1 /* $OpenBSD: auth.c,v 1.40 2022/05/06 15:51:09 claudio Exp $ */
2
3 /*
4 * auth.c - PPP authentication and phase control.
5 *
6 * Copyright (c) 1989-2002 Paul Mackerras. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. The name(s) of the authors of this software must not be used to
21 * endorse or promote products derived from this software without
22 * prior written permission.
23 *
24 * 4. Redistributions of any form whatsoever must retain the following
25 * acknowledgment:
26 * "This product includes software developed by Paul Mackerras
27 * <paulus@samba.org>".
28 *
29 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
30 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
31 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
32 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
33 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
34 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
35 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
36 *
37 * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
38 *
39 * Redistribution and use in source and binary forms, with or without
40 * modification, are permitted provided that the following conditions
41 * are met:
42 *
43 * 1. Redistributions of source code must retain the above copyright
44 * notice, this list of conditions and the following disclaimer.
45 *
46 * 2. Redistributions in binary form must reproduce the above copyright
47 * notice, this list of conditions and the following disclaimer in
48 * the documentation and/or other materials provided with the
49 * distribution.
50 *
51 * 3. The name "Carnegie Mellon University" must not be used to
52 * endorse or promote products derived from this software without
53 * prior written permission. For permission or any legal
54 * details, please contact
55 * Office of Technology Transfer
56 * Carnegie Mellon University
57 * 5000 Forbes Avenue
58 * Pittsburgh, PA 15213-3890
59 * (412) 268-4387, fax: (412) 268-7395
60 * tech-transfer@andrew.cmu.edu
61 *
62 * 4. Redistributions of any form whatsoever must retain the following
63 * acknowledgment:
64 * "This product includes software developed by Computing Services
65 * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
66 *
67 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
68 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
69 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
70 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
71 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
72 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
73 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
74 */
75
76 #include <stdio.h>
77 #include <stddef.h>
78 #include <stdlib.h>
79 #include <unistd.h>
80 #include <limits.h>
81 #include <syslog.h>
82 #include <pwd.h>
83 #include <string.h>
84 #include <sys/types.h>
85 #include <sys/stat.h>
86 #include <sys/socket.h>
87 #include <utmp.h>
88 #include <fcntl.h>
89 #if defined(_PATH_LASTLOG) && defined(_linux_)
90 #include <lastlog.h>
91 #endif
92
93 #include <netdb.h>
94 #include <netinet/in.h>
95 #include <arpa/inet.h>
96
97
98
99 #include "pppd.h"
100 #include "fsm.h"
101 #include "lcp.h"
102 #include "ipcp.h"
103 #include "upap.h"
104 #include "chap.h"
105 #ifdef CBCP_SUPPORT
106 #include "cbcp.h"
107 #endif
108 #include "pathnames.h"
109
110 /* Used for storing a sequence of words. Usually malloced. */
111 struct wordlist {
112 struct wordlist *next;
113 char word[1];
114 };
115
116 /* Bits in scan_authfile return value */
117 #define NONWILD_SERVER 1
118 #define NONWILD_CLIENT 2
119
120 #define ISWILD(word) (word[0] == '*' && word[1] == 0)
121
122 #define FALSE 0
123 #define TRUE 1
124
125 /* The name by which the peer authenticated itself to us. */
126 char peer_authname[MAXNAMELEN];
127
128 /* Records which authentication operations haven't completed yet. */
129 static int auth_pending[NUM_PPP];
130
131 /* Set if we have successfully called plogin() */
132 static int logged_in;
133
134 /* Set if we have run the /etc/ppp/auth-up script. */
135 static int did_authup;
136
137 /* List of addresses which the peer may use. */
138 static struct wordlist *addresses[NUM_PPP];
139
140 /* Number of network protocols which we have opened. */
141 static int num_np_open;
142
143 /* Number of network protocols which have come up. */
144 static int num_np_up;
145
146 /* Set if we got the contents of passwd[] from the pap-secrets file. */
147 static int passwd_from_file;
148
149 /* Bits in auth_pending[] */
150 #define PAP_WITHPEER 1
151 #define PAP_PEER 2
152 #define CHAP_WITHPEER 4
153 #define CHAP_PEER 8
154
155 extern char *crypt(const char *, const char *);
156
157 /* Prototypes for procedures local to this file. */
158
159 static void network_phase(int);
160 static void check_idle(void *);
161 static void connect_time_expired(void *);
162 static int plogin(char *, char *, char **, int *);
163 static void plogout(void);
164 static int null_login(int);
165 static int get_pap_passwd(char *);
166 static int have_pap_secret(void);
167 static int have_chap_secret(char *, char *, u_int32_t);
168 static int ip_addr_check(u_int32_t, struct wordlist *);
169 static int scan_authfile(FILE *, char *, char *, u_int32_t, char *,
170 struct wordlist **, char *);
171 static void free_wordlist(struct wordlist *);
172 static void auth_script(char *);
173 static void set_allowed_addrs(int, struct wordlist *);
174
175 /*
176 * An Open on LCP has requested a change from Dead to Establish phase.
177 * Do what's necessary to bring the physical layer up.
178 */
179 void
link_required(unit)180 link_required(unit)
181 int unit;
182 {
183 }
184
185 /*
186 * LCP has terminated the link; go to the Dead phase and take the
187 * physical layer down.
