1/*-
2 * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
3 *          based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
4 *                           Internet Initiative Japan, Inc (IIJ)
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 *
28 * $FreeBSD$
29 */
30
31#include <sys/param.h>
32#include <netinet/in.h>
33#include <netinet/in_systm.h>
34#include <netinet/ip.h>
35#include <sys/socket.h>
36#include <sys/un.h>
37
38#include <stdlib.h>
39#include <string.h>		/* strlen/memcpy */
40#include <termios.h>
41
42#include "layer.h"
43#include "mbuf.h"
44#include "log.h"
45#include "defs.h"
46#include "timer.h"
47#include "fsm.h"
48#include "auth.h"
49#include "pap.h"
50#include "lqr.h"
51#include "hdlc.h"
52#include "lcp.h"
53#include "proto.h"
54#include "async.h"
55#include "throughput.h"
56#include "ccp.h"
57#include "link.h"
58#include "descriptor.h"
59#include "physical.h"
60#include "iplist.h"
61#include "slcompress.h"
62#include "ncpaddr.h"
63#include "ipcp.h"
64#include "filter.h"
65#include "mp.h"
66#ifndef NORADIUS
67#include "radius.h"
68#endif
69#include "ipv6cp.h"
70#include "ncp.h"
71#include "bundle.h"
72#include "chat.h"
73#include "chap.h"
74#include "cbcp.h"
75#include "datalink.h"
76
77static const char * const papcodes[] = {
78  "???", "REQUEST", "SUCCESS", "FAILURE"
79};
80#define MAXPAPCODE (sizeof papcodes / sizeof papcodes[0] - 1)
81
82static void
83pap_Req(struct authinfo *authp)
84{
85  struct bundle *bundle = authp->physical->dl->bundle;
86  struct fsmheader lh;
87  struct mbuf *bp;
88  u_char *cp;
89  int namelen, keylen, plen;
90
91  namelen = strlen(bundle->cfg.auth.name);
92  keylen = strlen(bundle->cfg.auth.key);
93  plen = namelen + keylen + 2;
94  log_Printf(LogDEBUG, "pap_Req: namelen = %d, keylen = %d\n", namelen, keylen);
95  log_Printf(LogPHASE, "Pap Output: %s ********\n", bundle->cfg.auth.name);
96  if (*bundle->cfg.auth.name == '\0')
97    log_Printf(LogWARN, "Sending empty PAP authname!\n");
98  lh.code = PAP_REQUEST;
99  lh.id = authp->id;
100  lh.length = htons(plen + sizeof(struct fsmheader));
101  bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
102  memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
103  cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
104  *cp++ = namelen;
105  memcpy(cp, bundle->cfg.auth.name, namelen);
106  cp += namelen;
107  *cp++ = keylen;
108  memcpy(cp, bundle->cfg.auth.key, keylen);
109  link_PushPacket(&authp->physical->link, bp, bundle,
110                  LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
111}
112
113static void
114SendPapCode(struct authinfo *authp, int code, const char *message)
115{
116  struct fsmheader lh;
117  struct mbuf *bp;
118  u_char *cp;
119  int plen, mlen;
120
121  lh.code = code;
122  lh.id = authp->id;
123  mlen = strlen(message);
124  plen = mlen + 1;
125  lh.length = htons(plen + sizeof(struct fsmheader));
126  bp = m_get(plen + sizeof(struct fsmheader), MB_PAPOUT);
127  memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
128  cp = MBUF_CTOP(bp) + sizeof(struct fsmheader);
129  /*
130   * If our message is longer than 255 bytes, truncate the length to
131   * 255 and send the entire message anyway.  Maybe the other end will
132   * display it... (see pap_Input() !)
133   */
134  *cp++ = mlen > 255 ? 255 : mlen;
135  memcpy(cp, message, mlen);
136  log_Printf(LogPHASE, "Pap Output: %s\n", papcodes[code]);
137
138  link_PushPacket(&authp->physical->link, bp, authp->physical->dl->bundle,
139                  LINK_QUEUES(&authp->physical->link) - 1, PROTO_PAP);
140}
141
142static void
143pap_Success(struct authinfo *authp)
144{
145  struct bundle *bundle = authp->physical->dl->bundle;
146
147  datalink_GotAuthname(authp->physical->dl, authp->in.name);
148#ifndef NORADIUS
149  if (*bundle->radius.cfg.file && bundle->radius.repstr)
150    SendPapCode(authp, PAP_ACK, bundle->radius.repstr);
151  else
152#endif
153    SendPapCode(authp, PAP_ACK, "Greetings!!");
154  authp->physical->link.lcp.auth_ineed = 0;
155  if (Enabled(bundle, OPT_UTMP))
156    physical_Login(authp->physical, authp->in.name);
157
158  if (authp->physical->link.lcp.auth_iwait == 0)
159    /*
160     * Either I didn't need to authenticate, or I've already been
161     * told that I got the answer right.
