PPP, SERVER: added PAP authentication support

New ppp auth function: auth_check_passwd() which check the user name and passwd against configuration. PAP: check remote user and password
2024-07-16 09:47:31 +00:00 · 2015-02-28 14:40:09 +01:00 · 2015-02-28 14:40:09 +01:00 · 301511a840
commit 301511a840
parent e86a0a4325
3 changed files with 38 additions and 12 deletions
--- a/src/include/netif/ppp/ppp_impl.h
+++ b/src/include/netif/ppp/ppp_impl.h
@ -550,6 +550,8 @@ void start_networks(ppp_pcb *pcb);    /* start all the network control protos */
 void continue_networks(ppp_pcb *pcb); /* start network [ip, etc] control protos */
 #if PPP_AUTH_SUPPORT
 #if PPP_SERVER
+int auth_check_passwd(ppp_pcb *pcb, char *auser, int userlen, char *apasswd, int passwdlen, const char **msg, int *msglen);
+                                /* check the user name and passwd against configuration */
 void auth_peer_fail(ppp_pcb *pcb, int protocol);
 				/* peer failed to authenticate itself */
 void auth_peer_success(ppp_pcb *pcb, int protocol, int prot_flavor, const char *name, int namelen);
--- a/src/netif/ppp/auth.c
+++ b/src/netif/ppp/auth.c
@ -995,6 +995,36 @@ void continue_networks(ppp_pcb *pcb) {

 #if PPP_AUTH_SUPPORT
 #if PPP_SERVER
+/*
+ * auth_check_passwd - Check the user name and passwd against configuration.
+ *
+ * returns:
+ *      0: Authentication failed.
+ *      1: Authentication succeeded.
+ * In either case, msg points to an appropriate message and msglen to the message len.
+ */
+int auth_check_passwd(ppp_pcb *pcb, char *auser, int userlen, char *apasswd, int passwdlen, const char **msg, int *msglen) {
+  int secretuserlen;
+  int secretpasswdlen;
+
+  if (pcb->settings.user && pcb->settings.passwd) {
+    secretuserlen = strlen(pcb->settings.user);
+    secretpasswdlen = strlen(pcb->settings.passwd);
+    if (secretuserlen == userlen
+        && secretpasswdlen == passwdlen
+        && !memcmp(auser, pcb->settings.user, userlen)
+        && !memcmp(apasswd, pcb->settings.passwd, passwdlen) ) {
+      *msg = "Login ok";
+      *msglen = sizeof("Login ok")-1;
+      return 1;
+    }
+  }
+
+  *msg = "Login incorrect";
+  *msglen = sizeof("Login incorrect")-1;
+  return 0;
+}
+
 /*
 * The peer has failed to authenticate himself using `protocol'.
 */
--- a/src/netif/ppp/upap.c
+++ b/src/netif/ppp/upap.c
@ -359,9 +359,7 @@ static void upap_input(ppp_pcb *pcb, u_char *inpacket, int l) {
 static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) {
    u_char ruserlen, rpasswdlen;
    char *ruser;
-#if 0
    char *rpasswd;
-#endif
    char rhostname[256];
    int retcode;
    const char *msg;
@ -404,17 +402,18 @@ static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) {
 	return;
    }

-    /* FIXME: we need a way to check peer secret */
-#if 0
    rpasswd = (char *) inp;

    /*
     * Check the username and password given.
     */
-    retcode = check_passwd(pcb->upap.us_unit, ruser, ruserlen, rpasswd,
-			   rpasswdlen, &msg);
+    retcode = UPAP_AUTHNAK;
+    if (auth_check_passwd(pcb, ruser, ruserlen, rpasswd, rpasswdlen, &msg, &msglen)) {
+      retcode = UPAP_AUTHACK;
+    }
    BZERO(rpasswd, rpasswdlen);

+#if 0 /* UNUSED */
    /*
     * Check remote number authorization.  A plugin may have filled in
     * the remote number or added an allowed number, and rather than
@ -431,12 +430,7 @@ static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) {
    msglen = strlen(msg);
    if (msglen > 255)
 	msglen = 255;
-#else
-    /* only here to clean compiler warnings */
-    retcode = UPAP_AUTHNAK;
-    msg = NULL;
-    msglen = 0;
-#endif /* 0 */
+#endif /* UNUSED */

    upap_sresp(pcb, retcode, id, msg, msglen);