188 */
189 void
link_terminated(unit)190 link_terminated(unit)
191 int unit;
192 {
193 if (phase == PHASE_DEAD)
194 return;
195 if (logged_in)
196 plogout();
197 phase = PHASE_DEAD;
198 syslog(LOG_NOTICE, "Connection terminated.");
199 }
200
201 /*
202 * LCP has gone down; it will either die or try to re-establish.
203 */
204 void
link_down(unit)205 link_down(unit)
206 int unit;
207 {
208 int i;
209 struct protent *protp;
210
211 if (did_authup) {
212 auth_script(_PATH_AUTHDOWN);
213 did_authup = 0;
214 }
215 for (i = 0; (protp = protocols[i]) != NULL; ++i) {
216 if (!protp->enabled_flag)
217 continue;
218 if (protp->protocol != PPP_LCP && protp->lowerdown != NULL)
219 (*protp->lowerdown)(unit);
220 if (protp->protocol < 0xC000 && protp->close != NULL)
221 (*protp->close)(unit, "LCP down");
222 }
223 num_np_open = 0;
224 num_np_up = 0;
225 if (phase != PHASE_DEAD)
226 phase = PHASE_TERMINATE;
227 }
228
229 /*
230 * The link is established.
231 * Proceed to the Dead, Authenticate or Network phase as appropriate.
232 */
233 void
link_established(unit)234 link_established(unit)
235 int unit;
236 {
237 int auth;
238 lcp_options *wo = &lcp_wantoptions[unit];
239 lcp_options *go = &lcp_gotoptions[unit];
240 lcp_options *ho = &lcp_hisoptions[unit];
241 int i;
242 struct protent *protp;
243
244 /*
245 * Tell higher-level protocols that LCP is up.
246 */
247 for (i = 0; (protp = protocols[i]) != NULL; ++i)
248 if (protp->protocol != PPP_LCP && protp->enabled_flag
249 && protp->lowerup != NULL)
250 (*protp->lowerup)(unit);
251
252 if (auth_required && !(go->neg_chap || go->neg_upap)) {
253 /*
254 * We wanted the peer to authenticate itself, and it refused:
255 * treat it as though it authenticated with PAP using a username
256 * of "" and a password of "". If that's not OK, boot it out.
257 */
258 if (!wo->neg_upap || !null_login(unit)) {
259 syslog(LOG_WARNING, "peer refused to authenticate");
260 lcp_close(unit, "peer refused to authenticate");
261 return;
262 }
263 }
264
265 phase = PHASE_AUTHENTICATE;
266 auth = 0;
267 if (go->neg_chap) {
268 ChapAuthPeer(unit, our_name, go->chap_mdtype);
269 auth |= CHAP_PEER;
270 } else if (go->neg_upap) {
271 upap_authpeer(unit);
272 auth |= PAP_PEER;
273 }
274 if (ho->neg_chap) {
275 ChapAuthWithPeer(unit, user, ho->chap_mdtype);
276 auth |= CHAP_WITHPEER;
277 } else if (ho->neg_upap) {
278 if (passwd[0] == 0) {
279 passwd_from_file = 1;
280 if (!get_pap_passwd(passwd))
281 syslog(LOG_ERR, "No secret found for PAP login");
282 }
283 upap_authwithpeer(unit, user, passwd);
284 auth |= PAP_WITHPEER;
285 }
286 auth_pending[unit] = auth;
287
288 if (!auth)
289 network_phase(unit);
290 }
291
292 /*
293 * Proceed to the network phase.
294 */
295 static void
network_phase(unit)296 network_phase(unit)
297 int unit;
298 {
299 int i;
300 struct protent *protp;
301 lcp_options *go = &lcp_gotoptions[unit];
302
303 /*
304 * If the peer had to authenticate, run the auth-up script now.
305 */
306 if ((go->neg_chap || go->neg_upap) && !did_authup) {
307 auth_script(_PATH_AUTHUP);
308 did_authup = 1;
309 }
310
311 #ifdef CBCP_SUPPORT
312 /*
313 * If we negotiated callback, do it now.
314 */
315 if (go->neg_cbcp) {
316 phase = PHASE_CALLBACK;
317 (*cbcp_protent.open)(unit);
318 return;
319 }
320 #endif
321
322 phase = PHASE_NETWORK;
323 #if 0
324 if (!demand)
325 set_filters(&pass_filter, &active_filter);
326 #endif
327 for (i = 0; (protp = protocols[i]) != NULL; ++i)
328 if (protp->protocol < 0xC000 && protp->enabled_flag
329 && protp->open != NULL) {
330 (*protp->open)(unit);
331 if (protp->protocol != PPP_CCP)
332 ++num_np_open;
333 }
334
335 if (num_np_open == 0)
336 /* nothing to do */
337 lcp_close(0, "No network protocols running");
338 }
339
340 /*
341 * The peer has failed to authenticate himself using `protocol'.
342 */
343 void
auth_peer_fail(unit,protocol)344 auth_peer_fail(unit, protocol)
345 int unit, protocol;
346 {
347 /*
348 * Authentication failure: take the link down
349 */
350 lcp_close(unit, "Authentication failed");
351 }
352
353 /*
354 * The peer has been successfully authenticated using `protocol'.
