pixmaps/busy.png

/*
 * upap.c - User/Password Authentication Protocol.
 *
 * Copyright (c) 1989 Carnegie Mellon University.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms are permitted
 * provided that the above copyright notice and this paragraph are
 * duplicated in all such forms and that any documentation,
 * advertising materials, and other materials related to such
 * distribution and use acknowledge that the software was developed
 * by Carnegie Mellon University.  The name of the
 * University may not be used to endorse or promote products derived
 * from this software without specific prior written permission.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */

#define RCSID	"$Id$"

/*
 * TODO:
 */

#include <stdio.h>
#include <string.h>

#include "pppd.h"
#include "upap.h"

static const char rcsid[] = RCSID;

static bool hide_password = 1;

/*
 * Command-line options.
 */
static option_t pap_option_list[] = {
    { "hide-password", o_bool, &hide_password,
      "Don't output passwords to log", OPT_PRIO | 1 },
    { "show-password", o_bool, &hide_password,
      "Show password string in debug log messages", OPT_PRIOSUB | 0 },

    { "pap-restart", o_int, &upap[0].us_timeouttime,
      "Set retransmit timeout for PAP", OPT_PRIO },
    { "pap-max-authreq", o_int, &upap[0].us_maxtransmits,
      "Set max number of transmissions for auth-reqs", OPT_PRIO },
    { "pap-timeout", o_int, &upap[0].us_reqtimeout,
      "Set time limit for peer PAP authentication", OPT_PRIO },

    { NULL }
};

/*
 * Protocol entry points.
 */
static void upap_init __P((int));
static void upap_lowerup __P((int));
static void upap_lowerdown __P((int));
static void upap_input __P((int, u_char *, int));
static void upap_protrej __P((int));
static int  upap_printpkt __P((u_char *, int,
			       void (*) __P((void *, char *, ...)), void *));

struct protent pap_protent = {
    PPP_PAP,
    upap_init,
    upap_input,
    upap_protrej,
    upap_lowerup,
    upap_lowerdown,
    NULL,
    NULL,
    upap_printpkt,
    NULL,
    1,
    "PAP",
    NULL,
    pap_option_list,
    NULL,
    NULL,
    NULL
};

upap_state upap[NUM_PPP];		/* UPAP state; one for each unit */

static void upap_timeout __P((void *));
static void upap_reqtimeout __P((void *));
static void upap_rauthreq __P((upap_state *, u_char *, int, int));
static void upap_rauthack __P((upap_state *, u_char *, int, int));
static void upap_rauthnak __P((upap_state *, u_char *, int, int));
static void upap_sauthreq __P((upap_state *));
static void upap_sresp __P((upap_state *, int, int, char *, int));


/*
 * upap_init - Initialize a UPAP unit.
 */
static void
upap_init(unit)
    int unit;
{
    upap_state *u = &upap[unit];

    u->us_unit = unit;
    u->us_user = NULL;
    u->us_userlen = 0;
    u->us_passwd = NULL;
    u->us_passwdlen = 0;
    u->us_clientstate = UPAPCS_INITIAL;
    u->us_serverstate = UPAPSS_INITIAL;
    u->us_id = 0;
    u->us_timeouttime = UPAP_DEFTIMEOUT;
    u->us_maxtransmits = 10;
    u->us_reqtimeout = UPAP_DEFREQTIME;
}


/*
 * upap_authwithpeer - Authenticate us with our peer (start client).
 *
 * Set new state and send authenticate's.
 */
void
upap_authwithpeer(unit, user, password)
    int unit;
    char *user, *password;
{
    upap_state *u = &upap[unit];

    /* Save the username and password we're given */
    u->us_user = user;
    u->us_userlen = strlen(user);
    u->us_passwd = password;
    u->us_passwdlen = strlen(password);
    u->us_transmits = 0;

    /* Lower layer up yet? */
    if (u->us_clientstate == UPAPCS_INITIAL ||
	u->us_clientstate == UPAPCS_PENDING) {
	u->us_clientstate = UPAPCS_PENDING;
	return;
    }

    upap_sauthreq(u);			/* Start protocol */
}


/*
 * upap_authpeer - Authenticate our peer (start server).
 *
 * Set new state.
 */
void
upap_authpeer(unit)
    int unit;
{
    upap_state *u = &upap[unit];

