1 /* $OpenBSD: auth.c,v 1.35 2015/12/26 20:51:35 guenther Exp $ */ 2 3 /* 4 * auth.c - PPP authentication and phase control. 5 * 6 * Copyright (c) 1989-2002 Paul Mackerras. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. The name(s) of the authors of this software must not be used to 21 * endorse or promote products derived from this software without 22 * prior written permission. 23 * 24 * 4. Redistributions of any form whatsoever must retain the following 25 * acknowledgment: 26 * "This product includes software developed by Paul Mackerras 27 * <paulus@samba.org>". 28 * 29 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO 30 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 31 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY 32 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 33 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 34 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 35 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 36 * 37 * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. 38 * 39 * Redistribution and use in source and binary forms, with or without 40 * modification, are permitted provided that the following conditions 41 * are met: 42 * 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 46 * 2. Redistributions in binary form must reproduce the above copyright 47 * notice, this list of conditions and the following disclaimer in 48 * the documentation and/or other materials provided with the 49 * distribution. 50 * 51 * 3. The name "Carnegie Mellon University" must not be used to 52 * endorse or promote products derived from this software without 53 * prior written permission. For permission or any legal 54 * details, please contact 55 * Office of Technology Transfer 56 * Carnegie Mellon University 57 * 5000 Forbes Avenue 58 * Pittsburgh, PA 15213-3890 59 * (412) 268-4387, fax: (412) 268-7395 60 * tech-transfer@andrew.cmu.edu 61 * 62 * 4. Redistributions of any form whatsoever must retain the following 63 * acknowledgment: 64 * "This product includes software developed by Computing Services 65 * at Carnegie Mellon University (http://www.cmu.edu/computing/)." 66 * 67 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 68 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 69 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 70 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 71 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 72 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 73 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 74 */ 75 76 #include <stdio.h> 77 #include <stddef.h> 78 #include <stdlib.h> 79 #include <unistd.h> 80 #include <limits.h> 81 #include <syslog.h> 82 #include <pwd.h> 83 #include <string.h> 84 #include <sys/types.h> 85 #include <sys/stat.h> 86 #include <sys/socket.h> 87 #include <utmp.h> 88 #include <fcntl.h> 89 #if defined(_PATH_LASTLOG) && defined(_linux_) 90 #include <lastlog.h> 91 #endif 92 93 #include <netdb.h> 94 #include <netinet/in.h> 95 #include <arpa/inet.h> 96 97 #ifdef USE_PAM 98 #include <security/pam_appl.h> 99 #endif 100 101 #ifdef HAS_SHADOW 102 #include <shadow.h> 103 #ifndef PW_PPP 104 #define PW_PPP PW_LOGIN 105 #endif 106 #endif 107 108 #include "pppd.h" 109 #include "fsm.h" 110 #include "lcp.h" 111 #include "ipcp.h" 112 #include "upap.h" 113 #include "chap.h" 114 #ifdef CBCP_SUPPORT 115 #include "cbcp.h" 116 #endif 117 #include "pathnames.h" 118 119 /* Used for storing a sequence of words. Usually malloced. */ 120 struct wordlist { 121 struct wordlist *next; 122 char word[1]; 123 }; 124 125 /* Bits in scan_authfile return value */ 126 #define NONWILD_SERVER 1 127 #define NONWILD_CLIENT 2 128 129 #define ISWILD(word) (word[0] == '*' && word[1] == 0) 130 131 #define FALSE 0 132 #define TRUE 1 133 134 /* The name by which the peer authenticated itself to us. */ 135 char peer_authname[MAXNAMELEN]; 136 137 /* Records which authentication operations haven't completed yet. */ 138 static int auth_pending[NUM_PPP]; 139 140 /* Set if we have successfully called plogin() */ 141 static int logged_in; 142 143 /* Set if we have run the /etc/ppp/auth-up script. */ 144 static int did_authup; 145 146 /* List of addresses which the peer may use. */ 147 static struct wordlist *addresses[NUM_PPP]; 148 149 /* Number of network protocols which we have opened. */ 150 static int num_np_open; 151 152 /* Number of network protocols which have come up. */ 153 static int num_np_up; 154 155 /* Set if we got the contents of passwd[] from the pap-secrets file. */ 156 static int passwd_from_file; 157 158 /* Bits in auth_pending[] */ 159 #define PAP_WITHPEER 1 160 #define PAP_PEER 2 161 #define CHAP_WITHPEER 4 162 #define CHAP_PEER 8 163 164 extern char *crypt(const char *, const char *); 165 166 /* Prototypes for procedures local to this file. */ 167 168 static void network_phase(int); 169 static void check_idle(void *); 170 static void connect_time_expired(void *); 171 static int plogin(char *, char *, char **, int *); 172 static void plogout(void); 173 static int null_login(int); 174 static int get_pap_passwd(char *); 175 static int have_pap_secret(void); 176 static int have_chap_secret(char *, char *, u_int32_t); 177 static int ip_addr_check(u_int32_t, struct wordlist *); 178 static int scan_authfile(FILE *, char *, char *, u_int32_t, char *, 179 struct wordlist **, char *); 180 static void free_wordlist(struct wordlist *); 181 static void auth_script(char *); 182 static void set_allowed_addrs(int, struct wordlist *); 183 184 /* 185 * An Open on LCP has requested a change from Dead to Establish phase. 