355 */
356 void
auth_peer_success(unit,protocol,name,namelen)357 auth_peer_success(unit, protocol, name, namelen)
358 int unit, protocol;
359 char *name;
360 int namelen;
361 {
362 int bit;
363
364 switch (protocol) {
365 case PPP_CHAP:
366 bit = CHAP_PEER;
367 break;
368 case PPP_PAP:
369 bit = PAP_PEER;
370 break;
371 default:
372 syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x",
373 protocol);
374 return;
375 }
376
377 /*
378 * Save the authenticated name of the peer for later.
379 */
380 if (namelen > sizeof(peer_authname) - 1)
381 namelen = sizeof(peer_authname) - 1;
382 BCOPY(name, peer_authname, namelen);
383 peer_authname[namelen] = 0;
384 script_setenv("PEERNAME", peer_authname);
385
386 /*
387 * If there is no more authentication still to be done,
388 * proceed to the network (or callback) phase.
389 */
390 if ((auth_pending[unit] &= ~bit) == 0)
391 network_phase(unit);
392 }
393
394 /*
395 * We have failed to authenticate ourselves to the peer using `protocol'.
396 */
397 void
auth_withpeer_fail(unit,protocol)398 auth_withpeer_fail(unit, protocol)
399 int unit, protocol;
400 {
401 if (passwd_from_file)
402 EXPLICIT_BZERO(passwd, MAXSECRETLEN);
403 /*
404 * We've failed to authenticate ourselves to our peer.
405 * He'll probably take the link down, and there's not much
406 * we can do except wait for that.
407 */
408 }
409
410 /*
411 * We have successfully authenticated ourselves with the peer using `protocol'.
412 */
413 void
auth_withpeer_success(unit,protocol)414 auth_withpeer_success(unit, protocol)
415 int unit, protocol;
416 {
417 int bit;
418
419 switch (protocol) {
420 case PPP_CHAP:
421 bit = CHAP_WITHPEER;
422 break;
423 case PPP_PAP:
424 if (passwd_from_file)
425 EXPLICIT_BZERO(passwd, MAXSECRETLEN);
426 bit = PAP_WITHPEER;
427 break;
428 default:
429 syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x",
430 protocol);
431 bit = 0;
432 }
433
434 /*
435 * If there is no more authentication still being done,
436 * proceed to the network (or callback) phase.
437 */
438 if ((auth_pending[unit] &= ~bit) == 0)
439 network_phase(unit);
440 }
441
442
443 /*
444 * np_up - a network protocol has come up.
445 */
446 void
np_up(unit,proto)447 np_up(unit, proto)
448 int unit, proto;
449 {
450 if (num_np_up == 0) {
451 /*
452 * At this point we consider that the link has come up successfully.
453 */
454 need_holdoff = 0;
455
456 if (idle_time_limit > 0)
457 TIMEOUT(check_idle, NULL, idle_time_limit);
458
459 /*
460 * Set a timeout to close the connection once the maximum
461 * connect time has expired.
462 */
463 if (maxconnect > 0)
464 TIMEOUT(connect_time_expired, 0, maxconnect);
465
466 /*
467 * Detach now, if the updetach option was given.
468 */
469 if (nodetach == -1)
470 detach();
471 }
472 ++num_np_up;
473 }
474
475 /*
476 * np_down - a network protocol has gone down.
477 */
478 void
np_down(unit,proto)479 np_down(unit, proto)
480 int unit, proto;
481 {
482 if (--num_np_up == 0 && idle_time_limit > 0) {
483 UNTIMEOUT(check_idle, NULL);
484 }
485 }
486
487 /*
488 * np_finished - a network protocol has finished using the link.
489 */
490 void
np_finished(unit,proto)491 np_finished(unit, proto)
492 int unit, proto;
493 {
494 if (--num_np_open <= 0) {
495 /* no further use for the link: shut up shop. */
496 lcp_close(0, "No network protocols running");
497 }
498 }
499
500 /*
501 * check_idle - check whether the link has been idle for long
502 * enough that we can shut it down.
503 */
504 static void
check_idle(arg)505 check_idle(arg)
506 void *arg;
507 {
508 struct ppp_idle idle;
509 time_t itime;
510
511 if (!get_idle_time(0, &idle))
512 return;
513 itime = MIN(idle.xmit_idle, idle.recv_idle);
514 if (itime >= idle_time_limit) {
515 /* link is idle: shut it down. */
516 syslog(LOG_INFO, "Terminating connection due to lack of activity.");
517 lcp_close(0, "Link inactive");
518 } else {
519 TIMEOUT(check_idle, NULL, idle_time_limit - itime);
520 }
521 }
522
523 /*
524 * connect_time_expired - log a message and close the connection.
525 */
526 static void
connect_time_expired(arg)527 connect_time_expired(arg)
528 void *arg;
529 {
530 syslog(LOG_INFO, "Connect time expired");
531 lcp_close(0, "Connect time expired"); /* Close connection */
532 }
533
534 /*
535 * auth_check_options - called to check authentication options.