    /* Lower layer up yet? */
    if (u->us_serverstate == UPAPSS_INITIAL ||
	u->us_serverstate == UPAPSS_PENDING) {
	u->us_serverstate = UPAPSS_PENDING;
	return;
    }

    u->us_serverstate = UPAPSS_LISTEN;
    if (u->us_reqtimeout > 0)
	TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
}


/*
 * upap_timeout - Retransmission timer for sending auth-reqs expired.
 */
static void
upap_timeout(arg)
    void *arg;
{
    upap_state *u = (upap_state *) arg;

    if (u->us_clientstate != UPAPCS_AUTHREQ)
	return;

    if (u->us_transmits >= u->us_maxtransmits) {
	/* give up in disgust */
	error("No response to PAP authenticate-requests");
	u->us_clientstate = UPAPCS_BADAUTH;
	auth_withpeer_fail(u->us_unit, PPP_PAP);
	return;
    }

    upap_sauthreq(u);		/* Send Authenticate-Request */
}


/*
 * upap_reqtimeout - Give up waiting for the peer to send an auth-req.
 */
static void
upap_reqtimeout(arg)
    void *arg;
{
    upap_state *u = (upap_state *) arg;

    if (u->us_serverstate != UPAPSS_LISTEN)
	return;			/* huh?? */

    auth_peer_fail(u->us_unit, PPP_PAP);
    u->us_serverstate = UPAPSS_BADAUTH;
}


/*
 * upap_lowerup - The lower layer is up.
 *
 * Start authenticating if pending.
 */
static void
upap_lowerup(unit)
    int unit;
{
    upap_state *u = &upap[unit];

    if (u->us_clientstate == UPAPCS_INITIAL)
	u->us_clientstate = UPAPCS_CLOSED;
    else if (u->us_clientstate == UPAPCS_PENDING) {
	upap_sauthreq(u);	/* send an auth-request */
    }

    if (u->us_serverstate == UPAPSS_INITIAL)
	u->us_serverstate = UPAPSS_CLOSED;
    else if (u->us_serverstate == UPAPSS_PENDING) {
	u->us_serverstate = UPAPSS_LISTEN;
	if (u->us_reqtimeout > 0)
	    TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
    }
}


/*
 * upap_lowerdown - The lower layer is down.
 *
 * Cancel all timeouts.
 */
static void
upap_lowerdown(unit)
    int unit;
{
    upap_state *u = &upap[unit];

    if (u->us_clientstate == UPAPCS_AUTHREQ)	/* Timeout pending? */
	UNTIMEOUT(upap_timeout, u);		/* Cancel timeout */
    if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0)
	UNTIMEOUT(upap_reqtimeout, u);

    u->us_clientstate = UPAPCS_INITIAL;
    u->us_serverstate = UPAPSS_INITIAL;
}


/*
 * upap_protrej - Peer doesn't speak this protocol.
 *
 * This shouldn't happen.  In any case, pretend lower layer went down.
 */
static void
upap_protrej(unit)
    int unit;
{
    upap_state *u = &upap[unit];

    if (u->us_clientstate == UPAPCS_AUTHREQ) {
	error("PAP authentication failed due to protocol-reject");
	auth_withpeer_fail(unit, PPP_PAP);
    }
    if (u->us_serverstate == UPAPSS_LISTEN) {
	error("PAP authentication of peer failed (protocol-reject)");
	auth_peer_fail(unit, PPP_PAP);
    }
    upap_lowerdown(unit);
}


/*
 * upap_input - Input UPAP packet.
 */
static void
upap_input(unit, inpacket, l)
    int unit;
    u_char *inpacket;
    int l;
{
    upap_state *u = &upap[unit];
    u_char *inp;
    u_char code, id;
    int len;

    /*
     * Parse header (code, id and length).
     * If packet too short, drop it.
     */
    inp = inpacket;
    if (l < UPAP_HEADERLEN) {
	UPAPDEBUG(("pap_input: rcvd short header."));
	return;
    }
    GETCHAR(code, inp);
    GETCHAR(id, inp);
    GETSHORT(len, inp);
    if (len < UPAP_HEADERLEN) {
	UPAPDEBUG(("pap_input: rcvd illegal length."));
	return;
    }
    if (len > l) {
	UPAPDEBUG(("pap_input: rcvd short packet."));
	return;
    }
    len -= UPAP_HEADERLEN;