186 * Do what's necessary to bring the physical layer up. 187 */ 188 void 189 link_required(unit) 190 int unit; 191 { 192 } 193 194 /* 195 * LCP has terminated the link; go to the Dead phase and take the 196 * physical layer down. 197 */ 198 void 199 link_terminated(unit) 200 int unit; 201 { 202 if (phase == PHASE_DEAD) 203 return; 204 if (logged_in) 205 plogout(); 206 phase = PHASE_DEAD; 207 syslog(LOG_NOTICE, "Connection terminated."); 208 } 209 210 /* 211 * LCP has gone down; it will either die or try to re-establish. 212 */ 213 void 214 link_down(unit) 215 int unit; 216 { 217 int i; 218 struct protent *protp; 219 220 if (did_authup) { 221 auth_script(_PATH_AUTHDOWN); 222 did_authup = 0; 223 } 224 for (i = 0; (protp = protocols[i]) != NULL; ++i) { 225 if (!protp->enabled_flag) 226 continue; 227 if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) 228 (*protp->lowerdown)(unit); 229 if (protp->protocol < 0xC000 && protp->close != NULL) 230 (*protp->close)(unit, "LCP down"); 231 } 232 num_np_open = 0; 233 num_np_up = 0; 234 if (phase != PHASE_DEAD) 235 phase = PHASE_TERMINATE; 236 } 237 238 /* 239 * The link is established. 240 * Proceed to the Dead, Authenticate or Network phase as appropriate. 241 */ 242 void 243 link_established(unit) 244 int unit; 245 { 246 int auth; 247 lcp_options *wo = &lcp_wantoptions[unit]; 248 lcp_options *go = &lcp_gotoptions[unit]; 249 lcp_options *ho = &lcp_hisoptions[unit]; 250 int i; 251 struct protent *protp; 252 253 /* 254 * Tell higher-level protocols that LCP is up. 255 */ 256 for (i = 0; (protp = protocols[i]) != NULL; ++i) 257 if (protp->protocol != PPP_LCP && protp->enabled_flag 258 && protp->lowerup != NULL) 259 (*protp->lowerup)(unit); 260 261 if (auth_required && !(go->neg_chap || go->neg_upap)) { 262 /* 263 * We wanted the peer to authenticate itself, and it refused: 264 * treat it as though it authenticated with PAP using a username 265 * of "" and a password of "". If that's not OK, boot it out. 266 */ 267 if (!wo->neg_upap || !null_login(unit)) { 268 syslog(LOG_WARNING, "peer refused to authenticate"); 269 lcp_close(unit, "peer refused to authenticate"); 270 return; 271 } 272 } 273 274 phase = PHASE_AUTHENTICATE; 275 auth = 0; 276 if (go->neg_chap) { 277 ChapAuthPeer(unit, our_name, go->chap_mdtype); 278 auth |= CHAP_PEER; 279 } else if (go->neg_upap) { 280 upap_authpeer(unit); 281 auth |= PAP_PEER; 282 } 283 if (ho->neg_chap) { 284 ChapAuthWithPeer(unit, user, ho->chap_mdtype); 285 auth |= CHAP_WITHPEER; 286 } else if (ho->neg_upap) { 287 if (passwd[0] == 0) { 288 passwd_from_file = 1; 289 if (!get_pap_passwd(passwd)) 290 syslog(LOG_ERR, "No secret found for PAP login"); 291 } 292 upap_authwithpeer(unit, user, passwd); 293 auth |= PAP_WITHPEER; 294 } 295 auth_pending[unit] = auth; 296 297 if (!auth) 298 network_phase(unit); 299 } 300 301 /* 302 * Proceed to the network phase. 303 */ 304 static void 305 network_phase(unit) 306 int unit; 307 { 308 int i; 309 struct protent *protp; 310 lcp_options *go = &lcp_gotoptions[unit]; 311 312 /* 313 * If the peer had to authenticate, run the auth-up script now. 314 */ 315 if ((go->neg_chap || go->neg_upap) && !did_authup) { 316 auth_script(_PATH_AUTHUP); 317 did_authup = 1; 318 } 319 320 #ifdef CBCP_SUPPORT 321 /* 322 * If we negotiated callback, do it now. 323 */ 324 if (go->neg_cbcp) { 325 phase = PHASE_CALLBACK; 326 (*cbcp_protent.open)(unit); 327 return; 328 } 329 #endif 330 331 phase = PHASE_NETWORK; 332 #if 0 333 if (!demand) 334 set_filters(&pass_filter, &active_filter); 335 #endif 336 for (i = 0; (protp = protocols[i]) != NULL; ++i) 337 if (protp->protocol < 0xC000 && protp->enabled_flag 338 && protp->open != NULL) { 339 (*protp->open)(unit); 340 if (protp->protocol != PPP_CCP) 341 ++num_np_open; 342 } 343 344 if (num_np_open == 0) 345 /* nothing to do */ 346 lcp_close(0, "No network protocols running"); 347 } 348 349 /* 350 * The peer has failed to authenticate himself using `protocol'. 351 */ 352 void 353 auth_peer_fail(unit, protocol) 354 int unit, protocol; 355 { 356 /* 357 * Authentication failure: take the link down 358 */ 359 lcp_close(unit, "Authentication failed"); 360 } 361 362 /* 363 * The peer has been successfully authenticated using `protocol'. 