mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-09-13 02:05:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

PAP and CHAP are now using ppp_pcb*

Browse Source
This commit is contained in:
Sylvain Rochet 2012-06-15 00:24:39 +02:00
parent 844f5e5af1
commit 1ece33e79a
6 changed files with 301 additions and 405 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/netif/ppp/auth.c
View File

@ -795,7 +795,7 @@ void link_established(ppp_pcb *pcb) {
#endif /* EAP_SUPPORT */ #endif /* EAP_SUPPORT */
#if CHAP_SUPPORT #if CHAP_SUPPORT
if (go->neg_chap) { if (go->neg_chap) {
chap_auth_peer(unit, pcb->settings.our_name, CHAP_DIGEST(go->chap_mdtype)); chap_auth_peer(pcb, pcb->settings.our_name, CHAP_DIGEST(go->chap_mdtype));
auth |= CHAP_PEER; auth |= CHAP_PEER;
} else } else
#endif /* CHAP_SUPPORT */ #endif /* CHAP_SUPPORT */
@ -816,13 +816,13 @@ void link_established(ppp_pcb *pcb) {
#endif /* EAP_SUPPORT */ #endif /* EAP_SUPPORT */
#if CHAP_SUPPORT #if CHAP_SUPPORT
if (ho->neg_chap) { if (ho->neg_chap) {
chap_auth_with_peer(pcb->unit, pcb->settings.user, CHAP_DIGEST(ho->chap_mdtype)); chap_auth_with_peer(pcb, pcb->settings.user, CHAP_DIGEST(ho->chap_mdtype));
auth |= CHAP_WITHPEER; auth |= CHAP_WITHPEER;
} else } else
#endif /* CHAP_SUPPORT */ #endif /* CHAP_SUPPORT */
#if PAP_SUPPORT #if PAP_SUPPORT
if (ho->neg_upap) { if (ho->neg_upap) {
upap_authwithpeer(pcb->unit, pcb->settings.user, pcb->settings.passwd); upap_authwithpeer(pcb, pcb->settings.user, pcb->settings.passwd);
auth |= PAP_WITHPEER; auth |= PAP_WITHPEER;
} else } else
#endif /* PAP_SUPPORT */ #endif /* PAP_SUPPORT */
@ -832,6 +832,7 @@ void link_established(ppp_pcb *pcb) {
pcb->auth_done = 0; pcb->auth_done = 0;
if (!auth) if (!auth)
network_phase(pcb); network_phase(pcb);
} }

311
src/netif/ppp/chap-new.c
View File

@ -82,17 +82,6 @@ static option_t chap_option_list[] = {
}; };
#endif /* PPP_OPTIONS */ #endif /* PPP_OPTIONS */
/*
* Internal state.
*/
/* FIXME: one client struct per ppp session */
static struct chap_client_state {
int flags;
char *name;
struct chap_digest_type *digest;
unsigned char priv[64]; /* private area for digest's use */
} client;
/* /*
* These limits apply to challenge and response packets we send. * These limits apply to challenge and response packets we send.
* The +4 is the +1 that we actually need rounded up. * The +4 is the +1 that we actually need rounded up.
@ -100,20 +89,6 @@ static struct chap_client_state {
#define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN) #define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN)
#define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN) #define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN)
#if PPP_SERVER
/* FIXME: one server struct per ppp session */
static struct chap_server_state {
int flags;
int id;
char *name;
struct chap_digest_type *digest;
int challenge_xmits;
int challenge_pktlen;
unsigned char challenge[CHAL_MAX_PKTLEN];
char message[256];
} server;
#endif /* PPP_SERVER */
/* Values for flags in chap_client_state and chap_server_state */ /* Values for flags in chap_client_state and chap_server_state */
#define LOWERUP 1 #define LOWERUP 1
#define AUTH_STARTED 2 #define AUTH_STARTED 2
@ -130,17 +105,17 @@ static void chap_lowerup(int unit);
static void chap_lowerdown(int unit); static void chap_lowerdown(int unit);
#if PPP_SERVER #if PPP_SERVER
static void chap_timeout(void *arg); static void chap_timeout(void *arg);
static void chap_generate_challenge(struct chap_server_state *ss); static void chap_generate_challenge(ppp_pcb *pcb);
static void chap_handle_response(struct chap_server_state *ss, int code, static void chap_handle_response(ppp_pcb *pcb, int code,
unsigned char *pkt, int len); unsigned char *pkt, int len);
static int chap_verify_response(char *name, char *ourname, int id, static int chap_verify_response(char *name, char *ourname, int id,
struct chap_digest_type *digest, struct chap_digest_type *digest,
unsigned char *challenge, unsigned char *response, unsigned char *challenge, unsigned char *response,
char *message, int message_space); char *message, int message_space);
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
static void chap_respond(struct chap_client_state *cs, int id, static void chap_respond(ppp_pcb *pcb, int id,
unsigned char *pkt, int len); unsigned char *pkt, int len);
static void chap_handle_status(struct chap_client_state *cs, int code, int id, static void chap_handle_status(ppp_pcb *pcb, int code, int id,
unsigned char *pkt, int len); unsigned char *pkt, int len);
static void chap_protrej(int unit); static void chap_protrej(int unit);
static void chap_input(int unit, unsigned char *pkt, int pktlen); static void chap_input(int unit, unsigned char *pkt, int pktlen);
@ -155,12 +130,12 @@ static struct chap_digest_type *chap_digests;
/* /*
* chap_init - reset to initial state. * chap_init - reset to initial state.
*/ */
static void static void chap_init(int unit) {
chap_init(int unit) ppp_pcb *pcb = &ppp_pcb_list[unit];
{
memset(&client, 0, sizeof(client)); memset(&pcb->chap_client, 0, sizeof(chap_client_state));
#if PPP_SERVER #if PPP_SERVER
memset(&server, 0, sizeof(server)); memset(&pcb->chap_server, 0, sizeof(chap_server_state));
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
chap_md5_init(); chap_md5_init();
@ -172,9 +147,7 @@ chap_init(int unit)
/* /*
* Add a new digest type to the list. * Add a new digest type to the list.
*/ */
void void chap_register_digest(struct chap_digest_type *dp) {
chap_register_digest(struct chap_digest_type *dp)
{
dp->next = chap_digests; dp->next = chap_digests;
chap_digests = dp; chap_digests = dp;
} }
@ -182,35 +155,25 @@ chap_register_digest(struct chap_digest_type *dp)
/* /*
* chap_lowerup - we can start doing stuff now. * chap_lowerup - we can start doing stuff now.
*/ */
static void static void chap_lowerup(int unit) {
chap_lowerup(int unit) ppp_pcb *pcb = &ppp_pcb_list[unit];
{
struct chap_client_state *cs = &client;
#if PPP_SERVER
struct chap_server_state *ss = &server;
#endif /* PPP_SERVER */
cs->flags |= LOWERUP; pcb->chap_client.flags |= LOWERUP;
#if PPP_SERVER #if PPP_SERVER
ss->flags |= LOWERUP; pcb->chap_server.flags |= LOWERUP;
if (ss->flags & AUTH_STARTED) if (pcb->chap_server.flags & AUTH_STARTED)
chap_timeout(ss); chap_timeout(pcb);
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
} }
static void static void chap_lowerdown(int unit) {
chap_lowerdown(int unit) ppp_pcb *pcb = &ppp_pcb_list[unit];
{
struct chap_client_state *cs = &client;
#if PPP_SERVER
struct chap_server_state *ss = &server;
#endif /* PPP_SERVER */
cs->flags = 0; pcb->chap_client.flags = 0;
#if PPP_SERVER #if PPP_SERVER
if (ss->flags & TIMEOUT_PENDING) if (pcb->chap_server.flags & TIMEOUT_PENDING)
UNTIMEOUT(chap_timeout, ss); UNTIMEOUT(chap_timeout, pcb);
ss->flags = 0; pcb->chap_server.flags = 0;
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
} }
@ -220,13 +183,11 @@ chap_lowerdown(int unit)
* If the lower layer is already up, we start sending challenges, * If the lower layer is already up, we start sending challenges,
* otherwise we wait for the lower layer to come up. * otherwise we wait for the lower layer to come up.
