mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-06-30 18:09:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

reorganised PPP sourcecode to 2.3.11 including some bugfix backports from 2.4.x.

Browse Source
This commit is contained in:
goldsimon 2010-01-18 20:49:43 +00:00
parent e0c5c4de88
commit 972ca9e6c1
12 changed files with 688 additions and 263 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@ -50,6 +50,10 @@ HISTORY
++ Bugfixes:
2010-01-18: Iordan Neshev/Simon Goldschmidt
* src/netif/ppp: reorganised PPP sourcecode to 2.3.11 including some
bugfix backports from 2.4.x.
2010-01-18: Simon Goldschmidt
* mem.c: Fixed bug #28679: mem_realloc calculates mem_stats wrong

687
src/netif/ppp/auth.c
View File

@ -84,63 +84,14 @@
#include <string.h>
/*************************/
/*** LOCAL DEFINITIONS ***/
/*************************/
#if 0 /* UNUSED */
/* Bits in scan_authfile return value */
#define NONWILD_SERVER 1
#define NONWILD_CLIENT 2
/* Bits in auth_pending[] */
#define PAP_WITHPEER 1
#define PAP_PEER 2
#define CHAP_WITHPEER 4
#define CHAP_PEER 8
#define ISWILD(word) (word[0] == '*' && word[1] == 0)
#endif /* UNUSED */
/************************/
/*** LOCAL DATA TYPES ***/
/************************/
/* Used for storing a sequence of words. Usually malloced. */
struct wordlist {
struct wordlist *next;
char word[1];
};
/***********************************/
/*** LOCAL FUNCTION DECLARATIONS ***/
/***********************************/
extern char *crypt (const char *, const char *);
/* Prototypes for procedures local to this file. */
static void network_phase (int);
static void check_idle (void *);
static void connect_time_expired (void *);
#if 0
static int login (char *, char *, char **, int *);
#endif
static void logout (void);
static int null_login (int);
static int get_pap_passwd (int, char *, char *);
static int have_pap_secret (void);
static int have_chap_secret (char *, char *, u32_t);
static int ip_addr_check (u32_t, struct wordlist *);
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
static void set_allowed_addrs(int unit, struct wordlist *addrs);
static void free_wordlist (struct wordlist *);
#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
#if CBCP_SUPPORT
static void callback_phase (int);
#endif /* CBCP_SUPPORT */
/******************************/
/*** PUBLIC DATA STRUCTURES ***/
/******************************/
/*****************************/
/*** LOCAL DATA STRUCTURES ***/
/*****************************/
#if PAP_SUPPORT || CHAP_SUPPORT
/* The name by which the peer authenticated itself to us. */
static char peer_authname[MAXNAMELEN];
@ -149,15 +100,24 @@ static char peer_authname[MAXNAMELEN];
/* Records which authentication operations haven't completed yet. */
static int auth_pending[NUM_PPP];
/* Set if we have successfully called login() */
/* Set if we have successfully called plogin() */
static int logged_in;
/* Set if we have run the /etc/ppp/auth-up script. */
static int did_authup;
static int did_authup; /* @todo, we don't need this in lwip*/
/* List of addresses which the peer may use. */
static struct wordlist *addresses[NUM_PPP];
#if 0 /* UNUSED */
/* Wordlist giving addresses which the peer may use
without authenticating itself. */
static struct wordlist *noauth_addrs;
/* Extra options to apply, from the secrets file entry for the peer. */
static struct wordlist *extra_options;
#endif /* UNUSED */
/* Number of network protocols which we have opened. */
static int num_np_open;
@ -169,10 +129,244 @@ static int num_np_up;
static int passwd_from_file;
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
#if 0 /* UNUSED */
/* Set if we require authentication only because we have a default route. */
static bool default_auth;
/* Hook to enable a plugin to control the idle time limit */
int (*idle_time_hook) __P((struct ppp_idle *)) = NULL;
/* Hook for a plugin to say whether we can possibly authenticate any peer */
int (*pap_check_hook) __P((void)) = NULL;
/* Hook for a plugin to check the PAP user and password */
int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp,
struct wordlist **paddrs,
struct wordlist **popts)) = NULL;
/* Hook for a plugin to know about the PAP user logout */
void (*pap_logout_hook) __P((void)) = NULL;
/* Hook for a plugin to get the PAP password for authenticating us */
int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL;
/*
* This is used to ensure that we don't start an auth-up/down
* script while one is already running.
*/
enum script_state {
s_down,
s_up
};
static enum script_state auth_state = s_down;
static enum script_state auth_script_state = s_down;
static pid_t auth_script_pid = 0;
/*
* Option variables.
* lwip: some of these are present in the ppp_settings structure
*/
bool uselogin = 0; /* Use /etc/passwd for checking PAP */
bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */
bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */
bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */
bool usehostname = 0; /* Use hostname for our_name */
bool auth_required = 0; /* Always require authentication from peer */
bool allow_any_ip = 0; /* Allow peer to use any IP address */
bool explicit_remote = 0; /* User specified explicit remote name */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
#endif /* UNUSED */
/* Bits in auth_pending[] */
#define PAP_WITHPEER 1
#define PAP_PEER 2
#define CHAP_WITHPEER 4
#define CHAP_PEER 8
/* @todo, move this somewhere */
/* Used for storing a sequence of words. Usually malloced. */
struct wordlist {
struct wordlist *next;
char word[1];
};
