1 /* $OpenBSD: auth.c,v 1.19 2001/06/23 15:34:02 lebel Exp $ */ 2 3 /* 4 * auth.c - PPP authentication and phase control. 5 * 6 * Copyright (c) 1993 The Australian National University. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms are permitted 10 * provided that the above copyright notice and this paragraph are 11 * duplicated in all such forms and that any documentation, 12 * advertising materials, and other materials related to such 13 * distribution and use acknowledge that the software was developed 14 * by the Australian National University. The name of the University 15 * may not be used to endorse or promote products derived from this 16 * software without specific prior written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 19 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * Copyright (c) 1989 Carnegie Mellon University. 22 * All rights reserved. 23 * 24 * Redistribution and use in source and binary forms are permitted 25 * provided that the above copyright notice and this paragraph are 26 * duplicated in all such forms and that any documentation, 27 * advertising materials, and other materials related to such 28 * distribution and use acknowledge that the software was developed 29 * by Carnegie Mellon University. The name of the 30 * University may not be used to endorse or promote products derived 31 * from this software without specific prior written permission. 32 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 33 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 34 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 35 */ 36 37 #ifndef lint 38 #if 0 39 static char rcsid[] = "Id: auth.c,v 1.37 1998/03/26 04:46:03 paulus Exp $"; 40 #else 41 static char rcsid[] = "$OpenBSD: auth.c,v 1.19 2001/06/23 15:34:02 lebel Exp $"; 42 #endif 43 #endif 44 45 #include <stdio.h> 46 #include <stddef.h> 47 #include <stdlib.h> 48 #include <unistd.h> 49 #include <syslog.h> 50 #include <pwd.h> 51 #include <string.h> 52 #include <sys/types.h> 53 #include <sys/stat.h> 54 #include <sys/socket.h> 55 #include <utmp.h> 56 #include <fcntl.h> 57 #if defined(_PATH_LASTLOG) && defined(_linux_) 58 #include <lastlog.h> 59 #endif 60 61 #include <netdb.h> 62 #include <netinet/in.h> 63 #include <arpa/inet.h> 64 65 #ifdef USE_PAM 66 #include <security/pam_appl.h> 67 #endif 68 69 #ifdef HAS_SHADOW 70 #include <shadow.h> 71 #ifndef PW_PPP 72 #define PW_PPP PW_LOGIN 73 #endif 74 #endif 75 76 #include "pppd.h" 77 #include "fsm.h" 78 #include "lcp.h" 79 #include "ipcp.h" 80 #include "upap.h" 81 #include "chap.h" 82 #ifdef CBCP_SUPPORT 83 #include "cbcp.h" 84 #endif 85 #include "pathnames.h" 86 87 /* Used for storing a sequence of words. Usually malloced. */ 88 struct wordlist { 89 struct wordlist *next; 90 char word[1]; 91 }; 92 93 /* Bits in scan_authfile return value */ 94 #define NONWILD_SERVER 1 95 #define NONWILD_CLIENT 2 96 97 #define ISWILD(word) (word[0] == '*' && word[1] == 0) 98 99 #define FALSE 0 100 #define TRUE 1 101 102 /* The name by which the peer authenticated itself to us. */ 103 char peer_authname[MAXNAMELEN]; 104 105 /* Records which authentication operations haven't completed yet. */ 106 static int auth_pending[NUM_PPP]; 107 108 /* Set if we have successfully called plogin() */ 109 static int logged_in; 110 111 /* Set if we have run the /etc/ppp/auth-up script. */ 112 static int did_authup; 113 114 /* List of addresses which the peer may use. */ 115 static struct wordlist *addresses[NUM_PPP]; 116 117 /* Number of network protocols which we have opened. */ 118 static int num_np_open; 119 120 /* Number of network protocols which have come up. */ 121 static int num_np_up; 122 123 /* Set if we got the contents of passwd[] from the pap-secrets file. */ 124 static int passwd_from_file; 125 126 /* Bits in auth_pending[] */ 127 #define PAP_WITHPEER 1 128 #define PAP_PEER 2 129 #define CHAP_WITHPEER 4 130 #define CHAP_PEER 8 131 132 extern char *crypt __P((const char *, const char *)); 133 134 /* Prototypes for procedures local to this file. */ 135 136 static void network_phase __P((int)); 137 static void check_idle __P((void *)); 138 static void connect_time_expired __P((void *)); 139 static int plogin __P((char *, char *, char **, int *)); 140 static void plogout __P((void)); 141 static int null_login __P((int)); 142 static int get_pap_passwd __P((char *)); 143 static int have_pap_secret __P((void)); 144 static int have_chap_secret __P((char *, char *, u_int32_t)); 145 static int ip_addr_check __P((u_int32_t, struct wordlist *)); 146 static int scan_authfile __P((FILE *, char *, char *, u_int32_t, char *, 147 struct wordlist **, char *)); 148 static void free_wordlist __P((struct wordlist *)); 149 static void auth_script __P((char *)); 150 static void set_allowed_addrs __P((int, struct wordlist *)); 151 152 /* 153 * An Open on LCP has requested a change from Dead to Establish phase. 