*/ */
void void chap_auth_peer(ppp_pcb *pcb, char *our_name, int digest_code) {
chap_auth_peer(int unit, char *our_name, int digest_code)
{
struct chap_server_state *ss = &server; struct chap_server_state *ss = &server;
struct chap_digest_type *dp; struct chap_digest_type *dp;
if (ss->flags & AUTH_STARTED) { if (pcb->chap_server.flags & AUTH_STARTED) {
error("CHAP: peer authentication already started!"); error("CHAP: peer authentication already started!");
return; return;
} }
@ -237,12 +198,12 @@ chap_auth_peer(int unit, char *our_name, int digest_code)
fatal("CHAP digest 0x%x requested but not available", fatal("CHAP digest 0x%x requested but not available",
digest_code); digest_code);
ss->digest = dp; pcb->chap_server.digest = dp;
ss->name = our_name; pcb->chap_server.name = our_name;
/* Start with a random ID value */ /* Start with a random ID value */
ss->id = (unsigned char)(drand48() * 256); pcb->chap_server.id = (unsigned char)(drand48() * 256);
ss->flags |= AUTH_STARTED; pcb->chap_server.flags |= AUTH_STARTED;
if (ss->flags & LOWERUP) if (pcb->chap_server.flags & LOWERUP)
chap_timeout(ss); chap_timeout(ss);
} }
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
@ -251,13 +212,10 @@ chap_auth_peer(int unit, char *our_name, int digest_code)
* chap_auth_with_peer - Prepare to authenticate ourselves to the peer. * chap_auth_with_peer - Prepare to authenticate ourselves to the peer.
* There isn't much to do until we receive a challenge. * There isn't much to do until we receive a challenge.
*/ */
void void chap_auth_with_peer(ppp_pcb *pcb, char *our_name, int digest_code) {
chap_auth_with_peer(int unit, char *our_name, int digest_code)
{
struct chap_client_state *cs = &client;
struct chap_digest_type *dp; struct chap_digest_type *dp;
if (cs->flags & AUTH_STARTED) { if (pcb->chap_client.flags & AUTH_STARTED) {
error("CHAP: authentication with peer already started!"); error("CHAP: authentication with peer already started!");
return; return;
} }
@ -268,9 +226,9 @@ chap_auth_with_peer(int unit, char *our_name, int digest_code)
fatal("CHAP digest 0x%x requested but not available", fatal("CHAP digest 0x%x requested but not available",
digest_code); digest_code);
cs->digest = dp; pcb->chap_client.digest = dp;
cs->name = our_name; pcb->chap_client.name = our_name;
cs->flags |= AUTH_STARTED; pcb->chap_client.flags |= AUTH_STARTED;
} }
# if PPP_SERVER # if PPP_SERVER
@ -279,55 +237,49 @@ chap_auth_with_peer(int unit, char *our_name, int digest_code)
* This could be either a retransmission of a previous challenge, * This could be either a retransmission of a previous challenge,
* or a new challenge to start re-authentication. * or a new challenge to start re-authentication.
*/ */
static void static void chap_timeout(void *arg) {
chap_timeout(void *arg) ppp_pcb *pcb = (ppp_pcb*)arg;
{
/* FIXME: fix forced unit 0 */
ppp_pcb *pcb = &ppp_pcb_list[0];
struct chap_server_state *ss = arg;
ss->flags &= ~TIMEOUT_PENDING; pcb->chap_server.flags &= ~TIMEOUT_PENDING;
if ((ss->flags & CHALLENGE_VALID) == 0) { if ((pcb->chap_server.flags & CHALLENGE_VALID) == 0) {
ss->challenge_xmits = 0; pcb->chap_server.challenge_xmits = 0;
chap_generate_challenge(ss); chap_generate_challenge(pcb);
ss->flags |= CHALLENGE_VALID; pcb->chap_server.flags |= CHALLENGE_VALID;
} else if (ss->challenge_xmits >= chap_max_transmits) { } else if (pcb->chap_server.challenge_xmits >= chap_max_transmits) {
ss->flags &= ~CHALLENGE_VALID; pcb->chap_server.flags &= ~CHALLENGE_VALID;
ss->flags |= AUTH_DONE | AUTH_FAILED; pcb->chap_server.flags |= AUTH_DONE | AUTH_FAILED;
auth_peer_fail(pcb, PPP_CHAP); auth_peer_fail(pcb, PPP_CHAP);
return; return;
} }
ppp_write(pcb, ss->challenge, ss->challenge_pktlen); ppp_write(pcb, pcb->chap_server.challenge, pcb->chap_server.challenge_pktlen);
++ss->challenge_xmits; ++pcb->chap_server.challenge_xmits;
ss->flags |= TIMEOUT_PENDING; pcb->chap_server.flags |= TIMEOUT_PENDING;
TIMEOUT(chap_timeout, arg, chap_timeout_time); TIMEOUT(chap_timeout, arg, chap_timeout_time);
} }
/* /*
* chap_generate_challenge - generate a challenge string and format * chap_generate_challenge - generate a challenge string and format
* the challenge packet in ss->challenge_pkt. * the challenge packet in pcb->chap_server.challenge_pkt.
*/ */
static void static void chap_generate_challenge(ppp_pcb *pcb) {
chap_generate_challenge(struct chap_server_state *ss)
{
int clen = 1, nlen, len; int clen = 1, nlen, len;
unsigned char *p; unsigned char *p;
p = ss->challenge; p = pcb->chap_server.challenge;
MAKEHEADER(p, PPP_CHAP); MAKEHEADER(p, PPP_CHAP);
p += CHAP_HDRLEN; p += CHAP_HDRLEN;
ss->digest->generate_challenge(p); pcb->chap_server.digest->generate_challenge(p);
clen = *p; clen = *p;
nlen = strlen(ss->name); nlen = strlen(pcb->chap_server.name);
memcpy(p + 1 + clen, ss->name, nlen); memcpy(p + 1 + clen, pcb->chap_server.name, nlen);
len = CHAP_HDRLEN + 1 + clen + nlen; len = CHAP_HDRLEN + 1 + clen + nlen;
ss->challenge_pktlen = PPP_HDRLEN + len; pcb->chap_server.challenge_pktlen = PPP_HDRLEN + len;
p = ss->challenge + PPP_HDRLEN; p = pcb->chap_server.challenge + PPP_HDRLEN;
p[0] = CHAP_CHALLENGE; p[0] = CHAP_CHALLENGE;
p[1] = ++ss->id; p[1] = ++pcb->chap_server.id;
p[2] = len >> 8; p[2] = len >> 8;
p[3] = len; p[3] = len;
} }
@ -335,12 +287,8 @@ chap_generate_challenge(struct chap_server_state *ss)
/* /*
* chap_handle_response - check the response to our challenge. * chap_handle_response - check the response to our challenge.