extern char *crypt (const char *, const char *);
/* Prototypes for procedures local to this file. */
static void network_phase (int);
static void check_idle (void *);
static void connect_time_expired (void *);
#if 0
static int plogin (char *, char *, char **, int *);
#endif
static void plogout (void);
static int null_login (int);
static int get_pap_passwd (int, char *, char *);
static int have_pap_secret (void);
static int have_chap_secret (char *, char *, u32_t);
static int ip_addr_check (u32_t, struct wordlist *);
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
static int scan_authfile (FILE *, char *, char *, char *,
struct wordlist **, struct wordlist **,
char *);
static void free_wordlist (struct wordlist *);
static void auth_script (char *);
static void auth_script_done (void *);
static void set_allowed_addrs (int unit, struct wordlist *addrs);
static int some_ip_ok (struct wordlist *);
static int setupapfile (char **);
static int privgroup (char **);
static int set_noauth_addr (char **);
static void check_access (FILE *, char *);
#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
#if 0 /* UNUSED */
/*
* Authentication-related options.
*/
option_t auth_options[] = {
{ "require-pap", o_bool, &lcp_wantoptions[0].neg_upap,
"Require PAP authentication from peer", 1, &auth_required },
{ "+pap", o_bool, &lcp_wantoptions[0].neg_upap,
"Require PAP authentication from peer", 1, &auth_required },
{ "refuse-pap", o_bool, &refuse_pap,
"Don't agree to auth to peer with PAP", 1 },
{ "-pap", o_bool, &refuse_pap,
"Don't allow PAP authentication with peer", 1 },
{ "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
"Require CHAP authentication from peer", 1, &auth_required },
{ "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
"Require CHAP authentication from peer", 1, &auth_required },
{ "refuse-chap", o_bool, &refuse_chap,
"Don't agree to auth to peer with CHAP", 1 },
{ "-chap", o_bool, &refuse_chap,
"Don't allow CHAP authentication with peer", 1 },
{ "name", o_string, our_name,
"Set local name for authentication",
OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN },
{ "user", o_string, user,
"Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN },
{ "usehostname", o_bool, &usehostname,
"Must use hostname for authentication", 1 },
{ "remotename", o_string, remote_name,
"Set remote name for authentication", OPT_STATIC,
&explicit_remote, MAXNAMELEN },
{ "auth", o_bool, &auth_required,
"Require authentication from peer", 1 },
{ "noauth", o_bool, &auth_required,
"Don't require peer to authenticate", OPT_PRIV, &allow_any_ip },
{ "login", o_bool, &uselogin,
"Use system password database for PAP", 1 },
{ "papcrypt", o_bool, &cryptpap,
"PAP passwords are encrypted", 1 },
{ "+ua", o_special, (void *)setupapfile,
"Get PAP user and password from file" },
{ "password", o_string, passwd,
"Password for authenticating us to the peer", OPT_STATIC,
NULL, MAXSECRETLEN },
{ "privgroup", o_special, (void *)privgroup,
"Allow group members to use privileged options", OPT_PRIV },
{ "allow-ip", o_special, (void *)set_noauth_addr,
"Set IP address(es) which can be used without authentication",
OPT_PRIV },
{ NULL }
};
#endif /* UNUSED */
#if 0 /* UNUSED */
/*
* setupapfile - specifies UPAP info for authenticating with peer.
*/
static int
setupapfile(char **argv)
{
FILE * ufile;
int l;
lcp_allowoptions[0].neg_upap = 1;
/* open user info file */
seteuid(getuid());
ufile = fopen(*argv, "r");
seteuid(0);
if (ufile == NULL) {
option_error("unable to open user login data file %s", *argv);
return 0;
}
check_access(ufile, *argv);
/* get username */
if (fgets(user, MAXNAMELEN - 1, ufile) == NULL
|| fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){
option_error("unable to read user login data file %s", *argv);
return 0;
}
fclose(ufile);
/* get rid of newlines */
l = strlen(user);
if (l > 0 && user[l-1] == '\n')
user[l-1] = 0;
l = strlen(passwd);
if (l > 0 && passwd[l-1] == '\n')
passwd[l-1] = 0;
return (1);
}
#endif /* UNUSED */
#if 0 /* UNUSED */
/*
* privgroup - allow members of the group to have privileged access.
*/
static int
privgroup(char **argv)
{
struct group *g;
int i;
g = getgrnam(*argv);
if (g == 0) {
option_error("group %s is unknown", *argv);
return 0;
}
for (i = 0; i < ngroups; ++i) {
if (groups[i] == g->gr_gid) {
privileged = 1;
break;
}
}
return 1;
}
#endif
#if 0 /* UNUSED */
/*
* set_noauth_addr - set address(es) that can be used without authentication.
* Equivalent to specifying an entry like `"" * "" addr' in pap-secrets.
*/
static int
set_noauth_addr(char **argv)
{
char *addr = *argv;
int l = strlen(addr);
struct wordlist *wp;
wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l + 1);
if (wp == NULL)
novm("allow-ip argument");
wp->word = (char *) (wp + 1);
wp->next = noauth_addrs;
BCOPY(addr, wp->word, l);
noauth_addrs = wp;
return 1;
}
#endif /* UNUSED */
/***********************************/
/*** PUBLIC FUNCTION DEFINITIONS ***/
/***********************************/
/*
* An Open on LCP has requested a change from Dead to Establish phase.
* Do what's necessary to bring the physical layer up.
@ -197,7 +391,7 @@ link_terminated(int unit)
return;
}
if (logged_in) {
logout();
plogout();
}
lcp_phase[unit] = PHASE_DEAD;
AUTHDEBUG((LOG_NOTICE, "Connection terminated.\n"));
@ -212,8 +406,9 @@ link_down(int unit)
{
int i;
struct protent *protp;
AUTHDEBUG((LOG_INFO, "link_down: %d\n", unit));
if (did_authup) {
/* XXX Do link down processing. */
did_authup = 0;
@ -229,8 +424,9 @@ link_down(int unit)
(*protp->close)(unit, "LCP down");
}
}
num_np_open = 0;
num_np_up = 0;