    /*
     * Action depends on code.
     */
    switch (code) {
    case UPAP_AUTHREQ:
	upap_rauthreq(u, inp, id, len);
	break;

    case UPAP_AUTHACK:
	upap_rauthack(u, inp, id, len);
	break;

    case UPAP_AUTHNAK:
	upap_rauthnak(u, inp, id, len);
	break;

    default:				/* XXX Need code reject */
	break;
    }
}


/*
 * upap_rauth - Receive Authenticate.
 */
static void
upap_rauthreq(u, inp, id, len)
    upap_state *u;
    u_char *inp;
    int id;
    int len;
{
    u_char ruserlen, rpasswdlen;
    char *ruser, *rpasswd;
    int retcode;
    char *msg;
    int msglen;

    if (u->us_serverstate < UPAPSS_LISTEN)
	return;

    /*
     * If we receive a duplicate authenticate-request, we are
     * supposed to return the same status as for the first request.
     */
    if (u->us_serverstate == UPAPSS_OPEN) {
	upap_sresp(u, UPAP_AUTHACK, id, "", 0);	/* return auth-ack */
	return;
    }
    if (u->us_serverstate == UPAPSS_BADAUTH) {
	upap_sresp(u, UPAP_AUTHNAK, id, "", 0);	/* return auth-nak */
ofs	hex dump	ascii
0000	89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 14 00 00 00 14 08 06 00 00 00 8d 89 1d	.PNG........IHDR................
0020	0d 00 00 00 04 67 41 4d 41 00 00 d6 d8 d4 4f 58 32 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72	.....gAMA.....OX2....tEXtSoftwar
0040	65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 70 49 44 41 54 78 da	e.Adobe.ImageReadyq.e<...pIDATx.
0060	ac 94 5b 4c 54 57 14 86 bf c3 cc a8 43 0d 22 98 88 86 32 32 82 12 52 ad 8a 51 d1 26 35 f5 01 7b	..[LTW......C."...22..R..Q.&5..{
0080	51 a3 35 98 54 ab 26 26 c6 36 29 89 a6 2f 6a 88 a6 34 5a 1f 5a 2f 69 da c4 07 d3 62 db 40 89 97	Q.5.T.&&.6)../j..4Z.Z/i....b.@..
00a0	14 5b 9a 26 ad a9 f7 0b 2a 5a 50 1c 41 45 45 86 ce 70 53 c0 b9 30 67 b9 26 c7 61 42 b1 b6 a6 5d	.[.&....*ZP.AEE..pS..0g.&.aB...]
00c0	93 3d 7b 9f 73 fe f5 ef b5 fe b5 f6 36 44 84 ff d3 ec cf fc ba d2 48 42 c8 d7 d5 2b 3a 0c fd 1d	.={.s.......6D........HB...+:...
00e0	a6 54 aa 9f e5 62 3c 35 c2 15 46 1e d9 8e c3 bc 5a 94 ce 44 e5 4b 9e 60 bd 6f 3e 0d 35 47 e0 4c	.T...b<5..F.....Z..D.K.`.o>.5G.L
0100	65 19 7f b2 56 c9 1f 0e f2 8d 12 0e 18 1f 50 2e d5 c5 22 e1 56 91 5f b6 8b 14 67 8b 94 ae 11 d9	e...V.........P...".V._...g.....
0120	39 4f e4 8b b7 44 ce ec 53 98 4f a4 6c 8e c8 3a 96 ff d5 7f 30 59 c3 97 22 97 be 51 f0 10 91 8a	9O...D..S.O.l..:....0Y.."..Q....
0140	0f 45 1e fa 45 1e 78 75 e8 06 cd 35 22 7b de 10 d9 34 4e c4 7b 4e e4 e7 a5 83 48 e3 64 ef 51 20	.E..E.xu...5"{...4N.{N....H.d.Q.
0160	a7 8b 44 8e ed 10 d9 e8 16 69 ba 28 31 7b 14 36 a5 ce d3 28 c7 cf 5d 92 db ad 1d 4a a4 98 35 ea	..D......i.(1{.6...(..]....J..5.