*/ */
static void static void chap_handle_response(ppp_pcb *pcb, int id,
chap_handle_response(struct chap_server_state *ss, int id, unsigned char *pkt, int len) {
unsigned char *pkt, int len)
{
/* FIXME: fix forced unit 0 */
ppp_pcb *pcb = &ppp_pcb_list[0];
int response_len, ok, mlen; int response_len, ok, mlen;
unsigned char *response, *p; unsigned char *response, *p;
char *name = NULL; /* initialized to shut gcc up */ char *name = NULL; /* initialized to shut gcc up */
@ -348,11 +296,11 @@ chap_handle_response(struct chap_server_state *ss, int id,
unsigned char *, unsigned char *, char *, int); unsigned char *, unsigned char *, char *, int);
char rname[MAXNAMELEN+1]; char rname[MAXNAMELEN+1];
if ((ss->flags & LOWERUP) == 0) if ((pcb->chap_server.flags & LOWERUP) == 0)
return; return;
if (id != ss->challenge[PPP_HDRLEN+1] || len < 2) if (id != pcb->chap_server.challenge[PPP_HDRLEN+1] || len < 2)
return; return;
if (ss->flags & CHALLENGE_VALID) { if (pcb->chap_server.flags & CHALLENGE_VALID) {
response = pkt; response = pkt;
GETCHAR(response_len, pkt); GETCHAR(response_len, pkt);
len -= response_len + 1; /* length of name */ len -= response_len + 1; /* length of name */
@ -360,9 +308,9 @@ chap_handle_response(struct chap_server_state *ss, int id,
if (len < 0) if (len < 0)
return; return;
if (ss->flags & TIMEOUT_PENDING) { if (pcb->chap_server.flags & TIMEOUT_PENDING) {
ss->flags &= ~TIMEOUT_PENDING; pcb->chap_server.flags &= ~TIMEOUT_PENDING;
UNTIMEOUT(chap_timeout, ss); UNTIMEOUT(chap_timeout, pcb);
} }
if (explicit_remote) { if (explicit_remote) {
@ -377,35 +325,35 @@ chap_handle_response(struct chap_server_state *ss, int id,
verifier = chap_verify_hook; verifier = chap_verify_hook;
else else
verifier = chap_verify_response; verifier = chap_verify_response;
ok = (*verifier)(name, ss->name, id, ss->digest, ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest,
ss->challenge + PPP_HDRLEN + CHAP_HDRLEN, pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
response, ss->message, sizeof(ss->message)); response, pcb->chap_server.message, sizeof(pcb->chap_server.message));
#if 0 /* UNUSED */ #if 0 /* UNUSED */
if (!ok || !auth_number()) { if (!ok || !auth_number()) {
#endif /* UNUSED */ #endif /* UNUSED */
if (!ok) { if (!ok) {
ss->flags |= AUTH_FAILED; pcb->chap_server.flags |= AUTH_FAILED;
warn("Peer %q failed CHAP authentication", name); warn("Peer %q failed CHAP authentication", name);
} }
} else if ((ss->flags & AUTH_DONE) == 0) } else if ((pcb->chap_server.flags & AUTH_DONE) == 0)
return; return;
/* send the response */ /* send the response */
p = outpacket_buf; p = outpacket_buf;
MAKEHEADER(p, PPP_CHAP); MAKEHEADER(p, PPP_CHAP);
mlen = strlen(ss->message); mlen = strlen(pcb->chap_server.message);
len = CHAP_HDRLEN + mlen; len = CHAP_HDRLEN + mlen;
p[0] = (ss->flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS; p[0] = (pcb->chap_server.flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS;
p[1] = id; p[1] = id;
p[2] = len >> 8; p[2] = len >> 8;
p[3] = len; p[3] = len;
if (mlen > 0) if (mlen > 0)
memcpy(p + CHAP_HDRLEN, ss->message, mlen); memcpy(p + CHAP_HDRLEN, pcb->chap_server.message, mlen);
ppp_write(pcb, outpacket_buf, PPP_HDRLEN + len); ppp_write(pcb, outpacket_buf, PPP_HDRLEN + len);
if (ss->flags & CHALLENGE_VALID) { if (pcb->chap_server.flags & CHALLENGE_VALID) {
ss->flags &= ~CHALLENGE_VALID; pcb->chap_server.flags &= ~CHALLENGE_VALID;
if (!(ss->flags & AUTH_DONE) && !(ss->flags & AUTH_FAILED)) { if (!(pcb->chap_server.flags & AUTH_DONE) && !(pcb->chap_server.flags & AUTH_FAILED)) {
#if 0 /* UNUSED */ #if 0 /* UNUSED */
/* /*
@ -419,26 +367,26 @@ chap_handle_response(struct chap_server_state *ss, int id,
*/ */
if (session_mgmt && if (session_mgmt &&
session_check(name, NULL, devnam, NULL) == 0) { session_check(name, NULL, devnam, NULL) == 0) {
ss->flags |= AUTH_FAILED; pcb->chap_server.flags |= AUTH_FAILED;
warn("Peer %q failed CHAP Session verification", name); warn("Peer %q failed CHAP Session verification", name);
} }
#endif /* UNUSED */ #endif /* UNUSED */
} }
if (ss->flags & AUTH_FAILED) { if (pcb->chap_server.flags & AUTH_FAILED) {
auth_peer_fail(pcb, PPP_CHAP); auth_peer_fail(pcb, PPP_CHAP);
} else { } else {
if ((ss->flags & AUTH_DONE) == 0) if ((pcb->chap_server.flags & AUTH_DONE) == 0)
auth_peer_success(pcb, PPP_CHAP, auth_peer_success(pcb, PPP_CHAP,
ss->digest->code, pcb->chap_server.digest->code,
name, strlen(name)); name, strlen(name));
if (chap_rechallenge_time) { if (chap_rechallenge_time) {
ss->flags |= TIMEOUT_PENDING; pcb->chap_server.flags |= TIMEOUT_PENDING;
TIMEOUT(chap_timeout, ss, TIMEOUT(chap_timeout, pcb,
chap_rechallenge_time); chap_rechallenge_time);
} }
} }
ss->flags |= AUTH_DONE; pcb->chap_server.flags |= AUTH_DONE;
} }
} }
@ -447,12 +395,10 @@ chap_handle_response(struct chap_server_state *ss, int id,
* what we think it should be. Returns 1 if it does (authentication * what we think it should be. Returns 1 if it does (authentication
* succeeded), or 0 if it doesn't. * succeeded), or 0 if it doesn't.
*/ */
static int static int chap_verify_response(char *name, char *ourname, int id,
chap_verify_response(char *name, char *ourname, int id,
struct chap_digest_type *digest, struct chap_digest_type *digest,
unsigned char *challenge, unsigned char *response, unsigned char *challenge, unsigned char *response,
char *message, int message_space) char *message, int message_space) {
{
int ok; int ok;
unsigned char secret[MAXSECRETLEN]; unsigned char secret[MAXSECRETLEN];
int secret_len; int secret_len;
@ -474,12 +420,8 @@ chap_verify_response(char *name, char *ourname, int id,
/* /*
* chap_respond - Generate and send a response to a challenge. * chap_respond - Generate and send a response to a challenge.