num_np_open = 0; /* number of network protocols we have opened */
num_np_up = 0; /* Number of network protocols which have come up */
if (lcp_phase[unit] != PHASE_DEAD) {
lcp_phase[unit] = PHASE_TERMINATE;
}
@ -253,7 +449,7 @@ link_established(int unit)
lcp_options *ho = &lcp_hisoptions[unit];
#endif /* PAP_SUPPORT || CHAP_SUPPORT */
AUTHDEBUG((LOG_INFO, "link_established: %d\n", unit));
AUTHDEBUG((LOG_INFO, "link_established: unit %d; Lowering up all protocols...\n", unit));
/*
* Tell higher-level protocols that LCP is up.
*/
@ -274,7 +470,7 @@ link_established(int unit)
return;
}
}
lcp_phase[unit] = PHASE_AUTHENTICATE;
auth = 0;
#if CHAP_SUPPORT
@ -329,7 +525,7 @@ network_phase(int unit)
int i;
struct protent *protp;
lcp_options *go = &lcp_gotoptions[unit];
/*
* If the peer had to authenticate, run the auth-up script now.
*/
@ -364,6 +560,7 @@ network_phase(int unit)
lcp_close(0, "No network protocols running");
}
}
/* @todo: add void start_networks(void) here (pppd 2.3.11) */
/*
* The peer has failed to authenticate himself using `protocol'.
@ -389,7 +586,7 @@ void
auth_peer_success(int unit, u16_t protocol, char *name, int namelen)
{
int pbit;
AUTHDEBUG((LOG_INFO, "auth_peer_success: %d proto=%X\n", unit, protocol));
switch (protocol) {
case PPP_CHAP:
@ -402,7 +599,7 @@ auth_peer_success(int unit, u16_t protocol, char *name, int namelen)
AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol));
return;
}
/*
* Save the authenticated name of the peer for later.
*/
@ -428,7 +625,7 @@ void
auth_withpeer_fail(int unit, u16_t protocol)
{
int errCode = PPPERR_AUTHFAIL;
LWIP_UNUSED_ARG(protocol);
AUTHDEBUG((LOG_INFO, "auth_withpeer_fail: %d proto=%X\n", unit, protocol));
@ -458,7 +655,7 @@ void
auth_withpeer_success(int unit, u16_t protocol)
{
int pbit;
AUTHDEBUG((LOG_INFO, "auth_withpeer_success: %d proto=%X\n", unit, protocol));
switch (protocol) {
case PPP_CHAP:
@ -474,7 +671,7 @@ auth_withpeer_success(int unit, u16_t protocol)
AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol));
pbit = 0;
}
/*
* If there is no more authentication still being done,
* proceed to the network (or callback) phase.
@ -504,7 +701,7 @@ np_up(int unit, u16_t proto)
if (ppp_settings.idle_time_limit > 0) {
TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit);
}
/*
* Set a timeout to close the connection once the maximum
* connect time has expired.
@ -624,7 +821,7 @@ auth_check_options(void)
ppp_panic("No auth secret");
}
}
#endif
#endif /* UNUSED */
/*
* auth_reset - called when LCP is starting negotiations to recheck
@ -736,14 +933,149 @@ check_passwd( int unit, char *auser, int userlen, char *apasswd, int passwdlen,
}
#endif /* PAP_SUPPORT */
#if 0 /* UNUSED */
/*
* This function is needed for PAM.
*/
#ifdef USE_PAM
/* lwip does not support PAM*/
#endif /* USE_PAM */
#endif /* UNUSED */
#if 0 /* UNUSED */
/*
* plogin - Check the user name and password against the system
* password database, and login the user if OK.
*
* returns:
* UPAP_AUTHNAK: Login failed.
* UPAP_AUTHACK: Login succeeded.
* In either case, msg points to an appropriate message.
*/
static int
plogin(char *user, char *passwd, char **msg, int *msglen)
{
LWIP_UNUSED_ARG(user);
LWIP_UNUSED_ARG(passwd);
LWIP_UNUSED_ARG(msg);
LWIP_UNUSED_ARG(msglen);
/* The new lines are here align the file when
* compared against the pppd 2.3.11 code */
/* XXX Fail until we decide that we want to support logins. */
return (UPAP_AUTHNAK);
}
#endif
/*
* plogout - Logout the user.
*/
static void
plogout(void)
{
logged_in = 0;
}
/*
* null_login - Check if a username of "" and a password of "" are
* acceptable, and iff so, set the list of acceptable IP addresses
* and return 1.
*/
static int
null_login(int unit)
{
LWIP_UNUSED_ARG(unit);
/* XXX Fail until we decide that we want to support logins. */
return 0;
}
/*
* get_pap_passwd - get a password for authenticating ourselves with
* our peer using PAP. Returns 1 on success, 0 if no suitable password
* could be found.
*/
static int
get_pap_passwd(int unit, char *user, char *passwd)
{
LWIP_UNUSED_ARG(unit);
/* normally we would reject PAP if no password is provided,
but this causes problems with some providers (like CHT in Taiwan)
who incorrectly request PAP and expect a bogus/empty password, so
always provide a default user/passwd of "none"/"none"
@todo: This should be configured by the user, instead of being hardcoded here!
*/
if(user) {
strcpy(user, "none");
}
if(passwd) {
strcpy(passwd, "none");
}
return 1;
}
/*
* have_pap_secret - check whether we have a PAP file with any
* secrets that we could possibly use for authenticating the peer.
*/
static int
have_pap_secret(void)
{
/* XXX Fail until we set up our passwords. */
return 0;
}
/*
* have_chap_secret - check whether we have a CHAP file with a
* secret that we could possibly use for authenticating `client'
* on `server'. Either can be the null string, meaning we don't
* know the identity yet.
*/
static int
have_chap_secret(char *client, char *server, u32_t remote)
{
LWIP_UNUSED_ARG(client);
LWIP_UNUSED_ARG(server);
LWIP_UNUSED_ARG(remote);
/* XXX Fail until we set up our passwords. */
return 0;
}
#if CHAP_SUPPORT
/*
* get_secret - open the CHAP secret file and return the secret
* for authenticating the given client on the given server.
* (We could be either client or server).
*/
int get_secret( int unit, char *client, char *server, char *secret, int *secret_len, int save_addrs)
int
get_secret(int unit, char *client, char *server, char *secret, int *secret_len, int save_addrs)
{
#if 1
int len;
@ -801,97 +1133,6 @@ int get_secret( int unit, char *client, char *server, char *secret, int *secret_