162     */
163    datalink_AuthOk(authp->physical->dl);
164}
165
166static void
167pap_Failure(struct authinfo *authp)
168{
169  SendPapCode(authp, PAP_NAK, "Login incorrect");
170  datalink_AuthNotOk(authp->physical->dl);
171}
172
173void
174pap_Init(struct authinfo *pap, struct physical *p)
175{
176  auth_Init(pap, p, pap_Req, pap_Success, pap_Failure);
177}
178
179struct mbuf *
180pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
181{
182  struct physical *p = link2physical(l);
183  struct authinfo *authp = &p->dl->pap;
184  u_char nlen, klen, *key;
185  const char *txt;
186  int txtlen;
187
188  if (p == NULL) {
189    log_Printf(LogERROR, "pap_Input: Not a physical link - dropped\n");
190    m_freem(bp);
191    return NULL;
192  }
193
194  if (bundle_Phase(bundle) != PHASE_NETWORK &&
195      bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
196    log_Printf(LogPHASE, "Unexpected pap input - dropped !\n");
197    m_freem(bp);
198    return NULL;
199  }
200
201  if ((bp = auth_ReadHeader(authp, bp)) == NULL &&
202      ntohs(authp->in.hdr.length) == 0) {
203    log_Printf(LogWARN, "Pap Input: Truncated header !\n");
204    return NULL;
205  }
206
207  if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {
208    log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code);
209    m_freem(bp);
210    return NULL;
211  }
212
213  if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id &&
214      Enabled(bundle, OPT_IDCHECK)) {
215    /* Wrong conversation dude ! */
216    log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n",
217               papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id);
218    m_freem(bp);
219    return NULL;
220  }
221  m_settype(bp, MB_PAPIN);
222  authp->id = authp->in.hdr.id;		/* We respond with this id */
223
224  if (bp) {
225    bp = mbuf_Read(bp, &nlen, 1);
226    if (authp->in.hdr.code == PAP_ACK) {
227      /*
228       * Don't restrict the length of our acknowledgement freetext to
229       * nlen (a one-byte length).  Show the rest of the ack packet
230       * instead.  This isn't really part of the protocol.....
231       */
232      bp = m_pullup(bp);
233      txt = MBUF_CTOP(bp);
234      txtlen = m_length(bp);
235    } else {
236      bp = auth_ReadName(authp, bp, nlen);
237      txt = authp->in.name;
238      txtlen = strlen(authp->in.name);
239    }
240  } else {
241    txt = "";
242    txtlen = 0;
243  }
244
245  log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n",
246             papcodes[authp->in.hdr.code], txtlen, txt);
247
248  switch (authp->in.hdr.code) {
249    case PAP_REQUEST:
250      if (bp == NULL) {
251        log_Printf(LogPHASE, "Pap Input: No key given !\n");
252        break;
253      }
254      bp = mbuf_Read(bp, &klen, 1);
255      if (m_length(bp) < klen) {
256        log_Printf(LogERROR, "Pap Input: Truncated key !\n");
257        break;
258      }
259      if ((key = malloc(klen+1)) == NULL) {
260        log_Printf(LogERROR, "Pap Input: Out of memory !\n");
261        break;
262      }
263      bp = mbuf_Read(bp, key, klen);
264      key[klen] = '\0';
265
266#ifndef NORADIUS
267      if (*bundle->radius.cfg.file) {
268        if (!radius_Authenticate(&bundle->radius, authp, authp->in.name,
269                                 key, strlen(key), NULL, 0))
270          pap_Failure(authp);
271      } else
272#endif
273      if (auth_Validate(bundle, authp->in.name, key))
274        pap_Success(authp);
275      else
276        pap_Failure(authp);
277
278      free(key);
279      break;
280
281    case PAP_ACK:
282      auth_StopTimer(authp);
283      if (p->link.lcp.auth_iwait == PROTO_PAP) {
284        p->link.lcp.auth_iwait = 0;
285        if (p->link.lcp.auth_ineed == 0)
286          /*
287           * We've succeeded in our ``login''
288           * If we're not expecting  the peer to authenticate (or he already
289           * has), proceed to network phase.
290           */
291          datalink_AuthOk(p->dl);
292      }
293      break;
294
295    case PAP_NAK:
296      auth_StopTimer(authp);
297      datalink_AuthNotOk(p->dl);
298      break;
299  }
300
301  m_freem(bp);
302  return NULL;
303}
304