536 */
537 void
auth_check_options()538 auth_check_options()
539 {
540 lcp_options *wo = &lcp_wantoptions[0];
541 int can_auth;
542 ipcp_options *ipwo = &ipcp_wantoptions[0];
543 u_int32_t remote;
544
545 /* Default our_name to hostname, and user to our_name */
546 if (our_name[0] == 0 || usehostname)
547 strlcpy(our_name, hostname, HOST_NAME_MAX+1);
548 if (user[0] == 0)
549 strlcpy(user, our_name, MAXNAMELEN);
550
551 /* If authentication is required, ask peer for CHAP or PAP. */
552 if (auth_required && !wo->neg_chap && !wo->neg_upap) {
553 wo->neg_chap = 1;
554 wo->neg_upap = 1;
555 }
556
557 /*
558 * Check whether we have appropriate secrets to use
559 * to authenticate the peer.
560 */
561 can_auth = wo->neg_upap && (uselogin || have_pap_secret());
562 if (!can_auth && wo->neg_chap) {
563 remote = ipwo->accept_remote? 0: ipwo->hisaddr;
564 can_auth = have_chap_secret(remote_name, our_name, remote);
565 }
566
567 if (auth_required && !can_auth) {
568 option_error("peer authentication required but no suitable secret(s) found\n");
569 if (remote_name[0] == 0)
570 option_error("for authenticating any peer to us (%s)\n", our_name);
571 else
572 option_error("for authenticating peer %s to us (%s)\n",
573 remote_name, our_name);
574 exit(1);
575 }
576
577 /*
578 * Check whether the user tried to override certain values
579 * set by root.
580 */
581 if (!auth_required && auth_req_info.priv > 0) {
582 if (!default_device && devnam_info.priv == 0) {
583 option_error("can't override device name when noauth option used");
584 exit(1);
585 }
586 if ((connector != NULL && connector_info.priv == 0)
587 || (disconnector != NULL && disconnector_info.priv == 0)
588 || (welcomer != NULL && welcomer_info.priv == 0)) {
589 option_error("can't override connect, disconnect or welcome");
590 option_error("option values when noauth option used");
591 exit(1);
592 }
593 }
594 }
595
596 /*
597 * auth_reset - called when LCP is starting negotiations to recheck
598 * authentication options, i.e. whether we have appropriate secrets
599 * to use for authenticating ourselves and/or the peer.
600 */
601 void
auth_reset(unit)602 auth_reset(unit)
603 int unit;
604 {
605 lcp_options *go = &lcp_gotoptions[unit];
606 lcp_options *ao = &lcp_allowoptions[0];
607 ipcp_options *ipwo = &ipcp_wantoptions[0];
608 u_int32_t remote;
609
610 ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL));
611 ao->neg_chap = !refuse_chap
612 && have_chap_secret(user, remote_name, (u_int32_t)0);
613
614 if (go->neg_upap && !uselogin && !have_pap_secret())
615 go->neg_upap = 0;
616 if (go->neg_chap) {
617 remote = ipwo->accept_remote? 0: ipwo->hisaddr;
618 if (!have_chap_secret(remote_name, our_name, remote))
619 go->neg_chap = 0;
620 }
621 }
622
623
624 /*
625 * check_passwd - Check the user name and passwd against the PAP secrets
626 * file. If requested, also check against the system password database,
627 * and login the user if OK.
628 *
629 * returns:
630 * UPAP_AUTHNAK: Authentication failed.
631 * UPAP_AUTHACK: Authentication succeeded.
632 * In either case, msg points to an appropriate message.
633 */
634 int
check_passwd(unit,auser,userlen,apasswd,passwdlen,msg,msglen)635 check_passwd(unit, auser, userlen, apasswd, passwdlen, msg, msglen)
636 int unit;
637 char *auser;
638 int userlen;
639 char *apasswd;
640 int passwdlen;
641 char **msg;
642 int *msglen;
643 {
644 int ret;
645 char *filename;
646 FILE *f;
647 struct wordlist *addrs;
648 u_int32_t remote;
649 ipcp_options *ipwo = &ipcp_wantoptions[unit];
650 char passwd[256], user[256];
651 char secret[MAXWORDLEN];
652 static int attempts = 0;
653
654 /*
655 * Make copies of apasswd and auser, then null-terminate them.
656 */
657 BCOPY(apasswd, passwd, passwdlen);
658 passwd[passwdlen] = '\0';
659 BCOPY(auser, user, userlen);
660 user[userlen] = '\0';
661 *msg = (char *) 0;
662
663 /*
664 * Open the file of pap secrets and scan for a suitable secret
665 * for authenticating this user.
666 */
667 filename = _PATH_UPAPFILE;
668 addrs = NULL;
669 ret = UPAP_AUTHACK;
670 f = fopen(filename, "r");
671 if (f == NULL) {
672 syslog(LOG_ERR, "Can't open PAP password file %s: %m", filename);
673 ret = UPAP_AUTHNAK;
674 } else {
675 check_access(f, filename);
676 remote = ipwo->accept_remote? 0: ipwo->hisaddr;
677 if (scan_authfile(f, user, our_name, remote,
678 secret, &addrs, filename) < 0
679 || (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0)
680 && strcmp(crypt(passwd, secret), secret) != 0)) {
681 syslog(LOG_WARNING, "PAP authentication failure for %s", user);
682 ret = UPAP_AUTHNAK;
683 }
684 fclose(f);
685 }
686
687 if (uselogin && ret == UPAP_AUTHACK) {
688 ret = plogin(user, passwd, msg, msglen);
689 if (ret == UPAP_AUTHNAK) {
690 syslog(LOG_WARNING, "PAP login failure for %s", user);
691 }
692 }
693
694 if (ret == UPAP_AUTHNAK) {
695 if (*msg == (char *) 0)
696 *msg = "Login incorrect";
697 *msglen = strlen(*msg);
698 /*
699 * Frustrate passwd stealer programs.