0180	d6 71 5e 64 5f 9e c8 2a 92 62 3c 09 fd b9 67 a7 1e c4 bd 00 0e 6c 83 69 8b 21 35 23 2e 4b 24 0c	.q^d_..*.b<...g......l.i.!5#.K$.
01a0	91 3e 82 8f ba f1 dc 68 80 ac d9 8a 59 04 bb df 81 85 1b 55 63 f6 c6 b0 16 e1 2a e3 75 e6 14 26	.>.....h....Y......Uc.....*.u..&
01c0	f2 e3 2e 48 cb 05 af 07 ae ff de 4f 18 56 98 69 b7 33 3c 39 85 c9 79 d3 e1 e8 e7 10 ec 81 8e 76	...H.......O.V.i.3<9..y........v
01e0	b8 df 0c 13 32 96 0d 24 4c 62 36 a3 c6 c0 1f 27 a1 2f 08 fe 9b 50 b9 c5 42 04 ba b0 9d 28 23 f9	....2..$Lb6....'./...P..B....(#.
0200	42 15 69 9d ad 8c be 5a 0e 9e 63 e0 d3 48 6d da 75 75 ba ce 99 09 ab 0d 77 bc 0f 47 62 32 e2 45	B.i....Z..c..Hm.uu......w..Gb2.E
0220	68 eb 84 50 7d 34 47 9d 95 78 6b 0e 4c 2d 64 e8 b6 12 52 03 0e 9c ef af d7 4d 3f d3 e8 fa ac 50	h..P}4G..xk.L-d...R......M?....P
0240	14 c6 f5 8b 90 99 1b 65 49 d1 71 d3 de 1f 67 c8 ff 24 a2 de 58 9e ea a0 7f 8b 3e 42 6a 2e e3 7d	.......eI.q...g..$..X.....>Bj..}
0260	f9 6d 5c 73 f3 49 a8 fb 54 37 d4 6f 26 d6 6c 44 2b 1b 64 60 ca 21 9d fd 7a 00 5c ee 38 f0 05 1b	.m\s.I..T7.o&.lD+.d`.!..z.\.8...
0280	94 34 62 36 5e 20 d4 d2 81 73 c7 26 6e 7c b2 9f c8 b4 0d d1 33 63 61 6c ba c8 1c 0f 9d dd 51 16	.4b6^....s.&n\|......3cal......Q.
02a0	5b 9c f0 1e a7 e8 54 dd 72 34 74 e7 70 2b 95 37 8b 31 0f 96 60 1e d8 83 f8 db 18 e2 f3 91 b4 f7	[.....T.r4t.p+.7.1..`...........
02c0	63 7c 15 b5 30 36 c3 da 38 65 1c a4 8f d2 c2 5c 83 af e4 6c 9c b0 54 aa b8 72 a5 97 2c 7d 1c 3f	c\|..06..8e.....\...l..T..r..,}.?
02e0	d7 22 bc 75 1e a9 ae 24 52 ab 73 53 13 f2 24 f2 c0 4f 55 30 5f 5b c5 e9 84 dc 19 aa 7f 1b dc ed	.".u...$R.sS..$..OU0_[..........
0300	2a 1f 98 72 d4 ea 83 6b e9 b9 0c 53 1c 30 63 09 38 12 b5 48 2d 98 0d d7 90 de 00 12 8a a8 54 c2	*..r...k...S.0c.8..H-.........T.
0320	88 0d 45 7a 96 bf 87 fc 95 e0 56 dd eb 35 b0 5b 7a ae 9f 7a 39 6c 36 ca 78 2d 6d 19 8e 59 d0 35	..Ez......V..5.[z..z9l6.x-m..Y.5
0340	45 5b 43 35 ec 09 a9 46 ed 98 5a 58 7b a6 0b 7a bc f0 92 66 91 50 01 ed 75 f0 5b f7 0a 76 cb b7	E[C5...F..ZX{..z...f.P..u.[..v..
0360	7f 7f db 6c 36 ca c9 1f 56 48 e2 58 2d 4c 81 3a 66 29 b9 8a 1f be a7 da a5 2b a1 36 7c e0 57 ed	...l6...VH.X-L.:f).......+.6\|.W.
0380	d5 00 9c ec 5b ae 64 df fd f3 f5 b5 de 28 c0 c5 21 5c 76 27 c9 b6 e8 81 57 a4 92 26 e8 b8 a3 11	....[.d......(..!\v'....W..&....
03a0	b7 98 35 d4 b2 58 b5 bf fd ef ee c3 98 bd 6b 64 6a 21 16 32 89 54 ba f4 f9 2e 1e 55 fd 07 be 96	..5..X........kdj!.2.T.....U....
03c0	07 cf 77 c1 fe 07 7b 2c c0 00 b5 5d d3 45 9d 18 1d 04 00 00 00 00 49 45 4e 44 ae 42 60 82	..w...{,...].E........IEND.B`.