}
#endif /* CHAP_SUPPORT */
#if 0
/*
* login - Check the user name and password against the system
* password database, and login the user if OK.
*
* returns:
* UPAP_AUTHNAK: Login failed.
* UPAP_AUTHACK: Login succeeded.
* In either case, msg points to an appropriate message.
*/
static int
login(char *user, char *passwd, char **msg, int *msglen)
{
/* XXX Fail until we decide that we want to support logins. */
return (UPAP_AUTHNAK);
}
#endif
/*
* logout - Logout the user.
*/
static void
logout(void)
{
logged_in = 0;
}
/*
* null_login - Check if a username of "" and a password of "" are
* acceptable, and iff so, set the list of acceptable IP addresses
* and return 1.
*/
static int
null_login(int unit)
{
LWIP_UNUSED_ARG(unit);
/* XXX Fail until we decide that we want to support logins. */
return 0;
}
/*
* get_pap_passwd - get a password for authenticating ourselves with
* our peer using PAP. Returns 1 on success, 0 if no suitable password
* could be found.
*/
static int
get_pap_passwd(int unit, char *user, char *passwd)
{
LWIP_UNUSED_ARG(unit);
/* normally we would reject PAP if no password is provided,
but this causes problems with some providers (like CHT in Taiwan)
who incorrectly request PAP and expect a bogus/empty password, so
always provide a default user/passwd of "none"/"none"
@todo: This should be configured by the user, instead of being hardcoded here!
*/
if(user) {
strcpy(user, "none");
}
if(passwd) {
strcpy(passwd, "none");
}
return 1;
}
/*
* have_pap_secret - check whether we have a PAP file with any
* secrets that we could possibly use for authenticating the peer.
*/
static int
have_pap_secret(void)
{
/* XXX Fail until we set up our passwords. */
return 0;
}
/*
* have_chap_secret - check whether we have a CHAP file with a
* secret that we could possibly use for authenticating `client'
* on `server'. Either can be the null string, meaning we don't
* know the identity yet.
*/
static int
have_chap_secret(char *client, char *server, u32_t remote)
{
LWIP_UNUSED_ARG(client);
LWIP_UNUSED_ARG(server);
LWIP_UNUSED_ARG(remote);
/* XXX Fail until we set up our passwords. */
return 0;
}
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
/*
@ -942,7 +1183,7 @@ auth_ip_addr(int unit, u32_t addr)
return ip_addr_check(addr, addresses[unit]);
}
static int
static int /* @todo: integrate this funtion into auth_ip_addr()*/
ip_addr_check(u32_t addr, struct wordlist *addrs)
{
/* don't allow loopback or multicast address */
@ -971,7 +1212,58 @@ bad_ip_adrs(u32_t addr)
|| IN_MULTICAST(addr) || IN_BADCLASS(addr);
}
#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */
#if 0 /* UNUSED */ /* PAP_SUPPORT || CHAP_SUPPORT */
/*
* some_ip_ok - check a wordlist to see if it authorizes any
* IP address(es).
*/
static int
some_ip_ok(struct wordlist *addrs)
{
for (; addrs != 0; addrs = addrs->next) {
if (addrs->word[0] == '-')
break;
if (addrs->word[0] != '!')
return 1; /* some IP address is allowed */
}
return 0;
}
/*
* check_access - complain if a secret file has too-liberal permissions.
*/
static void
check_access(FILE *f, char *filename)
{
struct stat sbuf;
if (fstat(fileno(f), &sbuf) < 0) {
warn("cannot stat secret file %s: %m", filename);
} else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
warn("Warning - secret file %s has world and/or group access",
filename);
}
}
/*
* scan_authfile - Scan an authorization file for a secret suitable
* for authenticating `client' on `server'. The return value is -1
* if no secret is found, otherwise >= 0. The return value has
* NONWILD_CLIENT set if the secret didn't have "*" for the client, and
* NONWILD_SERVER set if the secret didn't have "*" for the server.
* Any following words on the line up to a "--" (i.e. address authorization
* info) are placed in a wordlist and returned in *addrs. Any
* following words (extra options) are placed in a wordlist and
* returned in *opts.
* We assume secret is NULL or points to MAXWORDLEN bytes of space.
*/
static int
scan_authfile(FILE *f, char *client, char *server, char *secret, struct wordlist **addrs, struct wordlist **opts, char *filename)
{
/* We do not (currently) need this in lwip */
return 0; /* dummy */
}
/*
* free_wordlist - release memory allocated for a wordlist.
*/
@ -979,13 +1271,68 @@ static void
free_wordlist(struct wordlist *wp)
{
struct wordlist *next;
while (wp != NULL) {
next = wp->next;
free(wp);
wp = next;
}
}
#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
/*
* auth_script_done - called when the auth-up or auth-down script
* has finished.
*/
static void
auth_script_done(void *arg)
{
auth_script_pid = 0;
switch (auth_script_state) {
case s_up:
if (auth_state == s_down) {
auth_script_state = s_down;
auth_script(_PATH_AUTHDOWN);
}
break;
case s_down:
if (auth_state == s_up) {
auth_script_state = s_up;
auth_script(_PATH_AUTHUP);
}
break;
}
}
/*
* auth_script - execute a script with arguments
* interface-name peer-name real-user tty speed
*/
static void
auth_script(char *script)
{
char strspeed[32];
struct passwd *pw;
char struid[32];
char *user_name;
char *argv[8];
if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL)
user_name = pw->pw_name;
else {
slprintf(struid, sizeof(struid), "%d", getuid());
user_name = struid;
}
slprintf(strspeed, sizeof(strspeed), "%d", baud_rate);
argv[0] = script;
argv[1] = ifname;
argv[2] = peer_authname;
argv[3] = user_name;
argv[4] = devnam;
argv[5] = strspeed;
argv[6] = NULL;
auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL);
}
#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */
#endif /* PPP_SUPPORT */