700 * Allow 10 tries, but start backing off after 3 (stolen from login).
701 * On 10'th, drop the connection.
702 */
703 if (attempts++ >= 10) {
704 syslog(LOG_WARNING, "%d LOGIN FAILURES ON %s, %s",
705 attempts, devnam, user);
706 quit();
707 }
708 if (attempts > 3)
709 sleep((u_int) (attempts - 3) * 5);
710 if (addrs != NULL)
711 free_wordlist(addrs);
712
713 } else {
714 attempts = 0; /* Reset count */
715 if (*msg == (char *) 0)
716 *msg = "Login ok";
717 *msglen = strlen(*msg);
718 set_allowed_addrs(unit, addrs);
719 }
720
721 EXPLICIT_BZERO(passwd, sizeof(passwd));
722 EXPLICIT_BZERO(secret, sizeof(secret));
723
724 return ret;
725 }
726
727 /*
728 * plogin - Check the user name and password against the system
729 * password database, and login the user if OK.
730 *
731 * returns:
732 * UPAP_AUTHNAK: Login failed.
733 * UPAP_AUTHACK: Login succeeded.
734 * In either case, msg points to an appropriate message.
735 */
736
737 static int
plogin(user,passwd,msg,msglen)738 plogin(user, passwd, msg, msglen)
739 char *user;
740 char *passwd;
741 char **msg;
742 int *msglen;
743 {
744 struct passwd *pw;
745 char *tty;
746
747 pw = getpwnam_shadow(user);
748 if (crypt_checkpass(passwd, pw ? pw->pw_passwd : NULL))
749 return UPAP_AUTHNAK;
750
751 /*
752 * Write a wtmp entry for this user.
753 */
754
755 tty = devnam;
756 if (strncmp(tty, "/dev/", 5) == 0)
757 tty += 5;
758 logwtmp(tty, user, remote_name); /* Add wtmp login entry */
759
760 #if defined(_PATH_LASTLOG)
761 {
762 struct lastlog ll;
763 int fd;
764
765 if ((fd = open(_PATH_LASTLOG, O_RDWR)) >= 0) {
766 memset(&ll, 0, sizeof(ll));
767 (void)time(&ll.ll_time);
768 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
769 (void)pwrite(fd, &ll, sizeof(ll), (off_t)pw->pw_uid *
770 sizeof(ll));
771 (void)close(fd);
772 }
773 }
774 #endif
775
776
777 syslog(LOG_INFO, "user %s logged in", user);
778 logged_in = TRUE;
779
780 return (UPAP_AUTHACK);
781 }
782
783 /*
784 * plogout - Logout the user.
785 */
786 static void
plogout()787 plogout()
788 {
789 char *tty;
790
791 tty = devnam;
792 if (strncmp(tty, "/dev/", 5) == 0)
793 tty += 5;
794 logwtmp(tty, "", ""); /* Wipe out utmp logout entry */
795
796 logged_in = FALSE;
797 }
798
799
800 /*
801 * null_login - Check if a username of "" and a password of "" are
802 * acceptable, and iff so, set the list of acceptable IP addresses
803 * and return 1.
804 */
805 static int
null_login(unit)806 null_login(unit)
807 int unit;
808 {
809 char *filename;
810 FILE *f;
811 int i, ret;
812 struct wordlist *addrs;
813 char secret[MAXWORDLEN];
814
815 /*
816 * Open the file of pap secrets and scan for a suitable secret.
817 * We don't accept a wildcard client.
818 */
819 filename = _PATH_UPAPFILE;
820 addrs = NULL;
821 f = fopen(filename, "r");
822 if (f == NULL)
823 return 0;
824 check_access(f, filename);
825
826 i = scan_authfile(f, "", our_name, (u_int32_t)0, secret, &addrs, filename);
827 ret = i >= 0 && (i & NONWILD_CLIENT) != 0 && secret[0] == 0;
828 EXPLICIT_BZERO(secret, sizeof(secret));
829
830 if (ret)
831 set_allowed_addrs(unit, addrs);
832 else
833 free_wordlist(addrs);
834
835 fclose(f);
836 return ret;
837 }
838
839
840 /*
841 * get_pap_passwd - get a password for authenticating ourselves with
842 * our peer using PAP. Returns 1 on success, 0 if no suitable password
843 * could be found.