154 * Do what's necessary to bring the physical layer up. 155 */ 156 void 157 link_required(unit) 158 int unit; 159 { 160 } 161 162 /* 163 * LCP has terminated the link; go to the Dead phase and take the 164 * physical layer down. 165 */ 166 void 167 link_terminated(unit) 168 int unit; 169 { 170 if (phase == PHASE_DEAD) 171 return; 172 if (logged_in) 173 plogout(); 174 phase = PHASE_DEAD; 175 syslog(LOG_NOTICE, "Connection terminated."); 176 } 177 178 /* 179 * LCP has gone down; it will either die or try to re-establish. 180 */ 181 void 182 link_down(unit) 183 int unit; 184 { 185 int i; 186 struct protent *protp; 187 188 if (did_authup) { 189 auth_script(_PATH_AUTHDOWN); 190 did_authup = 0; 191 } 192 for (i = 0; (protp = protocols[i]) != NULL; ++i) { 193 if (!protp->enabled_flag) 194 continue; 195 if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) 196 (*protp->lowerdown)(unit); 197 if (protp->protocol < 0xC000 && protp->close != NULL) 198 (*protp->close)(unit, "LCP down"); 199 } 200 num_np_open = 0; 201 num_np_up = 0; 202 if (phase != PHASE_DEAD) 203 phase = PHASE_TERMINATE; 204 } 205 206 /* 207 * The link is established. 208 * Proceed to the Dead, Authenticate or Network phase as appropriate. 209 */ 210 void 211 link_established(unit) 212 int unit; 213 { 214 int auth; 215 lcp_options *wo = &lcp_wantoptions[unit]; 216 lcp_options *go = &lcp_gotoptions[unit]; 217 lcp_options *ho = &lcp_hisoptions[unit]; 218 int i; 219 struct protent *protp; 220 221 /* 222 * Tell higher-level protocols that LCP is up. 223 */ 224 for (i = 0; (protp = protocols[i]) != NULL; ++i) 225 if (protp->protocol != PPP_LCP && protp->enabled_flag 226 && protp->lowerup != NULL) 227 (*protp->lowerup)(unit); 228 229 if (auth_required && !(go->neg_chap || go->neg_upap)) { 230 /* 231 * We wanted the peer to authenticate itself, and it refused: 232 * treat it as though it authenticated with PAP using a username 233 * of "" and a password of "". If that's not OK, boot it out. 234 */ 235 if (!wo->neg_upap || !null_login(unit)) { 236 syslog(LOG_WARNING, "peer refused to authenticate"); 237 lcp_close(unit, "peer refused to authenticate"); 238 return; 239 } 240 } 241 242 phase = PHASE_AUTHENTICATE; 243 auth = 0; 244 if (go->neg_chap) { 245 ChapAuthPeer(unit, our_name, go->chap_mdtype); 246 auth |= CHAP_PEER; 247 } else if (go->neg_upap) { 248 upap_authpeer(unit); 249 auth |= PAP_PEER; 250 } 251 if (ho->neg_chap) { 252 ChapAuthWithPeer(unit, user, ho->chap_mdtype); 253 auth |= CHAP_WITHPEER; 254 } else if (ho->neg_upap) { 255 if (passwd[0] == 0) { 256 passwd_from_file = 1; 257 if (!get_pap_passwd(passwd)) 258 syslog(LOG_ERR, "No secret found for PAP login"); 259 } 260 upap_authwithpeer(unit, user, passwd); 261 auth |= PAP_WITHPEER; 262 } 263 auth_pending[unit] = auth; 264 265 if (!auth) 266 network_phase(unit); 267 } 268 269 /* 270 * Proceed to the network phase. 271 */ 272 static void 273 network_phase(unit) 274 int unit; 275 { 276 int i; 277 struct protent *protp; 278 lcp_options *go = &lcp_gotoptions[unit]; 279 280 /* 281 * If the peer had to authenticate, run the auth-up script now. 282 */ 283 if ((go->neg_chap || go->neg_upap) && !did_authup) { 284 auth_script(_PATH_AUTHUP); 285 did_authup = 1; 286 } 287 288 #ifdef CBCP_SUPPORT 289 /* 290 * If we negotiated callback, do it now. 291 */ 292 if (go->neg_cbcp) { 293 phase = PHASE_CALLBACK; 294 (*cbcp_protent.open)(unit); 295 return; 296 } 297 #endif 298 299 phase = PHASE_NETWORK; 300 #if 0 301 if (!demand) 302 set_filters(&pass_filter, &active_filter); 303 #endif 304 for (i = 0; (protp = protocols[i]) != NULL; ++i) 305 if (protp->protocol < 0xC000 && protp->enabled_flag 306 && protp->open != NULL) { 307 (*protp->open)(unit); 308 if (protp->protocol != PPP_CCP) 309 ++num_np_open; 310 } 311 312 if (num_np_open == 0) 313 /* nothing to do */ 314 lcp_close(0, "No network protocols running"); 315 } 316 317 /* 318 * The peer has failed to authenticate himself using `protocol'. 319 */ 320 void 321 auth_peer_fail(unit, protocol) 322 int unit, protocol; 323 { 324 /* 325 * Authentication failure: take the link down 326 */ 327 lcp_close(unit, "Authentication failed"); 328 } 329 330 /* 331 * The peer has been successfully authenticated using `protocol'. 