62
src/netif/ppp/chap.c
View File

@ -84,6 +84,25 @@
#include <string.h>
#if 0 /* UNUSED */
/*
* Command-line options.
*/
static option_t chap_option_list[] = {
{ "chap-restart", o_int, &chap[0].timeouttime,
"Set timeout for CHAP" },
{ "chap-max-challenge", o_int, &chap[0].max_transmits,
"Set max #xmits for challenge" },
{ "chap-interval", o_int, &chap[0].chal_interval,
"Set interval for rechallenge" },
#ifdef MSLANMAN
{ "ms-lanman", o_bool, &ms_lanman,
"Use LanMan passwd when using MS-CHAP", 1 },
#endif
{ NULL }
};
#endif /* UNUSED */
/*
* Protocol entry points.
*/
@ -331,7 +350,7 @@ ChapProtocolReject(int unit)
}
if (cstate->clientstate != CHAPCS_INITIAL &&
cstate->clientstate != CHAPCS_CLOSED) {
auth_withpeer_fail(unit, PPP_CHAP);
auth_withpeer_fail(unit, PPP_CHAP); /* lwip: just sets the PPP error code on this unit to PPPERR_AUTHFAIL */
}
ChapLowerDown(unit); /* shutdown chap */
}
@ -410,7 +429,7 @@ ChapReceiveChallenge(chap_state *cstate, u_char *inp, int id, int len)
char rhostname[256];
MD5_CTX mdContext;
u_char hash[MD5_SIGNATURE_SIZE];
CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.\n", id));
if (cstate->clientstate == CHAPCS_CLOSED ||
cstate->clientstate == CHAPCS_PENDING) {
@ -508,7 +527,7 @@ ChapReceiveResponse(chap_state *cstate, u_char *inp, int id, int len)
MD5_CTX mdContext;
char secret[MAXSECRETLEN];
u_char hash[MD5_SIGNATURE_SIZE];
CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.\n", id));
if (cstate->serverstate == CHAPSS_CLOSED ||
@ -680,7 +699,7 @@ ChapReceiveFailure(chap_state *cstate, u_char *inp, u_char id, int len)
}
CHAPDEBUG((LOG_ERR, "CHAP authentication failed\n"));
auth_withpeer_fail(cstate->unit, PPP_CHAP);
auth_withpeer_fail(cstate->unit, PPP_CHAP); /* lwip: just sets the PPP error code on this unit to PPPERR_AUTHFAIL */
}
@ -698,21 +717,21 @@ ChapSendChallenge(chap_state *cstate)
name_len = strlen(cstate->chal_name);
outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len;
outp = outpacket_buf[cstate->unit];
MAKEHEADER(outp, PPP_CHAP); /* paste in a CHAP header */
PUTCHAR(CHAP_CHALLENGE, outp);
PUTCHAR(cstate->chal_id, outp);
PUTSHORT(outlen, outp);
PUTCHAR(chal_len, outp); /* put length of challenge */
BCOPY(cstate->challenge, outp, chal_len);
INCPTR(chal_len, outp);
BCOPY(cstate->chal_name, outp, name_len); /* append hostname */
pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.\n", cstate->chal_id));
TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime);
@ -729,17 +748,17 @@ ChapSendStatus(chap_state *cstate, int code)
u_char *outp;
int outlen, msglen;
char msg[256]; /* @todo: this can be a char*, no strcpy needed */
if (code == CHAP_SUCCESS) {
strcpy(msg, "Welcome!");
} else {
strcpy(msg, "I don't like you. Go 'way.");
}
msglen = strlen(msg);
outlen = CHAP_HEADERLEN + msglen;
outp = outpacket_buf[cstate->unit];
MAKEHEADER(outp, PPP_CHAP); /* paste in a header */
PUTCHAR(code, outp);
@ -747,7 +766,7 @@ ChapSendStatus(chap_state *cstate, int code)
PUTSHORT(outlen, outp);
BCOPY(msg, outp, msglen);
pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.\n", code,
cstate->chal_id));
}
@ -765,7 +784,7 @@ ChapGenChallenge(chap_state *cstate)
int chal_len;
u_char *ptr = cstate->challenge;
int i;
/* pick a random challenge length between MIN_CHALLENGE_LENGTH and
MAX_CHALLENGE_LENGTH */
chal_len = (unsigned)
@ -775,7 +794,7 @@ ChapGenChallenge(chap_state *cstate)
cstate->chal_len = chal_len;
cstate->chal_id = ++cstate->id;
cstate->chal_transmits = 0;
/* generate a random string */
for (i = 0; i < chal_len; i++ ) {
*ptr++ = (char) (magic() & 0xff);
@ -792,12 +811,12 @@ ChapSendResponse(chap_state *cstate)
{
u_char *outp;
int outlen, md_len, name_len;
md_len = cstate->resp_length;
name_len = strlen(cstate->resp_name);
outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len;
outp = outpacket_buf[cstate->unit];
MAKEHEADER(outp, PPP_CHAP);
PUTCHAR(CHAP_RESPONSE, outp); /* we are a response */
@ -807,12 +826,12 @@ ChapSendResponse(chap_state *cstate)
PUTCHAR(md_len, outp); /* length of MD */
BCOPY(cstate->response, outp, md_len); /* copy MD to buffer */
INCPTR(md_len, outp);
BCOPY(cstate->resp_name, outp, name_len); /* append our name */
/* send the packet */
pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
cstate->clientstate = CHAPCS_RESPONSE;
TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime);
++cstate->resp_transmits;
@ -831,7 +850,7 @@ ChapPrintPkt( u_char *p, int plen, void (*printer) (void *, char *, ...), void *
int code, id, len;
int clen, nlen;
u_char x;
if (plen < CHAP_HEADERLEN) {
return 0;
}
@ -841,6 +860,7 @@ ChapPrintPkt( u_char *p, int plen, void (*printer) (void *, char *, ...), void *
if (len < CHAP_HEADERLEN || len > plen) {
return 0;
}
if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *)) {
printer(arg, " %s", ChapCodenames[code-1]);
} else {