364 */ 365 void 366 auth_peer_success(unit, protocol, name, namelen) 367 int unit, protocol; 368 char *name; 369 int namelen; 370 { 371 int bit; 372 373 switch (protocol) { 374 case PPP_CHAP: 375 bit = CHAP_PEER; 376 break; 377 case PPP_PAP: 378 bit = PAP_PEER; 379 break; 380 default: 381 syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", 382 protocol); 383 return; 384 } 385 386 /* 387 * Save the authenticated name of the peer for later. 388 */ 389 if (namelen > sizeof(peer_authname) - 1) 390 namelen = sizeof(peer_authname) - 1; 391 BCOPY(name, peer_authname, namelen); 392 peer_authname[namelen] = 0; 393 script_setenv("PEERNAME", peer_authname); 394 395 /* 396 * If there is no more authentication still to be done, 397 * proceed to the network (or callback) phase. 398 */ 399 if ((auth_pending[unit] &= ~bit) == 0) 400 network_phase(unit); 401 } 402 403 /* 404 * We have failed to authenticate ourselves to the peer using `protocol'. 405 */ 406 void 407 auth_withpeer_fail(unit, protocol) 408 int unit, protocol; 409 { 410 if (passwd_from_file) 411 BZERO(passwd, MAXSECRETLEN); 412 /* 413 * We've failed to authenticate ourselves to our peer. 414 * He'll probably take the link down, and there's not much 415 * we can do except wait for that. 416 */ 417 } 418 419 /* 420 * We have successfully authenticated ourselves with the peer using `protocol'. 421 */ 422 void 423 auth_withpeer_success(unit, protocol) 424 int unit, protocol; 425 { 426 int bit; 427 428 switch (protocol) { 429 case PPP_CHAP: 430 bit = CHAP_WITHPEER; 431 break; 432 case PPP_PAP: 433 if (passwd_from_file) 434 BZERO(passwd, MAXSECRETLEN); 435 bit = PAP_WITHPEER; 436 break; 437 default: 438 syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", 439 protocol); 440 bit = 0; 441 } 442 443 /* 444 * If there is no more authentication still being done, 445 * proceed to the network (or callback) phase. 446 */ 447 if ((auth_pending[unit] &= ~bit) == 0) 448 network_phase(unit); 449 } 450 451 452 /* 453 * np_up - a network protocol has come up. 454 */ 455 void 456 np_up(unit, proto) 457 int unit, proto; 458 { 459 if (num_np_up == 0) { 460 /* 461 * At this point we consider that the link has come up successfully. 462 */ 463 need_holdoff = 0; 464 465 if (idle_time_limit > 0) 466 TIMEOUT(check_idle, NULL, idle_time_limit); 467 468 /* 469 * Set a timeout to close the connection once the maximum 470 * connect time has expired. 471 */ 472 if (maxconnect > 0) 473 TIMEOUT(connect_time_expired, 0, maxconnect); 474 475 /* 476 * Detach now, if the updetach option was given. 477 */ 478 if (nodetach == -1) 479 detach(); 480 } 481 ++num_np_up; 482 } 483 484 /* 485 * np_down - a network protocol has gone down. 486 */ 487 void 488 np_down(unit, proto) 489 int unit, proto; 490 { 491 if (--num_np_up == 0 && idle_time_limit > 0) { 492 UNTIMEOUT(check_idle, NULL); 493 } 494 } 495 496 /* 497 * np_finished - a network protocol has finished using the link. 498 */ 499 void 500 np_finished(unit, proto) 501 int unit, proto; 502 { 503 if (--num_np_open <= 0) { 504 /* no further use for the link: shut up shop. */ 505 lcp_close(0, "No network protocols running"); 506 } 507 } 508 509 /* 510 * check_idle - check whether the link has been idle for long 511 * enough that we can shut it down. 512 */ 513 static void 514 check_idle(arg) 515 void *arg; 516 { 517 struct ppp_idle idle; 518 time_t itime; 519 520 if (!get_idle_time(0, &idle)) 521 return; 522 itime = MIN(idle.xmit_idle, idle.recv_idle); 523 if (itime >= idle_time_limit) { 524 /* link is idle: shut it down. */ 525 syslog(LOG_INFO, "Terminating connection due to lack of activity."); 526 lcp_close(0, "Link inactive"); 527 } else { 528 TIMEOUT(check_idle, NULL, idle_time_limit - itime); 529 } 530 } 531 532 /* 533 * connect_time_expired - log a message and close the connection. 534 */ 535 static void 536 connect_time_expired(arg) 537 void *arg; 538 { 539 syslog(LOG_INFO, "Connect time expired"); 540 lcp_close(0, "Connect time expired"); /* Close connection */ 541 } 542 543 /* 544 * auth_check_options - called to check authentication options. 545 */ 546 void 547 auth_check_options() 548 { 549 lcp_options *wo = &lcp_wantoptions[0]; 550 int can_auth; 551 ipcp_options *ipwo = &ipcp_wantoptions[0]; 552 u_int32_t remote; 553 554 /* Default our_name to hostname, and user to our_name */ 555 if (our_name[0] == 0 || usehostname) 556 strlcpy(our_name, hostname, HOST_NAME_MAX+1); 557 if (user[0] == 0) 558 strlcpy(user, our_name, MAXNAMELEN); 559 560 /* If authentication is required, ask peer for CHAP or PAP. */ 561 if (auth_required && !wo->neg_chap && !wo->neg_upap) { 562 wo->neg_chap = 1; 563 wo->neg_upap = 1; 564 } 565 566 /* 567 * Check whether we have appropriate secrets to use 568 * to authenticate the peer. 569 */ 570 can_auth = wo->neg_upap && (uselogin || have_pap_secret()); 571 if (!can_auth && wo->neg_chap) { 572 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 573 can_auth = have_chap_secret(remote_name, our_name, remote); 574 } 575 576 if (auth_required && !can_auth) { 577 option_error("peer authentication required but no suitable secret(s) found\n"); 578 if (remote_name[0] == 0) 579 option_error("for authenticating any peer to us (%s)\n", our_name); 580 else 581 option_error("for authenticating peer %s to us (%s)\n", 582 remote_name, our_name); 583 exit(1); 584 } 585 586 /* 587 * Check whether the user tried to override certain values 588 * set by root. 589 */ 590 if (!auth_required && auth_req_info.priv > 0) { 591 if (!default_device && devnam_info.priv == 0) { 592 option_error("can't override device name when noauth option used"); 593 exit(1); 594 } 595 if ((connector != NULL && connector_info.priv == 0) 596 || (disconnector != NULL && disconnector_info.priv == 0) 597 || (welcomer != NULL && welcomer_info.priv == 0)) { 598 option_error("can't override connect, disconnect or welcome"); 599 option_error("option values when noauth option used"); 600 exit(1); 601 } 602 } 603 } 604 605 /* 606 * auth_reset - called when LCP is starting negotiations to recheck 607 * authentication options, i.e. whether we have appropriate secrets 608 * to use for authenticating ourselves and/or the peer. 609 */ 610 void 611 auth_reset(unit) 612 int unit; 613 { 614 lcp_options *go = &lcp_gotoptions[unit]; 615 lcp_options *ao = &lcp_allowoptions[0]; 616 ipcp_options *ipwo = &ipcp_wantoptions[0]; 617 u_int32_t remote; 618 619 ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL)); 620 ao->neg_chap = !refuse_chap 621 && have_chap_secret(user, remote_name, (u_int32_t)0); 622 623 if (go->neg_upap && !uselogin && !have_pap_secret()) 624 go->neg_upap = 0; 625 if (go->neg_chap) { 626 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 627 if (!have_chap_secret(remote_name, our_name, remote)) 628 go->neg_chap = 0; 629 } 630 } 631 632 633 /* 634 * check_passwd - Check the user name and passwd against the PAP secrets 635 * file. If requested, also check against the system password database, 636 * and login the user if OK. 637 * 638 * returns: 639 * UPAP_AUTHNAK: Authentication failed. 640 * UPAP_AUTHACK: Authentication succeeded. 641 * In either case, msg points to an appropriate message. 642 */ 643 int 644 check_passwd(unit, auser, userlen, apasswd, passwdlen, msg, msglen) 645 int unit; 646 char *auser; 647 int userlen; 648 char *apasswd; 649 int passwdlen; 650 char **msg; 651 int *msglen; 652 { 653 int ret; 654 char *filename; 655 FILE *f; 656 struct wordlist *addrs; 657 u_int32_t remote; 658 ipcp_options *ipwo = &ipcp_wantoptions[unit]; 659 char passwd[256], user[256]; 660 char secret[MAXWORDLEN]; 661 static int attempts = 0; 662 663 /* 664 * Make copies of apasswd and auser, then null-terminate them. 665 */ 666 BCOPY(apasswd, passwd, passwdlen); 667 passwd[passwdlen] = '\0'; 668 BCOPY(auser, user, userlen); 669 user[userlen] = '\0'; 670 *msg = (char *) 0; 671 672 /* 673 * Open the file of pap secrets and scan for a suitable secret 674 * for authenticating this user. 675 */ 676 filename = _PATH_UPAPFILE; 677 addrs = NULL; 678 ret = UPAP_AUTHACK; 679 f = fopen(filename, "r"); 680 if (f == NULL) { 681 syslog(LOG_ERR, "Can't open PAP password file %s: %m", filename); 682 ret = UPAP_AUTHNAK; 683 } else { 684 check_access(f, filename); 685 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 686 if (scan_authfile(f, user, our_name, remote, 687 secret, &addrs, filename) < 0 688 || (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0) 689 && strcmp(crypt(passwd, secret), secret) != 0)) { 690 syslog(LOG_WARNING, "PAP authentication failure for %s", user); 691 ret = UPAP_AUTHNAK; 692 } 693 fclose(f); 694 } 695 696 if (uselogin && ret == UPAP_AUTHACK) { 697 ret = plogin(user, passwd, msg, msglen); 698 if (ret == UPAP_AUTHNAK) { 699 syslog(LOG_WARNING, "PAP login failure for %s", user); 700 } 701 } 702 703 if (ret == UPAP_AUTHNAK) { 704 if (*msg == (char *) 0) 705 *msg = "Login incorrect"; 706 *msglen = strlen(*msg); 707 /* 708 * Frustrate passwd stealer programs. 709 * Allow 10 tries, but start backing off after 3 (stolen from login). 710 * On 10'th, drop the connection. 711 */ 712 if (attempts++ >= 10) { 713 syslog(LOG_WARNING, "%d LOGIN FAILURES ON %s, %s", 714 attempts, devnam, user); 715 quit(); 716 } 717 if (attempts > 3) 718 sleep((u_int) (attempts - 3) * 5); 719 if (addrs != NULL) 720 free_wordlist(addrs); 721 722 } else { 723 attempts = 0; /* Reset count */ 724 if (*msg == (char *) 0) 725 *msg = "Login ok"; 726 *msglen = strlen(*msg); 727 set_allowed_addrs(unit, addrs); 728 } 729 730 BZERO(passwd, sizeof(passwd)); 731 BZERO(secret, sizeof(secret)); 732 733 return ret; 734 } 735 736 /* 737 * This function is needed for PAM. 738 */ 739 740 #ifdef USE_PAM 741 static char *PAM_username = ""; 742 static char *PAM_password = ""; 743 744 #ifdef PAM_ESTABLISH_CRED /* new PAM defines :(^ */ 745 #define MY_PAM_STRERROR(err_code) (char *) pam_strerror(pamh,err_code) 