332 */ 333 void 334 auth_peer_success(unit, protocol, name, namelen) 335 int unit, protocol; 336 char *name; 337 int namelen; 338 { 339 int bit; 340 341 switch (protocol) { 342 case PPP_CHAP: 343 bit = CHAP_PEER; 344 break; 345 case PPP_PAP: 346 bit = PAP_PEER; 347 break; 348 default: 349 syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", 350 protocol); 351 return; 352 } 353 354 /* 355 * Save the authenticated name of the peer for later. 356 */ 357 if (namelen > sizeof(peer_authname) - 1) 358 namelen = sizeof(peer_authname) - 1; 359 BCOPY(name, peer_authname, namelen); 360 peer_authname[namelen] = 0; 361 script_setenv("PEERNAME", peer_authname); 362 363 /* 364 * If there is no more authentication still to be done, 365 * proceed to the network (or callback) phase. 366 */ 367 if ((auth_pending[unit] &= ~bit) == 0) 368 network_phase(unit); 369 } 370 371 /* 372 * We have failed to authenticate ourselves to the peer using `protocol'. 373 */ 374 void 375 auth_withpeer_fail(unit, protocol) 376 int unit, protocol; 377 { 378 if (passwd_from_file) 379 BZERO(passwd, MAXSECRETLEN); 380 /* 381 * We've failed to authenticate ourselves to our peer. 382 * He'll probably take the link down, and there's not much 383 * we can do except wait for that. 384 */ 385 } 386 387 /* 388 * We have successfully authenticated ourselves with the peer using `protocol'. 389 */ 390 void 391 auth_withpeer_success(unit, protocol) 392 int unit, protocol; 393 { 394 int bit; 395 396 switch (protocol) { 397 case PPP_CHAP: 398 bit = CHAP_WITHPEER; 399 break; 400 case PPP_PAP: 401 if (passwd_from_file) 402 BZERO(passwd, MAXSECRETLEN); 403 bit = PAP_WITHPEER; 404 break; 405 default: 406 syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", 407 protocol); 408 bit = 0; 409 } 410 411 /* 412 * If there is no more authentication still being done, 413 * proceed to the network (or callback) phase. 414 */ 415 if ((auth_pending[unit] &= ~bit) == 0) 416 network_phase(unit); 417 } 418 419 420 /* 421 * np_up - a network protocol has come up. 422 */ 423 void 424 np_up(unit, proto) 425 int unit, proto; 426 { 427 if (num_np_up == 0) { 428 /* 429 * At this point we consider that the link has come up successfully. 430 */ 431 need_holdoff = 0; 432 433 if (idle_time_limit > 0) 434 TIMEOUT(check_idle, NULL, idle_time_limit); 435 436 /* 437 * Set a timeout to close the connection once the maximum 438 * connect time has expired. 439 */ 440 if (maxconnect > 0) 441 TIMEOUT(connect_time_expired, 0, maxconnect); 442 443 /* 444 * Detach now, if the updetach option was given. 445 */ 446 if (nodetach == -1) 447 detach(); 448 } 449 ++num_np_up; 450 } 451 452 /* 453 * np_down - a network protocol has gone down. 454 */ 455 void 456 np_down(unit, proto) 457 int unit, proto; 458 { 459 if (--num_np_up == 0 && idle_time_limit > 0) { 460 UNTIMEOUT(check_idle, NULL); 461 } 462 } 463 464 /* 465 * np_finished - a network protocol has finished using the link. 466 */ 467 void 468 np_finished(unit, proto) 469 int unit, proto; 470 { 471 if (--num_np_open <= 0) { 472 /* no further use for the link: shut up shop. */ 473 lcp_close(0, "No network protocols running"); 474 } 475 } 476 477 /* 478 * check_idle - check whether the link has been idle for long 479 * enough that we can shut it down. 480 */ 481 static void 482 check_idle(arg) 483 void *arg; 484 { 485 struct ppp_idle idle; 486 time_t itime; 487 488 if (!get_idle_time(0, &idle)) 489 return; 490 itime = MIN(idle.xmit_idle, idle.recv_idle); 491 if (itime >= idle_time_limit) { 492 /* link is idle: shut it down. */ 493 syslog(LOG_INFO, "Terminating connection due to lack of activity."); 494 lcp_close(0, "Link inactive"); 495 } else { 496 TIMEOUT(check_idle, NULL, idle_time_limit - itime); 497 } 498 } 499 500 /* 501 * connect_time_expired - log a message and close the connection. 502 */ 503 static void 504 connect_time_expired(arg) 505 void *arg; 506 { 507 syslog(LOG_INFO, "Connect time expired"); 508 lcp_close(0, "Connect time expired"); /* Close connection */ 509 } 510 511 /* 512 * auth_check_options - called to check authentication options. 