1
src/netif/ppp/chpms.c
View File

@ -328,6 +328,7 @@ ChapMS_NT( char *rchallenge,
low_byte_first = (htons((unsigned short int)1) != 1);
}
if (low_byte_first == 0) {
/* @todo: arg type - u_long* or u_int* ? */
MDreverse((unsigned int*)&md4Context); /* sfb 961105 */
}

22
src/netif/ppp/fsm.c
View File

@ -143,7 +143,7 @@ fsm_lowerup(fsm *f)
FSMDEBUG((LOG_INFO, "%s: Up event in state %d (%s)!\n",
PROTO_NAME(f), f->state, ppperr_strerr[f->state]));
}
FSMDEBUG((LOG_INFO, "%s: lowerup state %d (%s) -> %d (%s)\n",
PROTO_NAME(f), oldState, ppperr_strerr[oldState], f->state, ppperr_strerr[f->state]));
}
@ -247,6 +247,19 @@ fsm_open(fsm *f)
PROTO_NAME(f), oldState, ppperr_strerr[oldState], f->state, ppperr_strerr[f->state]));
}
#if 0 /* backport pppd 2.4.4b1; */
/*
* terminate_layer - Start process of shutting down the FSM
*
* Cancel any timeout running, notify upper layers we're done, and
* send a terminate-request message as configured.
*/
static void
terminate_layer(fsm *f, int nextstate)
{
/* @todo */
}
#endif
/*
* fsm_close - Start closing connection.
@ -432,6 +445,7 @@ fsm_input(fsm *f, u_char *inpacket, int l)
break;
default:
FSMDEBUG((LOG_INFO, "fsm_input(%s): default: \n", PROTO_NAME(f)));
if( !f->callbacks->extcode ||
!(*f->callbacks->extcode)(f, code, id, inp, len) ) {
fsm_sdata(f, CODEREJ, ++f->id, inpacket, len + HEADERLEN);
@ -705,6 +719,9 @@ fsm_rtermack(fsm *f)
}
fsm_sconfreq(f, 0);
break;
default:
FSMDEBUG((LOG_INFO, "fsm_rtermack(%s): UNHANDLED state=%d (%s)!!!\n",
PROTO_NAME(f), f->state, ppperr_strerr[f->state]));
}
}
@ -777,7 +794,7 @@ fsm_protreject(fsm *f)
(u_char *) f->term_reason, f->term_reason_len);
TIMEOUT(fsm_timeout, f, f->timeouttime);
--f->retransmits;
f->state = LS_STOPPING;
break;
@ -840,6 +857,7 @@ fsm_sconfreq(fsm *f, int retransmit)
PROTO_NAME(f), f->reqid));
}
/*
* fsm_sdata - Send some data.
*

24
src/netif/ppp/ipcp.h
View File

@ -48,15 +48,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: ipcp.h,v 1.3 2007/12/19 20:47:23 fbernon Exp $
* $Id: ipcp.h,v 1.4 2010/01/18 20:49:43 goldsimon Exp $
*/
#ifndef IPCP_H
#define IPCP_H
/*************************
*** PUBLIC DEFINITIONS ***
*************************/
/*
* Options.
*/
@ -64,10 +61,10 @@
#define CI_COMPRESSTYPE 2 /* Compression Type */
#define CI_ADDR 3
#define CI_MS_WINS1 128 /* Primary WINS value */
#define CI_MS_DNS1 129 /* Primary DNS value */
#define CI_MS_WINS2 130 /* Secondary WINS value */
#define CI_MS_WINS1 128 /* Primary WINS value */
#define CI_MS_DNS2 131 /* Secondary DNS value */
#define CI_MS_WINS2 130 /* Secondary WINS value */
#define IPCP_VJMODE_OLD 1 /* "old" mode (option # = 0x0037) */
#define IPCP_VJMODE_RFC1172 2 /* "old-rfc"mode (option # = 0x002d) */
@ -78,11 +75,6 @@
#define IPCP_VJ_COMP_OLD 0x0037 /* "old" (i.e, broken) value for VJ */
/* compression option */
/************************
*** PUBLIC DATA TYPES ***
************************/
typedef struct ipcp_options {
u_int neg_addr : 1; /* Negotiate IP Address? */
u_int old_addrs : 1; /* Use old (IP-Addresses) option? */
@ -103,11 +95,6 @@ typedef struct ipcp_options {
u32_t winsaddr[2]; /* Primary and secondary MS WINS entries */
} ipcp_options;
/*****************************
*** PUBLIC DATA STRUCTURES ***
*****************************/
extern fsm ipcp_fsm[];
extern ipcp_options ipcp_wantoptions[];
extern ipcp_options ipcp_gotoptions[];
@ -116,9 +103,4 @@ extern ipcp_options ipcp_hisoptions[];
extern struct protent ipcp_protent;
/***********************
*** PUBLIC FUNCTIONS ***
***********************/
#endif /* IPCP_H */