746 #else 747 #define MY_PAM_STRERROR(err_code) (char *) pam_strerror(err_code) 748 #endif 749 750 static int pam_conv (int num_msg, 751 const struct pam_message **msg, 752 struct pam_response **resp, 753 void *appdata_ptr) 754 { 755 int count = 0, replies = 0; 756 struct pam_response *reply = NULL; 757 int size = 0; 758 759 for (count = 0; count < num_msg; count++) 760 { 761 struct pam_response *newreply; 762 int newsize = size + sizeof (struct pam_response); 763 newreply = realloc (reply, newsize); /* ANSI: is malloc() if reply==NULL */ 764 if (!newreply) { 765 free(reply); 766 reply = NULL; 767 return PAM_CONV_ERR; 768 } 769 reply = newreply; 770 size = newsize; 771 772 switch (msg[count]->msg_style) 773 { 774 case PAM_PROMPT_ECHO_ON: 775 reply[replies].resp_retcode = PAM_SUCCESS; 776 reply[replies++].resp = strdup(PAM_username); /* never NULL */ 777 break; 778 779 case PAM_PROMPT_ECHO_OFF: 780 reply[replies].resp_retcode = PAM_SUCCESS; 781 reply[replies++].resp = strdup(PAM_password); /* never NULL */ 782 break; 783 784 case PAM_TEXT_INFO: 785 reply[replies].resp_retcode = PAM_SUCCESS; 786 reply[replies++].resp = NULL; 787 break; 788 789 case PAM_ERROR_MSG: 790 default: 791 free (reply); 792 return PAM_CONV_ERR; 793 } 794 } 795 796 if (resp) 797 *resp = reply; 798 else 799 free (reply); 800 801 return PAM_SUCCESS; 802 } 803 #endif 804 805 /* 806 * plogin - Check the user name and password against the system 807 * password database, and login the user if OK. 808 * 809 * returns: 810 * UPAP_AUTHNAK: Login failed. 811 * UPAP_AUTHACK: Login succeeded. 812 * In either case, msg points to an appropriate message. 813 */ 814 815 static int 816 plogin(user, passwd, msg, msglen) 817 char *user; 818 char *passwd; 819 char **msg; 820 int *msglen; 821 { 822 823 #ifdef USE_PAM 824 825 struct pam_conv pam_conversation; 826 pam_handle_t *pamh; 827 int pam_error; 828 /* 829 * Fill the pam_conversion structure 830 */ 831 memset (&pam_conversation, '\0', sizeof (struct pam_conv)); 832 pam_conversation.conv = &pam_conv; 833 834 pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); 835 836 if (pam_error != PAM_SUCCESS) { 837 *msg = MY_PAM_STRERROR (pam_error); 838 return UPAP_AUTHNAK; 839 } 840 /* 841 * Define the fields for the credential validation 842 */ 843 (void) pam_set_item (pamh, PAM_TTY, devnam); 844 PAM_username = user; 845 PAM_password = passwd; 846 /* 847 * Validate the user 848 */ 849 pam_error = pam_authenticate (pamh, PAM_SILENT); 850 if (pam_error == PAM_SUCCESS) { 851 pam_error = pam_acct_mgmt (pamh, PAM_SILENT); 852 853 /* start a session for this user. Session closed when link ends. */ 854 if (pam_error == PAM_SUCCESS) 855 (void) pam_open_session (pamh, PAM_SILENT); 856 } 857 858 *msg = MY_PAM_STRERROR (pam_error); 859 860 PAM_username = 861 PAM_password = ""; 862 /* 863 * Clean up the mess 864 */ 865 (void) pam_end (pamh, pam_error); 866 867 if (pam_error != PAM_SUCCESS) 868 return UPAP_AUTHNAK; 869 /* 870 * Use the non-PAM methods directly 871 */ 872 #else /* #ifdef USE_PAM */ 873 874 struct passwd *pw; 875 char *tty; 876 877 #ifdef HAS_SHADOW 878 struct spwd *spwd; 879 struct spwd *getspnam(); 880 #endif 881 882 pw = getpwnam(user); 883 endpwent(); 884 if (pw == NULL) { 885 return (UPAP_AUTHNAK); 886 } 887 888 #ifdef HAS_SHADOW 889 spwd = getspnam(user); 890 endspent(); 891 if (spwd) { 892 /* check the age of the password entry */ 893 long now = time(NULL) / 86400L; 894 895 if ((spwd->sp_expire > 0 && now >= spwd->sp_expire) 896 || ((spwd->sp_max >= 0 && spwd->sp_max < 10000) 897 && spwd->sp_lstchg >= 0 898 && now >= spwd->sp_lstchg + spwd->sp_max)) { 899 syslog(LOG_WARNING, "Password for %s has expired", user); 900 return (UPAP_AUTHNAK); 901 } 902 pw->pw_passwd = spwd->sp_pwdp; 903 } 904 #endif 905 906 /* 907 * If no passwd, don't let them login. 908 */ 909 if (pw->pw_passwd == NULL || *pw->pw_passwd == '\0' 910 || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) 911 return (UPAP_AUTHNAK); 912 913 /* These functions are not enabled for PAM. The reason for this is that */ 914 /* there is not necessarily a "passwd" entry for this user. That is */ 915 /* real purpose of 'PAM' -- to virtualize the account data from the */ 916 /* application. If you want to do the same thing, write the entry in */ 917 /* the 'session' hook. */ 918 919 /* 920 * Write a wtmp entry for this user. 921 */ 922 923 tty = devnam; 924 if (strncmp(tty, "/dev/", 5) == 0) 925 tty += 5; 926 logwtmp(tty, user, remote_name); /* Add wtmp login entry */ 927 928 #if defined(_PATH_LASTLOG) 929 { 930 struct lastlog ll; 931 int fd; 932 933 if ((fd = open(_PATH_LASTLOG, O_RDWR)) >= 0) { 934 memset(&ll, 0, sizeof(ll)); 935 (void)time(&ll.ll_time); 936 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); 937 (void)pwrite(fd, &ll, sizeof(ll), (off_t)pw->pw_uid * 938 sizeof(ll)); 939 (void)close(fd); 940 } 941 } 942 #endif 943 944 #endif /* #ifdef USE_PAM */ 945 946 syslog(LOG_INFO, "user %s logged in", user); 947 logged_in = TRUE; 948 949 return (UPAP_AUTHACK); 950 } 951 952 /* 953 * plogout - Logout the user. 954 */ 955 static void 956 plogout() 957 { 958 #ifdef USE_PAM 959 struct pam_conv pam_conversation; 960 pam_handle_t *pamh; 961 int pam_error; 962 /* 963 * Fill the pam_conversion structure. The PAM specification states that the 964 * session must be able to be closed by a totally different handle from which 965 * it was created. Hold the PAM group to their own specification! 