844 */
845 static int
get_pap_passwd(passwd)846 get_pap_passwd(passwd)
847 char *passwd;
848 {
849 char *filename;
850 FILE *f;
851 int ret;
852 char secret[MAXWORDLEN];
853
854 filename = _PATH_UPAPFILE;
855 f = fopen(filename, "r");
856 if (f == NULL)
857 return 0;
858 check_access(f, filename);
859 ret = scan_authfile(f, user,
860 remote_name[0]? remote_name: NULL,
861 (u_int32_t)0, secret, NULL, filename);
862 fclose(f);
863 if (ret < 0)
864 return 0;
865 if (passwd != NULL)
866 strlcpy(passwd, secret, MAXSECRETLEN);
867 EXPLICIT_BZERO(secret, sizeof(secret));
868 return 1;
869 }
870
871
872 /*
873 * have_pap_secret - check whether we have a PAP file with any
874 * secrets that we could possibly use for authenticating the peer.
875 */
876 static int
have_pap_secret()877 have_pap_secret()
878 {
879 FILE *f;
880 int ret;
881 char *filename;
882 ipcp_options *ipwo = &ipcp_wantoptions[0];
883 u_int32_t remote;
884
885 filename = _PATH_UPAPFILE;
886 f = fopen(filename, "r");
887 if (f == NULL)
888 return 0;
889
890 remote = ipwo->accept_remote? 0: ipwo->hisaddr;
891 ret = scan_authfile(f, NULL, our_name, remote, NULL, NULL, filename);
892 fclose(f);
893 if (ret < 0)
894 return 0;
895
896 return 1;
897 }
898
899
900 /*
901 * have_chap_secret - check whether we have a CHAP file with a
902 * secret that we could possibly use for authenticating `client'
903 * on `server'. Either can be the null string, meaning we don't
904 * know the identity yet.
905 */
906 static int
have_chap_secret(client,server,remote)907 have_chap_secret(client, server, remote)
908 char *client;
909 char *server;
910 u_int32_t remote;
911 {
912 FILE *f;
913 int ret;
914 char *filename;
915
916 filename = _PATH_CHAPFILE;
917 f = fopen(filename, "r");
918 if (f == NULL)
919 return 0;
920
921 if (client[0] == 0)
922 client = NULL;
923 else if (server[0] == 0)
924 server = NULL;
925
926 ret = scan_authfile(f, client, server, remote, NULL, NULL, filename);
927 fclose(f);
928 if (ret < 0)
929 return 0;
930
931 return 1;
932 }
933
934
935 /*
936 * get_secret - open the CHAP secret file and return the secret
937 * for authenticating the given client on the given server.
938 * (We could be either client or server).
939 */
940 int
get_secret(unit,client,server,secret,secret_len,save_addrs)941 get_secret(unit, client, server, secret, secret_len, save_addrs)
942 int unit;
943 char *client;
944 char *server;
945 char *secret;
946 int *secret_len;
947 int save_addrs;
948 {
949 FILE *f;
950 int ret, len;
951 char *filename;
952 struct wordlist *addrs;
953 char secbuf[MAXWORDLEN];
954
955 filename = _PATH_CHAPFILE;
956 addrs = NULL;
957 secbuf[0] = 0;
958
959 f = fopen(filename, "r");
960 if (f == NULL) {
961 syslog(LOG_ERR, "Can't open chap secret file %s: %m", filename);
962 return 0;
963 }
964 check_access(f, filename);
965
966 ret = scan_authfile(f, client, server, (u_int32_t)0,
967 secbuf, &addrs, filename);
968 fclose(f);
969 if (ret < 0)
970 return 0;
971
972 if (save_addrs)
973 set_allowed_addrs(unit, addrs);
974
975 len = strlen(secbuf);
976 if (len > MAXSECRETLEN) {
977 syslog(LOG_ERR, "Secret for %s on %s is too long", client, server);
978 len = MAXSECRETLEN;
979 }
980 BCOPY(secbuf, secret, len);
981 EXPLICIT_BZERO(secbuf, sizeof(secbuf));
982 *secret_len = len;
983
984 return 1;
985 }
986
987 /*
988 * set_allowed_addrs() - set the list of allowed addresses.
989 */
990 static void
set_allowed_addrs(unit,addrs)991 set_allowed_addrs(unit, addrs)
992 int unit;
993 struct wordlist *addrs;
994 {
995 if (addresses[unit] != NULL)
996 free_wordlist(addresses[unit]);
997 addresses[unit] = addrs;
998
999 /*
1000 * If there's only one authorized address we might as well
1001 * ask our peer for that one right away
1002 */
1003 if (addrs != NULL && addrs->next == NULL) {
1004 char *p = addrs->word;
1005 struct ipcp_options *wo = &ipcp_wantoptions[unit];
1006 struct in_addr ina;
1007 struct hostent *hp;
1008
1009 if (*p != '!' && *p != '-' && !ISWILD(p) && strchr(p, '/') == NULL) {
1010 hp = gethostbyname(p);
1011 if (hp != NULL && hp->h_addrtype == AF_INET)
1012 wo->hisaddr = *(u_int32_t *)hp->h_addr;
1013 else if (inet_aton(p, &ina) == 1)
1014 wo->hisaddr = ina.s_addr;
1015 }
1016 }
1017 }
1018
1019 /*
1020 * auth_ip_addr - check whether the peer is authorized to use
1021 * a given IP address. Returns 1 if authorized, 0 otherwise.