81
src/netif/ppp/lcp.c
View File

@ -72,6 +72,23 @@
#define PPPOE_MAXMTU PPP_MAXMRU
#endif
#if 0 /* UNUSED */
/*
* LCP-related command-line options.
*/
int lcp_echo_interval = 0; /* Interval between LCP echo-requests */
int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */
bool lax_recv = 0; /* accept control chars in asyncmap */
static int setescape (char **);
static option_t lcp_option_list[] = {
/* LCP options */
/* list stripped for simplicity */
{NULL}
};
#endif /* UNUSED */
/* options */
LinkPhase lcp_phase[NUM_PPP]; /* Phase of link session (RFC 1661) */
static u_int lcp_echo_interval = LCP_ECHOINTERVAL; /* Interval between LCP echo-requests */
@ -89,7 +106,8 @@ static u32_t lcp_echos_pending = 0; /* Number of outstanding
static u32_t lcp_echo_number = 0; /* ID number of next echo frame */
static u32_t lcp_echo_timer_running = 0; /* TRUE if a timer is running */
static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */
/* @todo: do we really need such a large buffer? The typical 1500 bytes seem too much. */
static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */
/*
* Callbacks for fsm code. (CI = Configuration Information)
@ -142,6 +160,7 @@ static fsm_callbacks lcp_callbacks = { /* LCP callback routines */
* Protocol entry points.
* Some of these are called directly.
*/
static void lcp_input (int, u_char *, int);
static void lcp_protrej (int);
@ -180,8 +199,40 @@ int lcp_loopbackfail = DEFLOOPBACKFAIL;
#define CILEN_LQR 8 /* CILEN_VOID + sizeof(short) + sizeof(long) */
#define CILEN_CBCP 3
#define CODENAME(x) ((x) == CONFACK ? "ACK" : (x) == CONFNAK ? "NAK" : "REJ")
#define CODENAME(x) ((x) == CONFACK ? "ACK" : (x) == CONFNAK ? "NAK" : "REJ")
#if 0 /* UNUSED */
/*
* setescape - add chars to the set we escape on transmission.
*/
static int
setescape(argv)
char **argv;
{
int n, ret;
char *p, *endp;
p = *argv;
ret = 1;
while (*p) {
n = strtol(p, &endp, 16);
if (p == endp) {
option_error("escape parameter contains invalid hex number '%s'",
p);
return 0;
}
p = endp;
if (n < 0 || n == 0x5E || n > 0xFF) {
option_error("can't escape character 0x%x", n);
ret = 0;
} else
xmit_accm[0][n >> 5] |= 1 << (n & 0x1F);
while (*p == ',' || *p == ' ')
++p;
}
return ret;
}
#endif /* UNUSED */
/*
* lcp_init - Initialize LCP.
@ -196,9 +247,9 @@ lcp_init(int unit)
f->unit = unit;
f->protocol = PPP_LCP;
f->callbacks = &lcp_callbacks;
fsm_init(f);
wo->passive = 0;
wo->silent = 0;
wo->restart = 0; /* Set to 1 in kernels or multi-line implementations */
@ -214,7 +265,7 @@ lcp_init(int unit)
wo->neg_accompression = 1;
wo->neg_lqr = 0; /* no LQR implementation yet */
wo->neg_cbcp = 0;
ao->neg_mru = 1;
ao->mru = PPP_MAXMRU;
ao->neg_asyncmap = 1;
@ -291,7 +342,7 @@ lcp_close(int unit, char *reason)
f->state = LS_CLOSED;
lcp_finished(f);
} else {
fsm_close(&lcp_fsm[unit], reason);
fsm_close(f, reason);
}
}
@ -338,9 +389,6 @@ lcp_lowerdown(int unit)
}
/**********************************/
/*** LOCAL FUNCTION DEFINITIONS ***/
/**********************************/
/*
* lcp_input - Input LCP packet.
*/
@ -379,10 +427,10 @@ lcp_extcode(fsm *f, int code, u_char id, u_char *inp, int len)
case ECHOREP:
lcp_received_echo_reply(f, id, inp, len);
break;
case DISCREQ:
break;
default:
return 0;
}
@ -481,7 +529,8 @@ lcp_resetci(fsm *f)
/*
* lcp_cilen - Return length of our CI.
*/
static int lcp_cilen(fsm *f)
static int
lcp_cilen(fsm *f)
{
lcp_options *go = &lcp_gotoptions[f->unit];
@ -1626,7 +1675,7 @@ lcp_up(fsm *f)
lcp_echo_lowerup(f->unit); /* Enable echo messages */
link_established(f->unit);
link_established(f->unit); /* The link is up; authenticate now */
}
@ -1658,7 +1707,7 @@ lcp_down(fsm *f)
static void
lcp_starting(fsm *f)
{
link_required(f->unit);
link_required(f->unit); /* lwip: currently does nothing */
}
@ -1668,7 +1717,7 @@ lcp_starting(fsm *f)
static void
lcp_finished(fsm *f)
{
link_terminated(f->unit);
link_terminated(f->unit); /* we are finished with the link */
}
@ -1943,7 +1992,7 @@ lcp_received_echo_reply (fsm *f, int id, u_char *inp, int len)
LCPDEBUG((LOG_WARNING, "appear to have received our own echo-reply!\n"));
return;
}
/* Reset the number of outstanding echo frames */
lcp_echos_pending = 0;
}