513 */ 514 void 515 auth_check_options() 516 { 517 lcp_options *wo = &lcp_wantoptions[0]; 518 int can_auth; 519 ipcp_options *ipwo = &ipcp_wantoptions[0]; 520 u_int32_t remote; 521 522 /* Default our_name to hostname, and user to our_name */ 523 if (our_name[0] == 0 || usehostname) 524 strcpy(our_name, hostname); 525 if (user[0] == 0) 526 strcpy(user, our_name); 527 528 /* If authentication is required, ask peer for CHAP or PAP. */ 529 if (auth_required && !wo->neg_chap && !wo->neg_upap) { 530 wo->neg_chap = 1; 531 wo->neg_upap = 1; 532 } 533 534 /* 535 * Check whether we have appropriate secrets to use 536 * to authenticate the peer. 537 */ 538 can_auth = wo->neg_upap && (uselogin || have_pap_secret()); 539 if (!can_auth && wo->neg_chap) { 540 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 541 can_auth = have_chap_secret(remote_name, our_name, remote); 542 } 543 544 if (auth_required && !can_auth) { 545 option_error("peer authentication required but no suitable secret(s) found\n"); 546 if (remote_name[0] == 0) 547 option_error("for authenticating any peer to us (%s)\n", our_name); 548 else 549 option_error("for authenticating peer %s to us (%s)\n", 550 remote_name, our_name); 551 exit(1); 552 } 553 554 /* 555 * Check whether the user tried to override certain values 556 * set by root. 557 */ 558 if (!auth_required && auth_req_info.priv > 0) { 559 if (!default_device && devnam_info.priv == 0) { 560 option_error("can't override device name when noauth option used"); 561 exit(1); 562 } 563 if ((connector != NULL && connector_info.priv == 0) 564 || (disconnector != NULL && disconnector_info.priv == 0) 565 || (welcomer != NULL && welcomer_info.priv == 0)) { 566 option_error("can't override connect, disconnect or welcome"); 567 option_error("option values when noauth option used"); 568 exit(1); 569 } 570 } 571 } 572 573 /* 574 * auth_reset - called when LCP is starting negotiations to recheck 575 * authentication options, i.e. whether we have appropriate secrets 576 * to use for authenticating ourselves and/or the peer. 577 */ 578 void 579 auth_reset(unit) 580 int unit; 581 { 582 lcp_options *go = &lcp_gotoptions[unit]; 583 lcp_options *ao = &lcp_allowoptions[0]; 584 ipcp_options *ipwo = &ipcp_wantoptions[0]; 585 u_int32_t remote; 586 587 ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL)); 588 ao->neg_chap = !refuse_chap 589 && have_chap_secret(user, remote_name, (u_int32_t)0); 590 591 if (go->neg_upap && !uselogin && !have_pap_secret()) 592 go->neg_upap = 0; 593 if (go->neg_chap) { 594 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 595 if (!have_chap_secret(remote_name, our_name, remote)) 596 go->neg_chap = 0; 597 } 598 } 599 600 601 /* 602 * check_passwd - Check the user name and passwd against the PAP secrets 603 * file. If requested, also check against the system password database, 604 * and login the user if OK. 605 * 606 * returns: 607 * UPAP_AUTHNAK: Authentication failed. 608 * UPAP_AUTHACK: Authentication succeeded. 609 * In either case, msg points to an appropriate message. 610 */ 611 int 612 check_passwd(unit, auser, userlen, apasswd, passwdlen, msg, msglen) 613 int unit; 614 char *auser; 615 int userlen; 616 char *apasswd; 617 int passwdlen; 618 char **msg; 619 int *msglen; 620 { 621 int ret; 622 char *filename; 623 FILE *f; 624 struct wordlist *addrs; 625 u_int32_t remote; 626 ipcp_options *ipwo = &ipcp_wantoptions[unit]; 627 char passwd[256], user[256]; 628 char secret[MAXWORDLEN]; 629 static int attempts = 0; 630 631 /* 632 * Make copies of apasswd and auser, then null-terminate them. 633 */ 634 BCOPY(apasswd, passwd, passwdlen); 635 passwd[passwdlen] = '\0'; 636 BCOPY(auser, user, userlen); 637 user[userlen] = '\0'; 638 *msg = (char *) 0; 639 640 /* 641 * Open the file of pap secrets and scan for a suitable secret 642 * for authenticating this user. 643 */ 644 filename = _PATH_UPAPFILE; 645 addrs = NULL; 646 ret = UPAP_AUTHACK; 647 f = fopen(filename, "r"); 648 if (f == NULL) { 649 syslog(LOG_ERR, "Can't open PAP password file %s: %m", filename); 650 ret = UPAP_AUTHNAK; 651 } else { 652 check_access(f, filename); 653 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 654 if (scan_authfile(f, user, our_name, remote, 655 secret, &addrs, filename) < 0 656 || (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0) 657 && strcmp(crypt(passwd, secret), secret) != 0)) { 658 syslog(LOG_WARNING, "PAP authentication failure for %s", user); 659 ret = UPAP_AUTHNAK; 660 } 661 fclose(f); 662 } 663 664 if (uselogin && ret == UPAP_AUTHACK) { 665 ret = plogin(user, passwd, msg, msglen); 666 if (ret == UPAP_AUTHNAK) { 667 syslog(LOG_WARNING, "PAP login failure for %s", user); 668 } 669 } 670 671 if (ret == UPAP_AUTHNAK) { 672 if (*msg == (char *) 0) 673 *msg = "Login incorrect"; 674 *msglen = strlen(*msg); 675 /* 676 * Frustrate passwd stealer programs. 