*/ */
static void static void chap_respond(ppp_pcb *pcb, int id,
chap_respond(struct chap_client_state *cs, int id, unsigned char *pkt, int len) {
unsigned char *pkt, int len)
{
/* FIXME: fix forced unit 0 */
ppp_pcb *pcb = &ppp_pcb_list[0];
int clen, nlen; int clen, nlen;
int secret_len; int secret_len;
unsigned char *p; unsigned char *p;
@ -488,7 +430,7 @@ chap_respond(struct chap_client_state *cs, int id,
char secret[MAXSECRETLEN+1]; char secret[MAXSECRETLEN+1];
ppp_pcb *pc = &ppp_pcb_list[0]; ppp_pcb *pc = &ppp_pcb_list[0];
if ((cs->flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED)) if ((pcb->chap_client.flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
return; /* not ready */ return; /* not ready */
if (len < 2 || len < pkt[0] + 1) if (len < 2 || len < pkt[0] + 1)
return; /* too short */ return; /* too short */
@ -503,7 +445,7 @@ chap_respond(struct chap_client_state *cs, int id,
strlcpy(rname, pc->settings.remote_name, sizeof(rname)); strlcpy(rname, pc->settings.remote_name, sizeof(rname));
/* get secret for authenticating ourselves with the specified host */ /* get secret for authenticating ourselves with the specified host */
if (!get_secret(pcb, cs->name, rname, secret, &secret_len, 0)) { if (!get_secret(pcb, pcb->chap_client.name, rname, secret, &secret_len, 0)) {
secret_len = 0; /* assume null secret if can't find one */ secret_len = 0; /* assume null secret if can't find one */
warn("No CHAP secret found for authenticating us to %q", rname); warn("No CHAP secret found for authenticating us to %q", rname);
} }
@ -512,13 +454,13 @@ chap_respond(struct chap_client_state *cs, int id,
MAKEHEADER(p, PPP_CHAP); MAKEHEADER(p, PPP_CHAP);
p += CHAP_HDRLEN; p += CHAP_HDRLEN;
cs->digest->make_response(p, id, cs->name, pkt, pcb->chap_client.digest->make_response(p, id, pcb->chap_client.name, pkt,
secret, secret_len, cs->priv); secret, secret_len, pcb->chap_client.priv);
memset(secret, 0, secret_len); memset(secret, 0, secret_len);
clen = *p; clen = *p;
nlen = strlen(cs->name); nlen = strlen(pcb->chap_client.name);
memcpy(p + clen + 1, cs->name, nlen); memcpy(p + clen + 1, pcb->chap_client.name, nlen);
p = response + PPP_HDRLEN; p = response + PPP_HDRLEN;
len = CHAP_HDRLEN + clen + 1 + nlen; len = CHAP_HDRLEN + clen + 1 + nlen;
@ -530,29 +472,25 @@ chap_respond(struct chap_client_state *cs, int id,
ppp_write(pcb, response, PPP_HDRLEN + len); ppp_write(pcb, response, PPP_HDRLEN + len);
} }
static void static void chap_handle_status(ppp_pcb *pcb, int code, int id,
chap_handle_status(struct chap_client_state *cs, int code, int id, unsigned char *pkt, int len) {
unsigned char *pkt, int len)
{
/* FIXME: fix forced unit 0 */
ppp_pcb *pcb = &ppp_pcb_list[0];
const char *msg = NULL; const char *msg = NULL;
if ((cs->flags & (AUTH_DONE|AUTH_STARTED|LOWERUP)) if ((pcb->chap_client.flags & (AUTH_DONE|AUTH_STARTED|LOWERUP))
!= (AUTH_STARTED|LOWERUP)) != (AUTH_STARTED|LOWERUP))
return; return;
cs->flags |= AUTH_DONE; pcb->chap_client.flags |= AUTH_DONE;
if (code == CHAP_SUCCESS) { if (code == CHAP_SUCCESS) {
/* used for MS-CHAP v2 mutual auth, yuck */ /* used for MS-CHAP v2 mutual auth, yuck */
if (cs->digest->check_success != NULL) { if (pcb->chap_client.digest->check_success != NULL) {
if (!(*cs->digest->check_success)(pkt, len, cs->priv)) if (!(*pcb->chap_client.digest->check_success)(pkt, len, pcb->chap_client.priv))
code = CHAP_FAILURE; code = CHAP_FAILURE;
} else } else
msg = "CHAP authentication succeeded"; msg = "CHAP authentication succeeded";
} else { } else {
if (cs->digest->handle_failure != NULL) if (pcb->chap_client.digest->handle_failure != NULL)
(*cs->digest->handle_failure)(pkt, len); (*pcb->chap_client.digest->handle_failure)(pkt, len);
else else
msg = "CHAP authentication failed"; msg = "CHAP authentication failed";
} }
@ -563,22 +501,16 @@ chap_handle_status(struct chap_client_state *cs, int code, int id,
info("%s", msg); info("%s", msg);
} }
if (code == CHAP_SUCCESS) if (code == CHAP_SUCCESS)
auth_withpeer_success(pcb, PPP_CHAP, cs->digest->code); auth_withpeer_success(pcb, PPP_CHAP, pcb->chap_client.digest->code);
else { else {
cs->flags |= AUTH_FAILED; pcb->chap_client.flags |= AUTH_FAILED;
error("CHAP authentication failed"); error("CHAP authentication failed");
auth_withpeer_fail(pcb, PPP_CHAP); auth_withpeer_fail(pcb, PPP_CHAP);
} }
} }
static void static void chap_input(int unit, unsigned char *pkt, int pktlen) {
chap_input(int unit, unsigned char *pkt, int pktlen) ppp_pcb *pcb = &ppp_pcb_list[unit];
{
struct chap_client_state *cs = &client;
#if PPP_SERVER
struct chap_server_state *ss = &server;
#endif /* PPP_SERVER */
unsigned char code, id; unsigned char code, id;
int len; int len;
@ -593,39 +525,35 @@ chap_input(int unit, unsigned char *pkt, int pktlen)
switch (code) { switch (code) {
case CHAP_CHALLENGE: case CHAP_CHALLENGE:
chap_respond(cs, id, pkt, len); chap_respond(pcb, id, pkt, len);
break; break;
#if PPP_SERVER #if PPP_SERVER
case CHAP_RESPONSE: case CHAP_RESPONSE:
chap_handle_response(ss, id, pkt, len); chap_handle_response(pcb, id, pkt, len);
break; break;
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
case CHAP_FAILURE: case CHAP_FAILURE:
case CHAP_SUCCESS: case CHAP_SUCCESS:
chap_handle_status(cs, code, id, pkt, len); chap_handle_status(pcb, code, id, pkt, len);
break; break;
} }
} }
static void static void chap_protrej(int unit) {
chap_protrej(int unit)
{
ppp_pcb *pcb = &ppp_pcb_list[unit]; ppp_pcb *pcb = &ppp_pcb_list[unit];
struct chap_client_state *cs = &client;
#if PPP_SERVER
struct chap_server_state *ss = &server;
if (ss->flags & TIMEOUT_PENDING) { #if PPP_SERVER
ss->flags &= ~TIMEOUT_PENDING; if (pcb->chap_server.flags & TIMEOUT_PENDING) {
UNTIMEOUT(chap_timeout, ss); pcb->chap_server.flags &= ~TIMEOUT_PENDING;
UNTIMEOUT(chap_timeout, pcb);
} }
if (ss->flags & AUTH_STARTED) { if (pcb->chap_server.flags & AUTH_STARTED) {
ss->flags = 0; pcb->chap_server.flags = 0;
auth_peer_fail(pcb, PPP_CHAP); auth_peer_fail(pcb, PPP_CHAP);
} }
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
if ((cs->flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) { if ((pcb->chap_client.flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) {
cs->flags &= ~AUTH_STARTED; pcb->chap_client.flags &= ~AUTH_STARTED;