20
src/netif/ppp/lcp.h
View File

@ -48,15 +48,11 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: lcp.h,v 1.3 2007/12/19 20:47:23 fbernon Exp $
* $Id: lcp.h,v 1.4 2010/01/18 20:49:43 goldsimon Exp $
*/
#ifndef LCP_H
#define LCP_H
/*************************
*** PUBLIC DEFINITIONS ***
*************************/
/*
* Options.
*/
@ -73,7 +69,7 @@
#define CI_EPDISC 19 /* endpoint discriminator */
/*
* LCP-specific packet types.
* LCP-specific packet types (code numbers).
*/
#define PROTREJ 8 /* Protocol Reject */
#define ECHOREQ 9 /* Echo Request */
@ -81,11 +77,6 @@
#define DISCREQ 11 /* Discard Request */
#define CBCP_OPT 6 /* Use callback control protocol */
/************************
*** PUBLIC DATA TYPES ***
************************/
/*
* The state of options is described by an lcp_options structure.
*/
@ -135,9 +126,6 @@ typedef enum {
} LinkPhase;
/*****************************
*** PUBLIC DATA STRUCTURES ***
*****************************/
extern LinkPhase lcp_phase[NUM_PPP]; /* Phase of link session (RFC 1661) */
extern lcp_options lcp_wantoptions[];
@ -147,10 +135,6 @@ extern lcp_options lcp_hisoptions[];
extern ext_accm xmit_accm[];
/***********************
*** PUBLIC FUNCTIONS ***
***********************/
void lcp_init (int);
void lcp_open (int);
void lcp_close (int, char *);

4
src/netif/ppp/magic.c
View File

@ -57,9 +57,7 @@
#include "randm.h"
#include "magic.h"
/***********************************/
/*** PUBLIC FUNCTION DEFINITIONS ***/
/***********************************/
/*
* magicInit - Initialize the magic number generator.
*

6
src/netif/ppp/magic.h
View File

@ -48,16 +48,12 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: magic.h,v 1.2 2007/12/02 22:35:55 fbernon Exp $
* $Id: magic.h,v 1.3 2010/01/18 20:49:43 goldsimon Exp $
*/
#ifndef MAGIC_H
#define MAGIC_H
/*****************************************************************************
************************** PUBLIC FUNCTIONS **********************************
*****************************************************************************/
/* Initialize the magic number generator */
void magicInit(void);

36
src/netif/ppp/pap.c
View File

@ -63,6 +63,27 @@
#include <string.h>
#if 0 /* UNUSED */
static bool hide_password = 1;
/*
* Command-line options.
*/
static option_t pap_option_list[] = {
{ "hide-password", o_bool, &hide_password,
"Don't output passwords to log", 1 },
{ "show-password", o_bool, &hide_password,
"Show password string in debug log messages", 0 },
{ "pap-restart", o_int, &upap[0].us_timeouttime,
"Set retransmit timeout for PAP" },
{ "pap-max-authreq", o_int, &upap[0].us_maxtransmits,
"Set max number of transmissions for auth-reqs" },
{ "pap-timeout", o_int, &upap[0].us_reqtimeout,
"Set time limit for peer PAP authentication" },
{ NULL }
};
#endif
/*
* Protocol entry points.
*/
@ -71,6 +92,9 @@ static void upap_lowerup (int);
static void upap_lowerdown (int);
static void upap_input (int, u_char *, int);
static void upap_protrej (int);
#if PPP_ADDITIONAL_CALLBACKS
static int upap_printpkt (u_char *, int, void (*)(void *, char *, ...), void *);
#endif /* PPP_ADDITIONAL_CALLBACKS */
struct protent pap_protent = {
PPP_PAP,
@ -205,7 +229,7 @@ upap_timeout(void *arg)
return;
}
upap_sauthreq(u); /* Send Authenticate-Request */
upap_sauthreq(u); /* Send Authenticate-Request and set upap timeout*/
}
@ -236,12 +260,13 @@ upap_lowerup(int unit)
{
upap_state *u = &upap[unit];
UPAPDEBUG((LOG_INFO, "upap_lowerup: %d s=%d\n", unit, u->us_clientstate));
UPAPDEBUG((LOG_INFO, "upap_lowerup: init %d clientstate s=%d\n", unit, u->us_clientstate));
if (u->us_clientstate == UPAPCS_INITIAL) {
u->us_clientstate = UPAPCS_CLOSED;
} else if (u->us_clientstate == UPAPCS_PENDING) {
upap_sauthreq(u); /* send an auth-request */
/* now client state is UPAPCS__AUTHREQ */
}
if (u->us_serverstate == UPAPSS_INITIAL) {
@ -413,6 +438,7 @@ upap_rauthreq(upap_state *u, u_char *inp, int id, int len)
* Check the username and password given.
*/
retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd, rpasswdlen, &msg, &msglen);
/* lwip: currently retcode is always UPAP_AUTHACK */
BZERO(rpasswd, rpasswdlen);
upap_sresp(u, retcode, id, msg, msglen);
@ -473,7 +499,7 @@ upap_rauthack(upap_state *u, u_char *inp, int id, int len)
/*
* upap_rauthnak - Receive Authenticate-Nakk.
* upap_rauthnak - Receive Authenticate-Nak.
*/
static void
upap_rauthnak(upap_state *u, u_char *inp, int id, int len)
@ -572,6 +598,10 @@ upap_sresp(upap_state *u, u_char code, u_char id, char *msg, int msglen)
}
#if PPP_ADDITIONAL_CALLBACKS
static char *upap_codenames[] = {
"AuthReq", "AuthAck", "AuthNak"
};
/*
* upap_printpkt - print the contents of a PAP packet.
*/

4
src/netif/ppp/pap.h
View File

@ -54,9 +54,6 @@
#if PAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
/*************************
*** PUBLIC DEFINITIONS ***
*************************/
/*
* Packet header = Code, id, length.
*/
@ -111,7 +108,6 @@ typedef struct upap_state {
extern upap_state upap[];
void upap_setloginpasswd(int unit, const char *luser, const char *lpassword);
void upap_authwithpeer (int, char *, char *);
void upap_authpeer (int);