From 301511a840a44c904d1bc82c6b5b20e954a13381 Mon Sep 17 00:00:00 2001 From: Sylvain Rochet Date: Sat, 28 Feb 2015 14:40:09 +0100 Subject: [PATCH] PPP, SERVER: added PAP authentication support New ppp auth function: auth_check_passwd() which check the user name and passwd against configuration. PAP: check remote user and password --- src/include/netif/ppp/ppp_impl.h | 2 ++ src/netif/ppp/auth.c | 30 ++++++++++++++++++++++++++++++ src/netif/ppp/upap.c | 18 ++++++------------ 3 files changed, 38 insertions(+), 12 deletions(-) diff --git a/src/include/netif/ppp/ppp_impl.h b/src/include/netif/ppp/ppp_impl.h index 4310aef3..8a531262 100644 --- a/src/include/netif/ppp/ppp_impl.h +++ b/src/include/netif/ppp/ppp_impl.h @@ -550,6 +550,8 @@ void start_networks(ppp_pcb *pcb); /* start all the network control protos */ void continue_networks(ppp_pcb *pcb); /* start network [ip, etc] control protos */ #if PPP_AUTH_SUPPORT #if PPP_SERVER +int auth_check_passwd(ppp_pcb *pcb, char *auser, int userlen, char *apasswd, int passwdlen, const char **msg, int *msglen); + /* check the user name and passwd against configuration */ void auth_peer_fail(ppp_pcb *pcb, int protocol); /* peer failed to authenticate itself */ void auth_peer_success(ppp_pcb *pcb, int protocol, int prot_flavor, const char *name, int namelen); diff --git a/src/netif/ppp/auth.c b/src/netif/ppp/auth.c index 2f29870a..3bafdb8a 100644 --- a/src/netif/ppp/auth.c +++ b/src/netif/ppp/auth.c @@ -995,6 +995,36 @@ void continue_networks(ppp_pcb *pcb) { #if PPP_AUTH_SUPPORT #if PPP_SERVER +/* + * auth_check_passwd - Check the user name and passwd against configuration. + * + * returns: + * 0: Authentication failed. + * 1: Authentication succeeded. + * In either case, msg points to an appropriate message and msglen to the message len. + */ +int auth_check_passwd(ppp_pcb *pcb, char *auser, int userlen, char *apasswd, int passwdlen, const char **msg, int *msglen) { + int secretuserlen; + int secretpasswdlen; + + if (pcb->settings.user && pcb->settings.passwd) { + secretuserlen = strlen(pcb->settings.user); + secretpasswdlen = strlen(pcb->settings.passwd); + if (secretuserlen == userlen + && secretpasswdlen == passwdlen + && !memcmp(auser, pcb->settings.user, userlen) + && !memcmp(apasswd, pcb->settings.passwd, passwdlen) ) { + *msg = "Login ok"; + *msglen = sizeof("Login ok")-1; + return 1; + } + } + + *msg = "Login incorrect"; + *msglen = sizeof("Login incorrect")-1; + return 0; +} + /* * The peer has failed to authenticate himself using `protocol'. */ diff --git a/src/netif/ppp/upap.c b/src/netif/ppp/upap.c index cdc9ce34..c6728a60 100644 --- a/src/netif/ppp/upap.c +++ b/src/netif/ppp/upap.c @@ -359,9 +359,7 @@ static void upap_input(ppp_pcb *pcb, u_char *inpacket, int l) { static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) { u_char ruserlen, rpasswdlen; char *ruser; -#if 0 char *rpasswd; -#endif char rhostname[256]; int retcode; const char *msg; @@ -404,17 +402,18 @@ static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) { return; } - /* FIXME: we need a way to check peer secret */ -#if 0 rpasswd = (char *) inp; /* * Check the username and password given. */ - retcode = check_passwd(pcb->upap.us_unit, ruser, ruserlen, rpasswd, - rpasswdlen, &msg); + retcode = UPAP_AUTHNAK; + if (auth_check_passwd(pcb, ruser, ruserlen, rpasswd, rpasswdlen, &msg, &msglen)) { + retcode = UPAP_AUTHACK; + } BZERO(rpasswd, rpasswdlen); +#if 0 /* UNUSED */ /* * Check remote number authorization. A plugin may have filled in * the remote number or added an allowed number, and rather than @@ -431,12 +430,7 @@ static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) { msglen = strlen(msg); if (msglen > 255) msglen = 255; -#else - /* only here to clean compiler warnings */ - retcode = UPAP_AUTHNAK; - msg = NULL; - msglen = 0; -#endif /* 0 */ +#endif /* UNUSED */ upap_sresp(pcb, retcode, id, msg, msglen);