966 */ 967 memset (&pam_conversation, '\0', sizeof (struct pam_conv)); 968 pam_conversation.conv = &pam_conv; 969 970 pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); 971 if (pam_error == PAM_SUCCESS) { 972 (void) pam_set_item (pamh, PAM_TTY, devnam); 973 (void) pam_close_session (pamh, PAM_SILENT); 974 (void) pam_end (pamh, PAM_SUCCESS); 975 } 976 977 #else 978 char *tty; 979 980 tty = devnam; 981 if (strncmp(tty, "/dev/", 5) == 0) 982 tty += 5; 983 logwtmp(tty, "", ""); /* Wipe out utmp logout entry */ 984 #endif 985 986 logged_in = FALSE; 987 } 988 989 990 /* 991 * null_login - Check if a username of "" and a password of "" are 992 * acceptable, and iff so, set the list of acceptable IP addresses 993 * and return 1. 994 */ 995 static int 996 null_login(unit) 997 int unit; 998 { 999 char *filename; 1000 FILE *f; 1001 int i, ret; 1002 struct wordlist *addrs; 1003 char secret[MAXWORDLEN]; 1004 1005 /* 1006 * Open the file of pap secrets and scan for a suitable secret. 1007 * We don't accept a wildcard client. 1008 */ 1009 filename = _PATH_UPAPFILE; 1010 addrs = NULL; 1011 f = fopen(filename, "r"); 1012 if (f == NULL) 1013 return 0; 1014 check_access(f, filename); 1015 1016 i = scan_authfile(f, "", our_name, (u_int32_t)0, secret, &addrs, filename); 1017 ret = i >= 0 && (i & NONWILD_CLIENT) != 0 && secret[0] == 0; 1018 BZERO(secret, sizeof(secret)); 1019 1020 if (ret) 1021 set_allowed_addrs(unit, addrs); 1022 else 1023 free_wordlist(addrs); 1024 1025 fclose(f); 1026 return ret; 1027 } 1028 1029 1030 /* 1031 * get_pap_passwd - get a password for authenticating ourselves with 1032 * our peer using PAP. Returns 1 on success, 0 if no suitable password 1033 * could be found. 1034 */ 1035 static int 1036 get_pap_passwd(passwd) 1037 char *passwd; 1038 { 1039 char *filename; 1040 FILE *f; 1041 int ret; 1042 char secret[MAXWORDLEN]; 1043 1044 filename = _PATH_UPAPFILE; 1045 f = fopen(filename, "r"); 1046 if (f == NULL) 1047 return 0; 1048 check_access(f, filename); 1049 ret = scan_authfile(f, user, 1050 remote_name[0]? remote_name: NULL, 1051 (u_int32_t)0, secret, NULL, filename); 1052 fclose(f); 1053 if (ret < 0) 1054 return 0; 1055 if (passwd != NULL) 1056 strlcpy(passwd, secret, MAXSECRETLEN); 1057 BZERO(secret, sizeof(secret)); 1058 return 1; 1059 } 1060 1061 1062 /* 1063 * have_pap_secret - check whether we have a PAP file with any 1064 * secrets that we could possibly use for authenticating the peer. 1065 */ 1066 static int 1067 have_pap_secret() 1068 { 1069 FILE *f; 1070 int ret; 1071 char *filename; 1072 ipcp_options *ipwo = &ipcp_wantoptions[0]; 1073 u_int32_t remote; 1074 1075 filename = _PATH_UPAPFILE; 1076 f = fopen(filename, "r"); 1077 if (f == NULL) 1078 return 0; 1079 1080 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 1081 ret = scan_authfile(f, NULL, our_name, remote, NULL, NULL, filename); 1082 fclose(f); 1083 if (ret < 0) 1084 return 0; 1085 1086 return 1; 1087 } 1088 1089 1090 /* 1091 * have_chap_secret - check whether we have a CHAP file with a 1092 * secret that we could possibly use for authenticating `client' 1093 * on `server'. Either can be the null string, meaning we don't 1094 * know the identity yet. 1095 */ 1096 static int 1097 have_chap_secret(client, server, remote) 1098 char *client; 1099 char *server; 1100 u_int32_t remote; 1101 { 1102 FILE *f; 1103 int ret; 1104 char *filename; 1105 1106 filename = _PATH_CHAPFILE; 1107 f = fopen(filename, "r"); 1108 if (f == NULL) 1109 return 0; 1110 1111 if (client[0] == 0) 1112 client = NULL; 1113 else if (server[0] == 0) 1114 server = NULL; 1115 1116 ret = scan_authfile(f, client, server, remote, NULL, NULL, filename); 1117 fclose(f); 1118 if (ret < 0) 1119 return 0; 1120 1121 return 1; 1122 } 1123 1124 1125 /* 1126 * get_secret - open the CHAP secret file and return the secret 1127 * for authenticating the given client on the given server. 1128 * (We could be either client or server). 