error("CHAP authentication failed due to protocol-reject"); error("CHAP authentication failed due to protocol-reject");
auth_withpeer_fail(pcb, PPP_CHAP); auth_withpeer_fail(pcb, PPP_CHAP);
} }
@ -639,10 +567,8 @@ static char *chap_code_names[] = {
"Challenge", "Response", "Success", "Failure" "Challenge", "Response", "Success", "Failure"
}; };
static int static int chap_print_pkt(unsigned char *p, int plen,
chap_print_pkt(unsigned char *p, int plen, void (*printer) (void *, char *, ...), void *arg) {
void (*printer) (void *, char *, ...), void *arg)
{
int code, id, len; int code, id, len;
int clen, nlen; int clen, nlen;
unsigned char x; unsigned char x;
@ -689,6 +615,7 @@ chap_print_pkt(unsigned char *p, int plen,
GETCHAR(x, p); GETCHAR(x, p);
printer(arg, " %.2x", x); printer(arg, " %.2x", x);
} }
/* no break */
} }
return len + CHAP_HDRLEN; return len + CHAP_HDRLEN;

4
src/netif/ppp/chap-new.h
View File

@ -151,11 +151,11 @@ extern void chap_register_digest(struct chap_digest_type *);
#if PPP_SERVER #if PPP_SERVER
/* Called by authentication code to start authenticating the peer. */ /* Called by authentication code to start authenticating the peer. */
extern void chap_auth_peer(int unit, char *our_name, int digest_code); extern void chap_auth_peer(ppp_pcb *pcb, char *our_name, int digest_code);
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
/* Called by auth. code to start authenticating us to the peer. */ /* Called by auth. code to start authenticating us to the peer. */
extern void chap_auth_with_peer(int unit, char *our_name, int digest_code); extern void chap_auth_with_peer(ppp_pcb *pcb, char *our_name, int digest_code);
/* Represents the CHAP protocol to the main pppd code */ /* Represents the CHAP protocol to the main pppd code */
extern struct protent chap_protent; extern struct protent chap_protent;

58
src/netif/ppp/ppp.h
View File

@ -214,6 +214,53 @@ typedef struct ppp_pcb_rx_s {
} ppp_pcb_rx; } ppp_pcb_rx;
#endif /* PPPOS_SUPPORT */ #endif /* PPPOS_SUPPORT */
/*
* Each interface is described by upap structure.
*/
#if PAP_SUPPORT
typedef struct upap_state {
int us_unit; /* Interface unit number */
char *us_user; /* User */
int us_userlen; /* User length */
char *us_passwd; /* Password */
int us_passwdlen; /* Password length */
int us_clientstate; /* Client state */
#if PPP_SERVER
int us_serverstate; /* Server state */
#endif /* PPP_SERVER */
u_char us_id; /* Current id */
int us_timeouttime; /* Timeout (seconds) for auth-req retrans. */
int us_transmits; /* Number of auth-reqs sent */
int us_maxtransmits; /* Maximum number of auth-reqs to send */
int us_reqtimeout; /* Time to wait for auth-req from peer */
} upap_state;
#endif /* PAP_SUPPORT */
/*
* Each interface is described by chap structure.
*/
#if CHAP_SUPPORT
typedef struct chap_client_state {
int flags;
char *name;
struct chap_digest_type *digest;
unsigned char priv[64]; /* private area for digest's use */
} chap_client_state;
#if PPP_SERVER
static struct chap_server_state {
int flags;
int id;
char *name;
struct chap_digest_type *digest;
int challenge_xmits;
int challenge_pktlen;
unsigned char challenge[CHAL_MAX_PKTLEN];
char message[256];
} chap_server_state;
#endif /* PPP_SERVER */
#endif /* CHAP_SUPPORT */
/* /*
* PPP interface control block. * PPP interface control block.
*/ */
@ -262,6 +309,17 @@ typedef struct ppp_pcb_s {
int auth_done; /* Records which authentication operations have been completed. */ int auth_done; /* Records which authentication operations have been completed. */
int num_np_open; /* Number of network protocols which we have opened. */ int num_np_open; /* Number of network protocols which we have opened. */
int num_np_up; /* Number of network protocols which have come up. */ int num_np_up; /* Number of network protocols which have come up. */
#if PAP_SUPPORT
upap_state upap; /* PAP data */
#endif /* PAP_SUPPORT */
#if CHAP_SUPPORT
chap_client_state chap_client;
#if PPP_SERVER
chap_server_state chap_server;
#endif /* PPP_SERVER */
#endif /* CHAP_SUPPORT */
} ppp_pcb; } ppp_pcb;
/************************ /************************

291
src/netif/ppp/upap.c
View File

@ -80,14 +80,13 @@ static option_t pap_option_list[] = {
/* /*
* Protocol entry points. * Protocol entry points.
*/ */
static void upap_init (int); static void upap_init(int unit);
static void upap_lowerup (int); static void upap_lowerup(int unit);
static void upap_lowerdown (int); static void upap_lowerdown(int unit);
static void upap_input (int, u_char *, int); static void upap_input(int unit, u_char *inpacket, int l);
static void upap_protrej (int); static void upap_protrej(int unit);
#if PRINTPKT_SUPPORT #if PRINTPKT_SUPPORT
static int upap_printpkt (u_char *, int, static int upap_printpkt(u_char *p, int plen, void (*printer) (void *, char *, ...), void *arg);
void (*) (void *, char *, ...), void *);
#endif /* PRINTPKT_SUPPORT */ #endif /* PRINTPKT_SUPPORT */
struct protent pap_protent = { struct protent pap_protent = {
@ -118,45 +117,40 @@ struct protent pap_protent = {
#endif /* DEMAND_SUPPORT */ #endif /* DEMAND_SUPPORT */
}; };
upap_state upap[NUM_PPP]; /* UPAP state; one for each unit */ static void upap_timeout(void *arg);
static void upap_timeout (void *);
#if PPP_SERVER #if PPP_SERVER
static void upap_reqtimeout (void *); static void upap_reqtimeout(void *arg);
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
#if 0 /* UNUSED */ #if 0 /* UNUSED */
static void upap_rauthreq (upap_state *, u_char *, int, int); static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len);
#endif /* UNUSED */ #endif /* UNUSED */
static void upap_rauthack (upap_state *, u_char *, int, int); static void upap_rauthack(ppp_pcb *pcb, u_char *inp, int id, int len);
static void upap_rauthnak (upap_state *, u_char *, int, int); static void upap_rauthnak(ppp_pcb *pcb, u_char *inp, int id, int len);
static void upap_sauthreq (upap_state *); static void upap_sauthreq(ppp_pcb *pcb);
#if 0 /* UNUSED */ #if 0 /* UNUSED */
static void upap_sresp (upap_state *, int, int, char *, int); static void upap_sresp(ppp_pcb *pcb, u_char code, u_char id, char *msg, int msglen);
#endif /* UNUSED */ #endif /* UNUSED */
/* /*
* upap_init - Initialize a UPAP unit. * upap_init - Initialize a UPAP unit.