1022 */
1023 int
auth_ip_addr(unit,addr)1024 auth_ip_addr(unit, addr)
1025 int unit;
1026 u_int32_t addr;
1027 {
1028 return ip_addr_check(addr, addresses[unit]);
1029 }
1030
1031 static int
ip_addr_check(addr,addrs)1032 ip_addr_check(addr, addrs)
1033 u_int32_t addr;
1034 struct wordlist *addrs;
1035 {
1036 u_int32_t mask, ah;
1037 struct in_addr ina;
1038 int accept, r = 1;
1039 char *ptr_word, *ptr_mask;
1040 struct hostent *hp;
1041
1042 /* don't allow loopback or multicast address */
1043 if (bad_ip_adrs(addr))
1044 return 0;
1045
1046 if (addrs == NULL)
1047 return !auth_required; /* no addresses authorized */
1048
1049 for (; addrs != NULL; addrs = addrs->next) {
1050 /* "-" means no addresses authorized, "*" means any address allowed */
1051 ptr_word = addrs->word;
1052 if (strcmp(ptr_word, "-") == 0)
1053 break;
1054 if (strcmp(ptr_word, "*") == 0)
1055 return 1;
1056
1057 accept = 1;
1058 if (*ptr_word == '!') {
1059 accept = 0;
1060 ++ptr_word;
1061 }
1062
1063 mask = ~ (u_int32_t) 0;
1064 ptr_mask = strchr (ptr_word, '/');
1065 if (ptr_mask != NULL) {
1066 int bit_count;
1067
1068 bit_count = (int) strtol (ptr_mask+1, (char **) 0, 10);
1069 if (bit_count <= 0 || bit_count > 32) {
1070 syslog (LOG_WARNING,
1071 "invalid address length %s in auth. address list",
1072 ptr_mask);
1073 continue;
1074 }
1075 *ptr_mask = '\0';
1076 mask <<= 32 - bit_count;
1077 }
1078
1079 hp = gethostbyname(ptr_word);
1080 if (hp != NULL && hp->h_addrtype == AF_INET) {
1081 ina.s_addr = *(u_int32_t *)hp->h_addr;
1082 } else {
1083 r = inet_aton (ptr_word, &ina);
1084 if (ptr_mask == NULL) {
1085 /* calculate appropriate mask for net */
1086 ah = ntohl(ina.s_addr);
1087 if (IN_CLASSA(ah))
1088 mask = IN_CLASSA_NET;
1089 else if (IN_CLASSB(ah))
1090 mask = IN_CLASSB_NET;
1091 else if (IN_CLASSC(ah))
1092 mask = IN_CLASSC_NET;
1093 }
1094 }
1095
1096 if (ptr_mask != NULL)
1097 *ptr_mask = '/';
1098
1099 if (r == 0)
1100 syslog (LOG_WARNING,
1101 "unknown host %s in auth. address list",
1102 addrs->word);
1103 else
1104 /* Here ina.s_addr and addr are in network byte order,
1105 and mask is in host order. */
1106 if (((addr ^ ina.s_addr) & htonl(mask)) == 0)
1107 return accept;
1108 }
1109 return 0; /* not in list => can't have it */
1110 }
1111
1112 /*
1113 * bad_ip_adrs - return 1 if the IP address is one we don't want
1114 * to use, such as an address in the loopback net or a multicast address.
1115 * addr is in network byte order.
1116 */
1117 int
bad_ip_adrs(addr)1118 bad_ip_adrs(addr)
1119 u_int32_t addr;
1120 {
1121 addr = ntohl(addr);
1122 return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
1123 || IN_MULTICAST(addr);
1124 }
1125
1126 /*
1127 * check_access - complain if a secret file has too-liberal permissions.
1128 */
1129 void
check_access(f,filename)1130 check_access(f, filename)
1131 FILE *f;
1132 char *filename;
1133 {
1134 struct stat sbuf;
1135
1136 if (fstat(fileno(f), &sbuf) < 0) {
1137 syslog(LOG_WARNING, "cannot stat secret file %s: %m", filename);
1138 } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) {
1139 syslog(LOG_WARNING, "Warning - secret file %s has world and/or group access", filename);
1140 }
1141 }
1142
1143
1144 /*
1145 * scan_authfile - Scan an authorization file for a secret suitable
1146 * for authenticating `client' on `server'. The return value is -1
1147 * if no secret is found, otherwise >= 0. The return value has
1148 * NONWILD_CLIENT set if the secret didn't have "*" for the client, and
1149 * NONWILD_SERVER set if the secret didn't have "*" for the server.
1150 * Any following words on the line (i.e. address authorization
1151 * info) are placed in a wordlist and returned in *addrs.
1152 */
1153 static int
scan_authfile(f,client,server,ipaddr,secret,addrs,filename)1154 scan_authfile(f, client, server, ipaddr, secret, addrs, filename)
1155 FILE *f;
1156 char *client;
1157 char *server;
1158 u_int32_t ipaddr;
1159 char *secret;
1160 struct wordlist **addrs;
1161 char *filename;
1162 {
1163 int newline, xxx;
1164 int got_flag, best_flag;
1165 FILE *sf;
1166 struct wordlist *ap, *addr_list, *alist, *alast;
1167 char word[MAXWORDLEN];
1168 char atfile[MAXWORDLEN];
1169 char lsecret[MAXWORDLEN];
1170
1171 if (addrs != NULL)
1172 *addrs = NULL;
1173 addr_list = NULL;
1174 if (!getword(f, word, &newline, filename))
1175 return -1; /* file is empty??? */
1176 newline = 1;
1177 best_flag = -1;
1178 for (;;) {
1179 /*
1180 * Skip until we find a word at the start of a line.