1129 */ 1130 int 1131 get_secret(unit, client, server, secret, secret_len, save_addrs) 1132 int unit; 1133 char *client; 1134 char *server; 1135 char *secret; 1136 int *secret_len; 1137 int save_addrs; 1138 { 1139 FILE *f; 1140 int ret, len; 1141 char *filename; 1142 struct wordlist *addrs; 1143 char secbuf[MAXWORDLEN]; 1144 1145 filename = _PATH_CHAPFILE; 1146 addrs = NULL; 1147 secbuf[0] = 0; 1148 1149 f = fopen(filename, "r"); 1150 if (f == NULL) { 1151 syslog(LOG_ERR, "Can't open chap secret file %s: %m", filename); 1152 return 0; 1153 } 1154 check_access(f, filename); 1155 1156 ret = scan_authfile(f, client, server, (u_int32_t)0, 1157 secbuf, &addrs, filename); 1158 fclose(f); 1159 if (ret < 0) 1160 return 0; 1161 1162 if (save_addrs) 1163 set_allowed_addrs(unit, addrs); 1164 1165 len = strlen(secbuf); 1166 if (len > MAXSECRETLEN) { 1167 syslog(LOG_ERR, "Secret for %s on %s is too long", client, server); 1168 len = MAXSECRETLEN; 1169 } 1170 BCOPY(secbuf, secret, len); 1171 BZERO(secbuf, sizeof(secbuf)); 1172 *secret_len = len; 1173 1174 return 1; 1175 } 1176 1177 /* 1178 * set_allowed_addrs() - set the list of allowed addresses. 1179 */ 1180 static void 1181 set_allowed_addrs(unit, addrs) 1182 int unit; 1183 struct wordlist *addrs; 1184 { 1185 if (addresses[unit] != NULL) 1186 free_wordlist(addresses[unit]); 1187 addresses[unit] = addrs; 1188 1189 /* 1190 * If there's only one authorized address we might as well 1191 * ask our peer for that one right away 1192 */ 1193 if (addrs != NULL && addrs->next == NULL) { 1194 char *p = addrs->word; 1195 struct ipcp_options *wo = &ipcp_wantoptions[unit]; 1196 struct in_addr ina; 1197 struct hostent *hp; 1198 1199 if (*p != '!' && *p != '-' && !ISWILD(p) && strchr(p, '/') == NULL) { 1200 hp = gethostbyname(p); 1201 if (hp != NULL && hp->h_addrtype == AF_INET) 1202 wo->hisaddr = *(u_int32_t *)hp->h_addr; 1203 else if (inet_aton(p, &ina) == 1) 1204 wo->hisaddr = ina.s_addr; 1205 } 1206 } 1207 } 1208 1209 /* 1210 * auth_ip_addr - check whether the peer is authorized to use 1211 * a given IP address. Returns 1 if authorized, 0 otherwise. 1212 */ 1213 int 1214 auth_ip_addr(unit, addr) 1215 int unit; 1216 u_int32_t addr; 1217 { 1218 return ip_addr_check(addr, addresses[unit]); 1219 } 1220 1221 static int 1222 ip_addr_check(addr, addrs) 1223 u_int32_t addr; 1224 struct wordlist *addrs; 1225 { 1226 u_int32_t mask, ah; 1227 struct in_addr ina; 1228 int accept, r = 1; 1229 char *ptr_word, *ptr_mask; 1230 struct hostent *hp; 1231 1232 /* don't allow loopback or multicast address */ 1233 if (bad_ip_adrs(addr)) 1234 return 0; 1235 1236 if (addrs == NULL) 1237 return !auth_required; /* no addresses authorized */ 1238 1239 for (; addrs != NULL; addrs = addrs->next) { 1240 /* "-" means no addresses authorized, "*" means any address allowed */ 1241 ptr_word = addrs->word; 1242 if (strcmp(ptr_word, "-") == 0) 1243 break; 1244 if (strcmp(ptr_word, "*") == 0) 1245 return 1; 1246 1247 accept = 1; 1248 if (*ptr_word == '!') { 1249 accept = 0; 1250 ++ptr_word; 1251 } 1252 1253 mask = ~ (u_int32_t) 0; 1254 ptr_mask = strchr (ptr_word, '/'); 1255 if (ptr_mask != NULL) { 1256 int bit_count; 1257 1258 bit_count = (int) strtol (ptr_mask+1, (char **) 0, 10); 1259 if (bit_count <= 0 || bit_count > 32) { 1260 syslog (LOG_WARNING, 1261 "invalid address length %s in auth. address list", 1262 ptr_mask); 1263 continue; 1264 } 1265 *ptr_mask = '\0'; 1266 mask <<= 32 - bit_count; 1267 } 1268 1269 hp = gethostbyname(ptr_word); 1270 if (hp != NULL && hp->h_addrtype == AF_INET) { 1271 ina.s_addr = *(u_int32_t *)hp->h_addr; 1272 } else { 1273 r = inet_aton (ptr_word, &ina); 1274 if (ptr_mask == NULL) { 1275 /* calculate appropriate mask for net */ 1276 ah = ntohl(ina.s_addr); 1277 if (IN_CLASSA(ah)) 1278 mask = IN_CLASSA_NET; 1279 else if (IN_CLASSB(ah)) 1280 mask = IN_CLASSB_NET; 1281 else if (IN_CLASSC(ah)) 1282 mask = IN_CLASSC_NET; 1283 } 1284 } 1285 1286 if (ptr_mask != NULL) 1287 *ptr_mask = '/'; 1288 1289 if (r == 0) 1290 syslog (LOG_WARNING, 1291 "unknown host %s in auth. address list", 1292 addrs->word); 1293 else 1294 /* Here ina.s_addr and addr are in network byte order, 1295 and mask is in host order. */ 1296 if (((addr ^ ina.s_addr) & htonl(mask)) == 0) 1297 return accept; 1298 } 1299 return 0; /* not in list => can't have it */ 1300 } 1301 1302 /* 1303 * bad_ip_adrs - return 1 if the IP address is one we don't want 1304 * to use, such as an address in the loopback net or a multicast address. 1305 * addr is in network byte order. 1306 */ 1307 int 1308 bad_ip_adrs(addr) 1309 u_int32_t addr; 1310 { 1311 addr = ntohl(addr); 1312 return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET 1313 || IN_MULTICAST(addr) || IN_BADCLASS(addr); 1314 } 1315 1316 /* 1317 * check_access - complain if a secret file has too-liberal permissions. 1318 */ 1319 void 1320 check_access(f, filename) 1321 FILE *f; 1322 char *filename; 1323 { 1324 struct stat sbuf; 1325 1326 if (fstat(fileno(f), &sbuf) < 0) { 1327 syslog(LOG_WARNING, "cannot stat secret file %s: %m", filename); 1328 } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) { 1329 syslog(LOG_WARNING, "Warning - secret file %s has world and/or group access", filename); 1330 } 1331 } 1332 1333 1334 /* 1335 * scan_authfile - Scan an authorization file for a secret suitable 1336 * for authenticating `client' on `server'. The return value is -1 1337 * if no secret is found, otherwise >= 0. The return value has 1338 * NONWILD_CLIENT set if the secret didn't have "*" for the client, and 1339 * NONWILD_SERVER set if the secret didn't have "*" for the server. 