*/ */
static void static void upap_init(int unit) {
upap_init(unit) ppp_pcb *pcb = &ppp_pcb_list[unit];
int unit;
{
upap_state *u = &upap[unit];
u->us_unit = unit; pcb->upap.us_unit = unit;
u->us_user = NULL; pcb->upap.us_user = NULL;
u->us_userlen = 0; pcb->upap.us_userlen = 0;
u->us_passwd = NULL; pcb->upap.us_passwd = NULL;
u->us_passwdlen = 0; pcb->upap.us_passwdlen = 0;
u->us_clientstate = UPAPCS_INITIAL; pcb->upap.us_clientstate = UPAPCS_INITIAL;
#if PPP_SERVER #if PPP_SERVER
u->us_serverstate = UPAPSS_INITIAL; pcb->upap.us_serverstate = UPAPSS_INITIAL;
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
u->us_id = 0; pcb->upap.us_id = 0;
u->us_timeouttime = UPAP_DEFTIMEOUT; pcb->upap.us_timeouttime = UPAP_DEFTIMEOUT;
u->us_maxtransmits = 10; pcb->upap.us_maxtransmits = 10;
u->us_reqtimeout = UPAP_DEFREQTIME; pcb->upap.us_reqtimeout = UPAP_DEFREQTIME;
} }
@ -165,28 +159,22 @@ upap_init(unit)
* *
* Set new state and send authenticate's. * Set new state and send authenticate's.
*/ */
void void upap_authwithpeer(ppp_pcb *pcb, char *user, char *password) {
upap_authwithpeer(unit, user, password)
int unit;
char *user, *password;
{
upap_state *u = &upap[unit];
/* Save the username and password we're given */ /* Save the username and password we're given */
u->us_user = user; pcb->upap.us_user = user;
u->us_userlen = strlen(user); pcb->upap.us_userlen = strlen(user);
u->us_passwd = password; pcb->upap.us_passwd = password;
u->us_passwdlen = strlen(password); pcb->upap.us_passwdlen = strlen(password);
u->us_transmits = 0; pcb->upap.us_transmits = 0;
/* Lower layer up yet? */ /* Lower layer up yet? */
if (u->us_clientstate == UPAPCS_INITIAL || if (pcb->upap.us_clientstate == UPAPCS_INITIAL ||
u->us_clientstate == UPAPCS_PENDING) { pcb->upap.us_clientstate == UPAPCS_PENDING) {
u->us_clientstate = UPAPCS_PENDING; pcb->upap.us_clientstate = UPAPCS_PENDING;
return; return;
} }
upap_sauthreq(u); /* Start protocol */ upap_sauthreq(pcb); /* Start protocol */
} }
#if PPP_SERVER #if PPP_SERVER
@ -195,47 +183,39 @@ upap_authwithpeer(unit, user, password)
* *
* Set new state. * Set new state.
*/ */
void void upap_authpeer(ppp_pcb *pcb) {
upap_authpeer(unit)
int unit;
{
upap_state *u = &upap[unit];
/* Lower layer up yet? */ /* Lower layer up yet? */
if (u->us_serverstate == UPAPSS_INITIAL || if (pcb->upap.us_serverstate == UPAPSS_INITIAL ||
u->us_serverstate == UPAPSS_PENDING) { pcb->upap.us_serverstate == UPAPSS_PENDING) {
u->us_serverstate = UPAPSS_PENDING; pcb->upap.us_serverstate = UPAPSS_PENDING;
return; return;
} }
u->us_serverstate = UPAPSS_LISTEN; pcb->upap.us_serverstate = UPAPSS_LISTEN;
if (u->us_reqtimeout > 0) if (pcb->upap.us_reqtimeout > 0)
TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout); TIMEOUT(upap_reqtimeout, pcb, pcb->upap.us_reqtimeout);
} }
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
/* /*
* upap_timeout - Retransmission timer for sending auth-reqs expired. * upap_timeout - Retransmission timer for sending auth-reqs expired.
*/ */
static void static void upap_timeout(void *arg) {
upap_timeout(arg) ppp_pcb *pcb = (ppp_pcb*)arg;
void *arg;
{
upap_state *u = (upap_state *) arg;
ppp_pcb *pcb = &ppp_pcb_list[u->us_unit];
if (u->us_clientstate != UPAPCS_AUTHREQ) if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ)
return; return;
if (u->us_transmits >= u->us_maxtransmits) { if (pcb->upap.us_transmits >= pcb->upap.us_maxtransmits) {
/* give up in disgust */ /* give up in disgust */
error("No response to PAP authenticate-requests"); error("No response to PAP authenticate-requests");
u->us_clientstate = UPAPCS_BADAUTH; pcb->upap.us_clientstate = UPAPCS_BADAUTH;
auth_withpeer_fail(pcb, PPP_PAP); auth_withpeer_fail(pcb, PPP_PAP);
return; return;
} }
upap_sauthreq(u); /* Send Authenticate-Request */ upap_sauthreq(pcb); /* Send Authenticate-Request */
} }
@ -243,17 +223,14 @@ upap_timeout(arg)
/* /*
* upap_reqtimeout - Give up waiting for the peer to send an auth-req. * upap_reqtimeout - Give up waiting for the peer to send an auth-req.
*/ */
static void static void upap_reqtimeout(void *arg) {
upap_reqtimeout(arg) ppp_pcb *pcb = (ppp_pcb*)arg;
void *arg;
{
upap_state *u = (upap_state *) arg;
if (u->us_serverstate != UPAPSS_LISTEN) if (pcb->upap.us_serverstate != UPAPSS_LISTEN)
return; /* huh?? */ return; /* huh?? */
auth_peer_fail(pcb, PPP_PAP); auth_peer_fail(pcb, PPP_PAP);
u->us_serverstate = UPAPSS_BADAUTH; pcb->upap.us_serverstate = UPAPSS_BADAUTH;
} }
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
@ -263,25 +240,22 @@ upap_reqtimeout(arg)
* *
* Start authenticating if pending. * Start authenticating if pending.
*/ */
static void static void upap_lowerup(int unit) {
upap_lowerup(unit) ppp_pcb *pcb = &ppp_pcb_list[unit];
int unit;
{
upap_state *u = &upap[unit];
if (u->us_clientstate == UPAPCS_INITIAL) if (pcb->upap.us_clientstate == UPAPCS_INITIAL)
u->us_clientstate = UPAPCS_CLOSED; pcb->upap.us_clientstate = UPAPCS_CLOSED;
else if (u->us_clientstate == UPAPCS_PENDING) { else if (pcb->upap.us_clientstate == UPAPCS_PENDING) {
upap_sauthreq(u); /* send an auth-request */ upap_sauthreq(pcb); /* send an auth-request */
} }
#if PPP_SERVER #if PPP_SERVER
if (u->us_serverstate == UPAPSS_INITIAL) if (pcb->upap.us_serverstate == UPAPSS_INITIAL)
u->us_serverstate = UPAPSS_CLOSED; pcb->upap.us_serverstate = UPAPSS_CLOSED;
else if (u->us_serverstate == UPAPSS_PENDING) { else if (pcb->upap.us_serverstate == UPAPSS_PENDING) {
u->us_serverstate = UPAPSS_LISTEN; pcb->upap.us_serverstate = UPAPSS_LISTEN;
if (u->us_reqtimeout > 0) if (pcb->upap.us_reqtimeout > 0)
TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout); TIMEOUT(upap_reqtimeout, u, pcb->upap.us_reqtimeout);
} }
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
} }
@ -292,22 +266,19 @@ upap_lowerup(unit)
* *
* Cancel all timeouts. * Cancel all timeouts.