1181 */
1182 while (!newline && getword(f, word, &newline, filename))
1183 ;
1184 if (!newline)
1185 break; /* got to end of file */
1186
1187 /*
1188 * Got a client - check if it's a match or a wildcard.
1189 */
1190 got_flag = 0;
1191 if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) {
1192 newline = 0;
1193 continue;
1194 }
1195 if (!ISWILD(word))
1196 got_flag = NONWILD_CLIENT;
1197
1198 /*
1199 * Now get a server and check if it matches.
1200 */
1201 if (!getword(f, word, &newline, filename))
1202 break;
1203 if (newline)
1204 continue;
1205 if (server != NULL && strcmp(word, server) != 0 && !ISWILD(word))
1206 continue;
1207 if (!ISWILD(word))
1208 got_flag |= NONWILD_SERVER;
1209
1210 /*
1211 * Got some sort of a match - see if it's better than what
1212 * we have already.
1213 */
1214 if (got_flag <= best_flag)
1215 continue;
1216
1217 /*
1218 * Get the secret.
1219 */
1220 if (!getword(f, word, &newline, filename))
1221 break;
1222 if (newline)
1223 continue;
1224
1225 /*
1226 * Special syntax: @filename means read secret from file.
1227 */
1228 if (word[0] == '@') {
1229 strlcpy(atfile, word+1, sizeof atfile);
1230 if ((sf = fopen(atfile, "r")) == NULL) {
1231 syslog(LOG_WARNING, "can't open indirect secret file %s",
1232 atfile);
1233 continue;
1234 }
1235 check_access(sf, atfile);
1236 if (!getword(sf, word, &xxx, atfile)) {
1237 syslog(LOG_WARNING, "no secret in indirect secret file %s",
1238 atfile);
1239 fclose(sf);
1240 continue;
1241 }
1242 fclose(sf);
1243 }
1244 if (secret != NULL)
1245 strlcpy(lsecret, word, sizeof lsecret);
1246
1247 /*
1248 * Now read address authorization info and make a wordlist.
1249 */
1250 alist = alast = NULL;
1251 for (;;) {
1252 size_t wordlen;
1253
1254 if (!getword(f, word, &newline, filename) || newline)
1255 break;
1256 wordlen = strlen(word); /* NUL in struct wordlist */
1257 ap = (struct wordlist *) malloc(sizeof(struct wordlist) +
1258 wordlen);
1259
1260 if (ap == NULL)
1261 novm("authorized addresses");
1262 ap->next = NULL;
1263 strlcpy(ap->word, word, wordlen + 1);
1264 if (alist == NULL)
1265 alist = ap;
1266 else
1267 alast->next = ap;
1268 alast = ap;
1269 }
1270
1271 /*
1272 * Check if the given IP address is allowed by the wordlist.
1273 */
1274 if (ipaddr != 0 && !ip_addr_check(ipaddr, alist)) {
1275 free_wordlist(alist);
1276 continue;
1277 }
1278
1279 /*
1280 * This is the best so far; remember it.
1281 */
1282 best_flag = got_flag;
1283 if (addr_list)
1284 free_wordlist(addr_list);
1285 addr_list = alist;
1286 if (secret != NULL)
1287 strlcpy(secret, lsecret, MAXWORDLEN);
1288
1289 if (!newline)
1290 break;
1291 }
1292
1293 if (addrs != NULL)
1294 *addrs = addr_list;
1295 else if (addr_list != NULL)
1296 free_wordlist(addr_list);
1297
1298 return best_flag;
1299 }
1300
1301 /*
1302 * free_wordlist - release memory allocated for a wordlist.
1303 */
1304 static void
free_wordlist(wp)1305 free_wordlist(wp)
1306 struct wordlist *wp;
1307 {
1308 struct wordlist *next;
1309
1310 while (wp != NULL) {
1311 next = wp->next;
1312 free(wp);
1313 wp = next;
1314 }
1315 }
1316
1317 /*
1318 * auth_script - execute a script with arguments
1319 * interface-name peer-name real-user tty speed
1320 */
1321 static void
auth_script(script)1322 auth_script(script)
1323 char *script;
1324 {
1325 char strspeed[32];
1326 struct passwd *pw;
1327 char struid[32];
1328 char *user_name;
1329 char *argv[8];
1330
1331 if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL)
1332 user_name = pw->pw_name;
1333 else {
1334 snprintf(struid, sizeof struid, "%u", getuid());
1335 user_name = struid;
1336 }
1337 snprintf(strspeed, sizeof strspeed, "%d", baud_rate);
1338
1339 argv[0] = script;
1340 argv[1] = ifname;
1341 argv[2] = peer_authname;
1342 argv[3] = user_name;
1343 argv[4] = devnam;
1344 argv[5] = strspeed;
1345 argv[6] = NULL;
1346
1347 run_program(script, argv, 0);
1348 }
1349