1340 * Any following words on the line (i.e. address authorization 1341 * info) are placed in a wordlist and returned in *addrs. 1342 */ 1343 static int 1344 scan_authfile(f, client, server, ipaddr, secret, addrs, filename) 1345 FILE *f; 1346 char *client; 1347 char *server; 1348 u_int32_t ipaddr; 1349 char *secret; 1350 struct wordlist **addrs; 1351 char *filename; 1352 { 1353 int newline, xxx; 1354 int got_flag, best_flag; 1355 FILE *sf; 1356 struct wordlist *ap, *addr_list, *alist, *alast; 1357 char word[MAXWORDLEN]; 1358 char atfile[MAXWORDLEN]; 1359 char lsecret[MAXWORDLEN]; 1360 1361 if (addrs != NULL) 1362 *addrs = NULL; 1363 addr_list = NULL; 1364 if (!getword(f, word, &newline, filename)) 1365 return -1; /* file is empty??? */ 1366 newline = 1; 1367 best_flag = -1; 1368 for (;;) { 1369 /* 1370 * Skip until we find a word at the start of a line. 1371 */ 1372 while (!newline && getword(f, word, &newline, filename)) 1373 ; 1374 if (!newline) 1375 break; /* got to end of file */ 1376 1377 /* 1378 * Got a client - check if it's a match or a wildcard. 1379 */ 1380 got_flag = 0; 1381 if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) { 1382 newline = 0; 1383 continue; 1384 } 1385 if (!ISWILD(word)) 1386 got_flag = NONWILD_CLIENT; 1387 1388 /* 1389 * Now get a server and check if it matches. 1390 */ 1391 if (!getword(f, word, &newline, filename)) 1392 break; 1393 if (newline) 1394 continue; 1395 if (server != NULL && strcmp(word, server) != 0 && !ISWILD(word)) 1396 continue; 1397 if (!ISWILD(word)) 1398 got_flag |= NONWILD_SERVER; 1399 1400 /* 1401 * Got some sort of a match - see if it's better than what 1402 * we have already. 1403 */ 1404 if (got_flag <= best_flag) 1405 continue; 1406 1407 /* 1408 * Get the secret. 1409 */ 1410 if (!getword(f, word, &newline, filename)) 1411 break; 1412 if (newline) 1413 continue; 1414 1415 /* 1416 * Special syntax: @filename means read secret from file. 1417 */ 1418 if (word[0] == '@') { 1419 strlcpy(atfile, word+1, sizeof atfile); 1420 if ((sf = fopen(atfile, "r")) == NULL) { 1421 syslog(LOG_WARNING, "can't open indirect secret file %s", 1422 atfile); 1423 continue; 1424 } 1425 check_access(sf, atfile); 1426 if (!getword(sf, word, &xxx, atfile)) { 1427 syslog(LOG_WARNING, "no secret in indirect secret file %s", 1428 atfile); 1429 fclose(sf); 1430 continue; 1431 } 1432 fclose(sf); 1433 } 1434 if (secret != NULL) 1435 strlcpy(lsecret, word, sizeof lsecret); 1436 1437 /* 1438 * Now read address authorization info and make a wordlist. 1439 */ 1440 alist = alast = NULL; 1441 for (;;) { 1442 size_t wordlen; 1443 1444 if (!getword(f, word, &newline, filename) || newline) 1445 break; 1446 wordlen = strlen(word); /* NUL in struct wordlist */ 1447 ap = (struct wordlist *) malloc(sizeof(struct wordlist) + 1448 wordlen); 1449 1450 if (ap == NULL) 1451 novm("authorized addresses"); 1452 ap->next = NULL; 1453 strlcpy(ap->word, word, wordlen + 1); 1454 if (alist == NULL) 1455 alist = ap; 1456 else 1457 alast->next = ap; 1458 alast = ap; 1459 } 1460 1461 /* 1462 * Check if the given IP address is allowed by the wordlist. 1463 */ 1464 if (ipaddr != 0 && !ip_addr_check(ipaddr, alist)) { 1465 free_wordlist(alist); 1466 continue; 1467 } 1468 1469 /* 1470 * This is the best so far; remember it. 1471 */ 1472 best_flag = got_flag; 1473 if (addr_list) 1474 free_wordlist(addr_list); 1475 addr_list = alist; 1476 if (secret != NULL) 1477 strlcpy(secret, lsecret, MAXWORDLEN); 1478 1479 if (!newline) 1480 break; 1481 } 1482 1483 if (addrs != NULL) 1484 *addrs = addr_list; 1485 else if (addr_list != NULL) 1486 free_wordlist(addr_list); 1487 1488 return best_flag; 1489 } 1490 1491 /* 1492 * free_wordlist - release memory allocated for a wordlist. 1493 */ 1494 static void 1495 free_wordlist(wp) 1496 struct wordlist *wp; 1497 { 1498 struct wordlist *next; 1499 1500 while (wp != NULL) { 1501 next = wp->next; 1502 free(wp); 1503 wp = next; 1504 } 1505 } 1506 1507 /* 1508 * auth_script - execute a script with arguments 1509 * interface-name peer-name real-user tty speed 1510 */ 1511 static void 1512 auth_script(script) 1513 char *script; 1514 { 1515 char strspeed[32]; 1516 struct passwd *pw; 1517 char struid[32]; 1518 char *user_name; 1519 char *argv[8]; 1520 1521 if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL) 1522 user_name = pw->pw_name; 1523 else { 1524 snprintf(struid, sizeof struid, "%u", getuid()); 1525 user_name = struid; 1526 } 1527 snprintf(strspeed, sizeof strspeed, "%d", baud_rate); 1528 1529 argv[0] = script; 1530 argv[1] = ifname; 1531 argv[2] = peer_authname; 1532 argv[3] = user_name; 1533 argv[4] = devnam; 1534 argv[5] = strspeed; 1535 argv[6] = NULL; 1536 1537 run_program(script, argv, 0); 1538 } 1539