677 * Allow 10 tries, but start backing off after 3 (stolen from login). 678 * On 10'th, drop the connection. 679 */ 680 if (attempts++ >= 10) { 681 syslog(LOG_WARNING, "%d LOGIN FAILURES ON %s, %s", 682 attempts, devnam, user); 683 quit(); 684 } 685 if (attempts > 3) 686 sleep((u_int) (attempts - 3) * 5); 687 if (addrs != NULL) 688 free_wordlist(addrs); 689 690 } else { 691 attempts = 0; /* Reset count */ 692 if (*msg == (char *) 0) 693 *msg = "Login ok"; 694 *msglen = strlen(*msg); 695 set_allowed_addrs(unit, addrs); 696 } 697 698 BZERO(passwd, sizeof(passwd)); 699 BZERO(secret, sizeof(secret)); 700 701 return ret; 702 } 703 704 /* 705 * This function is needed for PAM. 706 */ 707 708 #ifdef USE_PAM 709 static char *PAM_username = ""; 710 static char *PAM_password = ""; 711 712 #ifdef PAM_ESTABLISH_CRED /* new PAM defines :(^ */ 713 #define MY_PAM_STRERROR(err_code) (char *) pam_strerror(pamh,err_code) 714 #else 715 #define MY_PAM_STRERROR(err_code) (char *) pam_strerror(err_code) 716 #endif 717 718 static int pam_conv (int num_msg, 719 const struct pam_message **msg, 720 struct pam_response **resp, 721 void *appdata_ptr) 722 { 723 int count = 0, replies = 0; 724 struct pam_response *reply = NULL; 725 int size = 0; 726 727 for (count = 0; count < num_msg; count++) 728 { 729 size += sizeof (struct pam_response); 730 reply = realloc (reply, size); /* ANSI: is malloc() if reply==NULL */ 731 if (!reply) 732 return PAM_CONV_ERR; 733 734 switch (msg[count]->msg_style) 735 { 736 case PAM_PROMPT_ECHO_ON: 737 reply[replies].resp_retcode = PAM_SUCCESS; 738 reply[replies++].resp = strdup(PAM_username); /* never NULL */ 739 break; 740 741 case PAM_PROMPT_ECHO_OFF: 742 reply[replies].resp_retcode = PAM_SUCCESS; 743 reply[replies++].resp = strdup(PAM_password); /* never NULL */ 744 break; 745 746 case PAM_TEXT_INFO: 747 reply[replies].resp_retcode = PAM_SUCCESS; 748 reply[replies++].resp = NULL; 749 break; 750 751 case PAM_ERROR_MSG: 752 default: 753 free (reply); 754 return PAM_CONV_ERR; 755 } 756 } 757 758 if (resp) 759 *resp = reply; 760 else 761 free (reply); 762 763 return PAM_SUCCESS; 764 } 765 #endif 766 767 /* 768 * plogin - Check the user name and password against the system 769 * password database, and login the user if OK. 770 * 771 * returns: 772 * UPAP_AUTHNAK: Login failed. 773 * UPAP_AUTHACK: Login succeeded. 774 * In either case, msg points to an appropriate message. 775 */ 776 777 static int 778 plogin(user, passwd, msg, msglen) 779 char *user; 780 char *passwd; 781 char **msg; 782 int *msglen; 783 { 784 785 #ifdef USE_PAM 786 787 struct pam_conv pam_conversation; 788 pam_handle_t *pamh; 789 int pam_error; 790 /* 791 * Fill the pam_conversion structure 792 */ 793 memset (&pam_conversation, '\0', sizeof (struct pam_conv)); 794 pam_conversation.conv = &pam_conv; 795 796 pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); 797 798 if (pam_error != PAM_SUCCESS) { 799 *msg = MY_PAM_STRERROR (pam_error); 800 return UPAP_AUTHNAK; 801 } 802 /* 803 * Define the fields for the credintial validation 804 */ 805 (void) pam_set_item (pamh, PAM_TTY, devnam); 806 PAM_username = user; 807 PAM_password = passwd; 808 /* 809 * Validate the user 810 */ 811 pam_error = pam_authenticate (pamh, PAM_SILENT); 812 if (pam_error == PAM_SUCCESS) { 813 pam_error = pam_acct_mgmt (pamh, PAM_SILENT); 814 815 /* start a session for this user. Session closed when link ends. */ 816 if (pam_error == PAM_SUCCESS) 817 (void) pam_open_session (pamh, PAM_SILENT); 818 } 819 820 *msg = MY_PAM_STRERROR (pam_error); 821 822 PAM_username = 823 PAM_password = ""; 824 /* 825 * Clean up the mess 826 */ 827 (void) pam_end (pamh, pam_error); 828 829 if (pam_error != PAM_SUCCESS) 830 return UPAP_AUTHNAK; 831 /* 832 * Use the non-PAM methods directly 833 */ 834 #else /* #ifdef USE_PAM */ 835 836 struct passwd *pw; 837 char *tty; 838 839 #ifdef HAS_SHADOW 840 struct spwd *spwd; 841 struct spwd *getspnam(); 842 #endif 843 844 pw = getpwnam(user); 845 endpwent(); 846 if (pw == NULL) { 847 return (UPAP_AUTHNAK); 848 } 849 850 #ifdef HAS_SHADOW 851 spwd = getspnam(user); 852 endspent(); 853 if (spwd) { 854 /* check the age of the password entry */ 855 long now = time(NULL) / 86400L; 856 857 if ((spwd->sp_expire > 0 && now >= spwd->sp_expire) 858 || ((spwd->sp_max >= 0 && spwd->sp_max < 10000) 859 && spwd->sp_lstchg >= 0 860 && now >= spwd->sp_lstchg + spwd->sp_max)) { 861 syslog(LOG_WARNING, "Password for %s has expired", user); 862 return (UPAP_AUTHNAK); 863 } 864 pw->pw_passwd = spwd->sp_pwdp; 865 } 866 #endif 867 868 /* 869 * If no passwd, don't let them login. 