*/ */
static void static void upap_lowerdown(int unit) {
upap_lowerdown(unit) ppp_pcb *pcb = &ppp_pcb_list[unit];
int unit;
{
upap_state *u = &upap[unit];
if (u->us_clientstate == UPAPCS_AUTHREQ) /* Timeout pending? */ if (pcb->upap.us_clientstate == UPAPCS_AUTHREQ) /* Timeout pending? */
UNTIMEOUT(upap_timeout, u); /* Cancel timeout */ UNTIMEOUT(upap_timeout, pcb); /* Cancel timeout */
#if PPP_SERVER #if PPP_SERVER
if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0) if (pcb->upap.us_serverstate == UPAPSS_LISTEN && pcb->upap.us_reqtimeout > 0)
UNTIMEOUT(upap_reqtimeout, u); UNTIMEOUT(upap_reqtimeout, u);
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
u->us_clientstate = UPAPCS_INITIAL; pcb->upap.us_clientstate = UPAPCS_INITIAL;
#if PPP_SERVER #if PPP_SERVER
u->us_serverstate = UPAPSS_INITIAL; pcb->upap.us_serverstate = UPAPSS_INITIAL;
#endif /* PPP_SERVER */ #endif /* PPP_SERVER */
} }
@ -317,19 +288,15 @@ upap_lowerdown(unit)
* *
* This shouldn't happen. In any case, pretend lower layer went down. * This shouldn't happen. In any case, pretend lower layer went down.
*/ */
static void static void upap_protrej(int unit) {
upap_protrej(unit) ppp_pcb *pcb = &ppp_pcb_list[unit];
int unit;
{
upap_state *u = &upap[unit];
ppp_pcb *pcb = &ppp_pcb_list[u->us_unit];
if (u->us_clientstate == UPAPCS_AUTHREQ) { if (pcb->upap.us_clientstate == UPAPCS_AUTHREQ) {
error("PAP authentication failed due to protocol-reject"); error("PAP authentication failed due to protocol-reject");
auth_withpeer_fail(pcb, PPP_PAP); auth_withpeer_fail(pcb, PPP_PAP);
} }
#if PPP_SERVER #if PPP_SERVER
if (u->us_serverstate == UPAPSS_LISTEN) { if (pcb->upap.us_serverstate == UPAPSS_LISTEN) {
error("PAP authentication of peer failed (protocol-reject)"); error("PAP authentication of peer failed (protocol-reject)");
auth_peer_fail(pcb, PPP_PAP); auth_peer_fail(pcb, PPP_PAP);
} }
@ -341,13 +308,8 @@ upap_protrej(unit)
/* /*
* upap_input - Input UPAP packet. * upap_input - Input UPAP packet.
*/ */
static void static void upap_input(int unit, u_char *inpacket, int l) {
upap_input(unit, inpacket, l) ppp_pcb *pcb = &ppp_pcb_list[unit];
int unit;
u_char *inpacket;
int l;
{
upap_state *u = &upap[unit];
u_char *inp; u_char *inp;
u_char code, id; u_char code, id;
int len; int len;
@ -380,16 +342,16 @@ upap_input(unit, inpacket, l)
switch (code) { switch (code) {
case UPAP_AUTHREQ: case UPAP_AUTHREQ:
#if 0 /* UNUSED */ #if 0 /* UNUSED */
upap_rauthreq(u, inp, id, len); upap_rauthreq(pcb, inp, id, len);
#endif /* UNUSED */ #endif /* UNUSED */
break; break;
case UPAP_AUTHACK: case UPAP_AUTHACK:
upap_rauthack(u, inp, id, len); upap_rauthack(pcb, inp, id, len);
break; break;
case UPAP_AUTHNAK: case UPAP_AUTHNAK:
upap_rauthnak(u, inp, id, len); upap_rauthnak(pcb, inp, id, len);
break; break;
default: /* XXX Need code reject */ default: /* XXX Need code reject */
@ -401,13 +363,7 @@ upap_input(unit, inpacket, l)
/* /*
* upap_rauth - Receive Authenticate. * upap_rauth - Receive Authenticate.
*/ */
static void static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) {
upap_rauthreq(u, inp, id, len)
upap_state *u;
u_char *inp;
int id;
int len;
{
u_char ruserlen, rpasswdlen; u_char ruserlen, rpasswdlen;
char *ruser, *rpasswd; char *ruser, *rpasswd;
char rhostname[256]; char rhostname[256];
@ -415,18 +371,18 @@ upap_rauthreq(u, inp, id, len)
char *msg; char *msg;
int msglen; int msglen;
if (u->us_serverstate < UPAPSS_LISTEN) if (pcb->upap.us_serverstate < UPAPSS_LISTEN)
return; return;
/* /*
* If we receive a duplicate authenticate-request, we are * If we receive a duplicate authenticate-request, we are
* supposed to return the same status as for the first request. * supposed to return the same status as for the first request.
*/ */
if (u->us_serverstate == UPAPSS_OPEN) { if (pcb->upap.us_serverstate == UPAPSS_OPEN) {
upap_sresp(u, UPAP_AUTHACK, id, "", 0); /* return auth-ack */ upap_sresp(u, UPAP_AUTHACK, id, "", 0); /* return auth-ack */
return; return;
} }
if (u->us_serverstate == UPAPSS_BADAUTH) { if (pcb->upap.us_serverstate == UPAPSS_BADAUTH) {
upap_sresp(u, UPAP_AUTHNAK, id, "", 0); /* return auth-nak */ upap_sresp(u, UPAP_AUTHNAK, id, "", 0); /* return auth-nak */
return; return;
} }
@ -456,7 +412,7 @@ upap_rauthreq(u, inp, id, len)
/* /*
* Check the username and password given. * Check the username and password given.
*/ */
retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd, retcode = check_passwd(pcb->upap.us_unit, ruser, ruserlen, rpasswd,
rpasswdlen, &msg); rpasswdlen, &msg);
BZERO(rpasswd, rpasswdlen); BZERO(rpasswd, rpasswdlen);
@ -484,16 +440,16 @@ upap_rauthreq(u, inp, id, len)
slprintf(rhostname, sizeof(rhostname), "%.*v", ruserlen, ruser); slprintf(rhostname, sizeof(rhostname), "%.*v", ruserlen, ruser);
if (retcode == UPAP_AUTHACK) { if (retcode == UPAP_AUTHACK) {
u->us_serverstate = UPAPSS_OPEN; pcb->upap.us_serverstate = UPAPSS_OPEN;
notice("PAP peer authentication succeeded for %q", rhostname); notice("PAP peer authentication succeeded for %q", rhostname);
auth_peer_success(pcb, PPP_PAP, 0, ruser, ruserlen); auth_peer_success(pcb, PPP_PAP, 0, ruser, ruserlen);
} else { } else {
u->us_serverstate = UPAPSS_BADAUTH; pcb->upap.us_serverstate = UPAPSS_BADAUTH;
warn("PAP peer authentication failed for %q", rhostname); warn("PAP peer authentication failed for %q", rhostname);
auth_peer_fail(pcb, PPP_PAP); auth_peer_fail(pcb, PPP_PAP);
} }
if (u->us_reqtimeout > 0) if (pcb->upap.us_reqtimeout > 0)
UNTIMEOUT(upap_reqtimeout, u); UNTIMEOUT(upap_reqtimeout, u);
} }
#endif /* UNUSED */ #endif /* UNUSED */
@ -501,18 +457,11 @@ upap_rauthreq(u, inp, id, len)
/* /*
* upap_rauthack - Receive Authenticate-Ack. * upap_rauthack - Receive Authenticate-Ack.