870 */ 871 if (pw->pw_passwd == NULL || *pw->pw_passwd == '\0' 872 || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) 873 return (UPAP_AUTHNAK); 874 875 /* These functions are not enabled for PAM. The reason for this is that */ 876 /* there is not necessarily a "passwd" entry for this user. That is */ 877 /* real purpose of 'PAM' -- to virtualize the account data from the */ 878 /* application. If you want to do the same thing, write the entry in */ 879 /* the 'session' hook. */ 880 881 /* 882 * Write a wtmp entry for this user. 883 */ 884 885 tty = devnam; 886 if (strncmp(tty, "/dev/", 5) == 0) 887 tty += 5; 888 logwtmp(tty, user, remote_name); /* Add wtmp login entry */ 889 890 #if defined(_PATH_LASTLOG) 891 { 892 struct lastlog ll; 893 int fd; 894 895 if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { 896 (void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET); 897 memset((void *)&ll, 0, sizeof(ll)); 898 (void)time(&ll.ll_time); 899 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); 900 (void)write(fd, (char *)&ll, sizeof(ll)); 901 (void)close(fd); 902 } 903 } 904 #endif 905 906 #endif /* #ifdef USE_PAM */ 907 908 syslog(LOG_INFO, "user %s logged in", user); 909 logged_in = TRUE; 910 911 return (UPAP_AUTHACK); 912 } 913 914 /* 915 * plogout - Logout the user. 916 */ 917 static void 918 plogout() 919 { 920 #ifdef USE_PAM 921 struct pam_conv pam_conversation; 922 pam_handle_t *pamh; 923 int pam_error; 924 /* 925 * Fill the pam_conversion structure. The PAM specification states that the 926 * session must be able to be closed by a totally different handle from which 927 * it was created. Hold the PAM group to their own specification! 928 */ 929 memset (&pam_conversation, '\0', sizeof (struct pam_conv)); 930 pam_conversation.conv = &pam_conv; 931 932 pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); 933 if (pam_error == PAM_SUCCESS) { 934 (void) pam_set_item (pamh, PAM_TTY, devnam); 935 (void) pam_close_session (pamh, PAM_SILENT); 936 (void) pam_end (pamh, PAM_SUCCESS); 937 } 938 939 #else 940 char *tty; 941 942 tty = devnam; 943 if (strncmp(tty, "/dev/", 5) == 0) 944 tty += 5; 945 logwtmp(tty, "", ""); /* Wipe out utmp logout entry */ 946 #endif 947 948 logged_in = FALSE; 949 } 950 951 952 /* 953 * null_login - Check if a username of "" and a password of "" are 954 * acceptable, and iff so, set the list of acceptable IP addresses 955 * and return 1. 956 */ 957 static int 958 null_login(unit) 959 int unit; 960 { 961 char *filename; 962 FILE *f; 963 int i, ret; 964 struct wordlist *addrs; 965 char secret[MAXWORDLEN]; 966 967 /* 968 * Open the file of pap secrets and scan for a suitable secret. 969 * We don't accept a wildcard client. 970 */ 971 filename = _PATH_UPAPFILE; 972 addrs = NULL; 973 f = fopen(filename, "r"); 974 if (f == NULL) 975 return 0; 976 check_access(f, filename); 977 978 i = scan_authfile(f, "", our_name, (u_int32_t)0, secret, &addrs, filename); 979 ret = i >= 0 && (i & NONWILD_CLIENT) != 0 && secret[0] == 0; 980 BZERO(secret, sizeof(secret)); 981 982 if (ret) 983 set_allowed_addrs(unit, addrs); 984 else 985 free_wordlist(addrs); 986 987 fclose(f); 988 return ret; 989 } 990 991 992 /* 993 * get_pap_passwd - get a password for authenticating ourselves with 994 * our peer using PAP. Returns 1 on success, 0 if no suitable password 995 * could be found. 996 */ 997 static int 998 get_pap_passwd(passwd) 999 char *passwd; 1000 { 1001 char *filename; 1002 FILE *f; 1003 int ret; 1004 struct wordlist *addrs; 1005 char secret[MAXWORDLEN]; 1006 1007 filename = _PATH_UPAPFILE; 1008 addrs = NULL; 1009 f = fopen(filename, "r"); 1010 if (f == NULL) 1011 return 0; 1012 check_access(f, filename); 1013 ret = scan_authfile(f, user, 1014 remote_name[0]? remote_name: NULL, 1015 (u_int32_t)0, secret, NULL, filename); 1016 fclose(f); 1017 if (ret < 0) 1018 return 0; 1019 if (passwd != NULL) { 1020 strlcpy(passwd, secret, MAXSECRETLEN); 1021 } 1022 BZERO(secret, sizeof(secret)); 1023 return 1; 1024 } 1025 1026 1027 /* 1028 * have_pap_secret - check whether we have a PAP file with any 1029 * secrets that we could possibly use for authenticating the peer. 1030 */ 1031 static int 1032 have_pap_secret() 1033 { 1034 FILE *f; 1035 int ret; 1036 char *filename; 1037 ipcp_options *ipwo = &ipcp_wantoptions[0]; 1038 u_int32_t remote; 1039 1040 filename = _PATH_UPAPFILE; 