*/ */
static void static void upap_rauthack(ppp_pcb *pcb, u_char *inp, int id, int len) {
upap_rauthack(u, inp, id, len)
upap_state *u;
u_char *inp;
int id;
int len;
{
ppp_pcb *pcb = &ppp_pcb_list[u->us_unit];
u_char msglen; u_char msglen;
char *msg; char *msg;
if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */ if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ) /* XXX */
return; return;
/* /*
@ -533,7 +482,7 @@ upap_rauthack(u, inp, id, len)
} }
} }
u->us_clientstate = UPAPCS_OPEN; pcb->upap.us_clientstate = UPAPCS_OPEN;
auth_withpeer_success(pcb, PPP_PAP, 0); auth_withpeer_success(pcb, PPP_PAP, 0);
} }
@ -542,18 +491,11 @@ upap_rauthack(u, inp, id, len)
/* /*
* upap_rauthnak - Receive Authenticate-Nak. * upap_rauthnak - Receive Authenticate-Nak.
*/ */
static void static void upap_rauthnak(ppp_pcb *pcb, u_char *inp, int id, int len) {
upap_rauthnak(u, inp, id, len)
upap_state *u;
u_char *inp;
int id;
int len;
{
ppp_pcb *pcb = &ppp_pcb_list[u->us_unit];
u_char msglen; u_char msglen;
char *msg; char *msg;
if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */ if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ) /* XXX */
return; return;
/* /*
@ -574,7 +516,7 @@ upap_rauthnak(u, inp, id, len)
} }
} }
u->us_clientstate = UPAPCS_BADAUTH; pcb->upap.us_clientstate = UPAPCS_BADAUTH;
error("PAP authentication failed"); error("PAP authentication failed");
auth_withpeer_fail(pcb, PPP_PAP); auth_withpeer_fail(pcb, PPP_PAP);
@ -584,48 +526,37 @@ upap_rauthnak(u, inp, id, len)
/* /*
* upap_sauthreq - Send an Authenticate-Request. * upap_sauthreq - Send an Authenticate-Request.
*/ */
static void static void upap_sauthreq(ppp_pcb *pcb) {
upap_sauthreq(u)
upap_state *u;
{
ppp_pcb *pcb = &ppp_pcb_list[u->us_unit];
u_char *outp; u_char *outp;
int outlen; int outlen;
outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) + outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) +
u->us_userlen + u->us_passwdlen; pcb->upap.us_userlen + pcb->upap.us_passwdlen;
outp = outpacket_buf; outp = outpacket_buf;
MAKEHEADER(outp, PPP_PAP); MAKEHEADER(outp, PPP_PAP);
PUTCHAR(UPAP_AUTHREQ, outp); PUTCHAR(UPAP_AUTHREQ, outp);
PUTCHAR(++u->us_id, outp); PUTCHAR(++pcb->upap.us_id, outp);
PUTSHORT(outlen, outp); PUTSHORT(outlen, outp);
PUTCHAR(u->us_userlen, outp); PUTCHAR(pcb->upap.us_userlen, outp);
MEMCPY(outp, u->us_user, u->us_userlen); MEMCPY(outp, pcb->upap.us_user, pcb->upap.us_userlen);
INCPTR(u->us_userlen, outp); INCPTR(pcb->upap.us_userlen, outp);
PUTCHAR(u->us_passwdlen, outp); PUTCHAR(pcb->upap.us_passwdlen, outp);
MEMCPY(outp, u->us_passwd, u->us_passwdlen); MEMCPY(outp, pcb->upap.us_passwd, pcb->upap.us_passwdlen);
ppp_write(pcb, outpacket_buf, outlen + PPP_HDRLEN); ppp_write(pcb, outpacket_buf, outlen + PPP_HDRLEN);
TIMEOUT(upap_timeout, u, u->us_timeouttime); TIMEOUT(upap_timeout, pcb, pcb->upap.us_timeouttime);
++u->us_transmits; ++pcb->upap.us_transmits;
u->us_clientstate = UPAPCS_AUTHREQ; pcb->upap.us_clientstate = UPAPCS_AUTHREQ;
} }
#if 0 /* UNUSED */ #if 0 /* UNUSED */
/* /*
* upap_sresp - Send a response (ack or nak). * upap_sresp - Send a response (ack or nak).
*/ */
static void static void upap_sresp(ppp_pcb *pcb, u_char code, u_char id, char *msg, int msglen) {
upap_sresp(u, code, id, msg, msglen)
upap_state *u;
u_char code, id;
char *msg;
int msglen;
{
ppp_pcb *pcb = &ppp_pcb_list[u->us_unit];
u_char *outp; u_char *outp;
int outlen; int outlen;
@ -650,13 +581,7 @@ static char *upap_codenames[] = {
"AuthReq", "AuthAck", "AuthNak" "AuthReq", "AuthAck", "AuthNak"
}; };
static int static int upap_printpkt(u_char *p, int plen, void (*printer) (void *, char *, ...), void *arg) {
upap_printpkt(p, plen, printer, arg)
u_char *p;
int plen;
void (*printer) (void *, char *, ...);
void *arg;
{
int code, id, len; int code, id, len;
int mlen, ulen, wlen; int mlen, ulen, wlen;
char *user, *pwd, *msg; char *user, *pwd, *msg;

35
src/netif/ppp/upap.h
View File

@ -45,6 +45,11 @@
#include "lwip/opt.h" #include "lwip/opt.h"
#if PPP_SUPPORT && PAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ #if PPP_SUPPORT && PAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef UPAP_H
#define UPAP_H
#include "ppp.h"
/* /*
* Packet header = Code, id, length. * Packet header = Code, id, length.
*/ */
@ -59,27 +64,6 @@
#define UPAP_AUTHNAK 3 /* Authenticate-Nak */ #define UPAP_AUTHNAK 3 /* Authenticate-Nak */
/*
* Each interface is described by upap structure.
*/
typedef struct upap_state {
int us_unit; /* Interface unit number */
char *us_user; /* User */
int us_userlen; /* User length */
char *us_passwd; /* Password */
int us_passwdlen; /* Password length */
int us_clientstate; /* Client state */
#if PPP_SERVER
int us_serverstate; /* Server state */
#endif /* PPP_SERVER */
u_char us_id; /* Current id */
int us_timeouttime; /* Timeout (seconds) for auth-req retrans. */
int us_transmits; /* Number of auth-reqs sent */
int us_maxtransmits; /* Maximum number of auth-reqs to send */
int us_reqtimeout; /* Time to wait for auth-req from peer */
} upap_state;
/* /*
* Client states. * Client states.
*/ */
@ -109,11 +93,12 @@ typedef struct upap_state {
#endif /* moved to opt.h */ #endif /* moved to opt.h */
#define UPAP_DEFREQTIME 30 /* Time to wait for auth-req from peer */ #define UPAP_DEFREQTIME 30 /* Time to wait for auth-req from peer */
extern upap_state upap[]; void upap_authwithpeer(ppp_pcb *pcb, char *user, char *password);
#if PPP_SERVER
void upap_authwithpeer (int, char *, char *); void upap_authpeer(ppp_pcb *pcb);
void upap_authpeer (int); #endif /* PPP_SERVER */
extern struct protent pap_protent; extern struct protent pap_protent;
#endif /* UPAP_H */
#endif /* PPP_SUPPORT && PAP_SUPPORT */ #endif /* PPP_SUPPORT && PAP_SUPPORT */