1041 f = fopen(filename, "r"); 1042 if (f == NULL) 1043 return 0; 1044 1045 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 1046 ret = scan_authfile(f, NULL, our_name, remote, NULL, NULL, filename); 1047 fclose(f); 1048 if (ret < 0) 1049 return 0; 1050 1051 return 1; 1052 } 1053 1054 1055 /* 1056 * have_chap_secret - check whether we have a CHAP file with a 1057 * secret that we could possibly use for authenticating `client' 1058 * on `server'. Either can be the null string, meaning we don't 1059 * know the identity yet. 1060 */ 1061 static int 1062 have_chap_secret(client, server, remote) 1063 char *client; 1064 char *server; 1065 u_int32_t remote; 1066 { 1067 FILE *f; 1068 int ret; 1069 char *filename; 1070 1071 filename = _PATH_CHAPFILE; 1072 f = fopen(filename, "r"); 1073 if (f == NULL) 1074 return 0; 1075 1076 if (client[0] == 0) 1077 client = NULL; 1078 else if (server[0] == 0) 1079 server = NULL; 1080 1081 ret = scan_authfile(f, client, server, remote, NULL, NULL, filename); 1082 fclose(f); 1083 if (ret < 0) 1084 return 0; 1085 1086 return 1; 1087 } 1088 1089 1090 /* 1091 * get_secret - open the CHAP secret file and return the secret 1092 * for authenticating the given client on the given server. 1093 * (We could be either client or server). 1094 */ 1095 int 1096 get_secret(unit, client, server, secret, secret_len, save_addrs) 1097 int unit; 1098 char *client; 1099 char *server; 1100 char *secret; 1101 int *secret_len; 1102 int save_addrs; 1103 { 1104 FILE *f; 1105 int ret, len; 1106 char *filename; 1107 struct wordlist *addrs; 1108 char secbuf[MAXWORDLEN]; 1109 1110 filename = _PATH_CHAPFILE; 1111 addrs = NULL; 1112 secbuf[0] = 0; 1113 1114 f = fopen(filename, "r"); 1115 if (f == NULL) { 1116 syslog(LOG_ERR, "Can't open chap secret file %s: %m", filename); 1117 return 0; 1118 } 1119 check_access(f, filename); 1120 1121 ret = scan_authfile(f, client, server, (u_int32_t)0, 1122 secbuf, &addrs, filename); 1123 fclose(f); 1124 if (ret < 0) 1125 return 0; 1126 1127 if (save_addrs) 1128 set_allowed_addrs(unit, addrs); 1129 1130 len = strlen(secbuf); 1131 if (len > MAXSECRETLEN) { 1132 syslog(LOG_ERR, "Secret for %s on %s is too long", client, server); 1133 len = MAXSECRETLEN; 1134 } 1135 BCOPY(secbuf, secret, len); 1136 BZERO(secbuf, sizeof(secbuf)); 1137 *secret_len = len; 1138 1139 return 1; 1140 } 1141 1142 /* 1143 * set_allowed_addrs() - set the list of allowed addresses. 1144 */ 1145 static void 1146 set_allowed_addrs(unit, addrs) 1147 int unit; 1148 struct wordlist *addrs; 1149 { 1150 if (addresses[unit] != NULL) 1151 free_wordlist(addresses[unit]); 1152 addresses[unit] = addrs; 1153 1154 /* 1155 * If there's only one authorized address we might as well 1156 * ask our peer for that one right away 1157 */ 1158 if (addrs != NULL && addrs->next == NULL) { 1159 char *p = addrs->word; 1160 struct ipcp_options *wo = &ipcp_wantoptions[unit]; 1161 u_int32_t a; 1162 struct hostent *hp; 1163 1164 if (*p != '!' && *p != '-' && !ISWILD(p) && strchr(p, '/') == NULL) { 1165 hp = gethostbyname(p); 1166 if (hp != NULL && hp->h_addrtype == AF_INET) 1167 a = *(u_int32_t *)hp->h_addr; 1168 else 1169 a = inet_addr(p); 1170 if (a != (u_int32_t) -1) 1171 wo->hisaddr = a; 1172 } 1173 } 1174 } 1175 1176 /* 1177 * auth_ip_addr - check whether the peer is authorized to use 1178 * a given IP address. Returns 1 if authorized, 0 otherwise. 1179 */ 1180 int 1181 auth_ip_addr(unit, addr) 1182 int unit; 1183 u_int32_t addr; 1184 { 1185 return ip_addr_check(addr, addresses[unit]); 1186 } 1187 1188 static int 1189 ip_addr_check(addr, addrs) 1190 u_int32_t addr; 1191 struct wordlist *addrs; 1192 { 1193 u_int32_t mask, ah; 1194 struct in_addr ina; 1195 int accept, r = 1; 1196 char *ptr_word, *ptr_mask; 1197 struct hostent *hp; 1198 struct netent *np; 1199 1200 /* don't allow loopback or multicast address */ 1201 if (bad_ip_adrs(addr)) 1202 return 0; 1203 1204 if (addrs == NULL) 1205 return !auth_required; /* no addresses authorized */ 1206 1207 for (; addrs != NULL; addrs = addrs->next) { 1208 /* "-" means no addresses authorized, "*" means any address allowed */ 1209 ptr_word = addrs->word; 1210 if (strcmp(ptr_word, "-") == 0) 1211 break; 1212 if (strcmp(ptr_word, "*") == 0) 1213 return 1; 1214 1215 accept = 1; 1216 if (*ptr_word == '!') { 1217 accept = 0; 1218 ++ptr_word; 1219 } 1220 1221 mask = ~ (u_int32_t) 0; 1222 ptr_mask = strchr (ptr_word, '/'); 1223 if (ptr_mask != NULL) { 1224 int bit_count; 1225 1226 bit_count = (int) strtol (ptr_mask+1, (char **) 0, 10); 1227 if (bit_count <= 0 || bit_count > 32) { 1228 syslog (LOG_WARNING, 1229 "invalid address length %s in auth. address list", 1230 ptr_mask); 1231 continue; 1232 } 1233 *ptr_mask = '\0'; 1234 mask <<= 32 - bit_count; 1235 } 1236 1237 hp = gethostbyname(ptr_word); 1238 if (hp != NULL && hp->h_addrtype == AF_INET) { 1239 ina.s_addr = *(u_int32_t *)hp->h_addr; 1240 } else { 1241 np = getnetbyname (ptr_word); 1242 if (np != NULL && np->n_addrtype == AF_INET) 1243 ina.s_addr = htonl (np->n_net); 1244 else 1245 r = inet_aton (ptr_word, &ina); 1246 if (ptr_mask == NULL) { 1247 /* calculate appropriate mask for net */ 1248 ah = ntohl(ina.s_addr); 1249 if (IN_CLASSA(ah)) 1250 mask = IN_CLASSA_NET; 1251 else if (IN_CLASSB(ah)) 1252 mask = IN_CLASSB_NET; 1253 else if (IN_CLASSC(ah)) 1254 mask = IN_CLASSC_NET; 1255 } 1256 } 1257 1258 if (ptr_mask != NULL) 1259 *ptr_mask = '/'; 1260 1261 if (r == 0) 1262 syslog (LOG_WARNING, 1263 "unknown host %s in auth. address list", 1264 addrs->word); 1265 else 1266 /* Here ina.s_addr and addr are in network byte order, 1267 and mask is in host order. */ 1268 if (((addr ^ ina.s_addr) & htonl(mask)) == 0) 1269 return accept; 1270 } 1271 return 0; /* not in list => can't have it */ 1272 } 1273 1274 /* 1275 * bad_ip_adrs - return 1 if the IP address is one we don't want 1276 * to use, such as an address in the loopback net or a multicast address. 1277 * addr is in network byte order. 1278 */ 1279 int 1280 bad_ip_adrs(addr) 1281 u_int32_t addr; 1282 { 1283 addr = ntohl(addr); 1284 return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET 1285 || IN_MULTICAST(addr) || IN_BADCLASS(addr); 1286 } 1287 1288 /* 1289 * check_access - complain if a secret file has too-liberal permissions. 1290 */ 1291 void 1292 check_access(f, filename) 1293 FILE *f; 1294 char *filename; 1295 { 1296 struct stat sbuf; 1297 1298 if (fstat(fileno(f), &sbuf) < 0) { 1299 syslog(LOG_WARNING, "cannot stat secret file %s: %m", filename); 1300 } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) { 1301 syslog(LOG_WARNING, "Warning - secret file %s has world and/or group access", filename); 1302 } 1303 } 1304 1305 1306 /* 1307 * scan_authfile - Scan an authorization file for a secret suitable 1308 * for authenticating `client' on `server'. The return value is -1 1309 * if no secret is found, otherwise >= 0. The return value has 1310 * NONWILD_CLIENT set if the secret didn't have "*" for the client, and 1311 * NONWILD_SERVER set if the secret didn't have "*" for the server. 1312 * Any following words on the line (i.e. address authorization 1313 * info) are placed in a wordlist and returned in *addrs. 1314 */ 1315 static int 1316 scan_authfile(f, client, server, ipaddr, secret, addrs, filename) 1317 FILE *f; 1318 char *client; 1319 char *server; 1320 u_int32_t ipaddr; 1321 char *secret; 1322 struct wordlist **addrs; 1323 char *filename; 1324 { 1325 int newline, xxx; 1326 int got_flag, best_flag; 1327 FILE *sf; 1328 struct wordlist *ap, *addr_list, *alist, *alast; 1329 char word[MAXWORDLEN]; 1330 char atfile[MAXWORDLEN]; 1331 char lsecret[MAXWORDLEN]; 1332 1333 if (addrs != NULL) 1334 *addrs = NULL; 1335 addr_list = NULL; 1336 if (!getword(f, word, &newline, filename)) 1337 return -1; /* file is empty??? */ 1338 newline = 1; 1339 best_flag = -1; 1340 for (;;) { 1341 /* 1342 * Skip until we find a word at the start of a line. 1343 */ 1344 while (!newline && getword(f, word, &newline, filename)) 1345 ; 1346 if (!newline) 1347 break; /* got to end of file */ 1348 1349 /* 1350 * Got a client - check if it's a match or a wildcard. 1351 */ 1352 got_flag = 0; 1353 if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) { 1354 newline = 0; 1355 continue; 1356 } 1357 if (!ISWILD(word)) 1358 got_flag = NONWILD_CLIENT; 1359 1360 /* 1361 * Now get a server and check if it matches. 1362 */ 1363 if (!getword(f, word, &newline, filename)) 1364 break; 1365 if (newline) 1366 continue; 1367 if (server != NULL && strcmp(word, server) != 0 && !ISWILD(word)) 1368 continue; 1369 if (!ISWILD(word)) 1370 got_flag |= NONWILD_SERVER; 1371 1372 /* 1373 * Got some sort of a match - see if it's better than what 1374 * we have already. 1375 */ 1376 if (got_flag <= best_flag) 1377 continue; 1378 1379 /* 1380 * Get the secret. 1381 */ 1382 if (!getword(f, word, &newline, filename)) 1383 break; 1384 if (newline) 1385 continue; 1386 1387 /* 1388 * Special syntax: @filename means read secret from file. 1389 */ 1390 if (word[0] == '@') { 1391 strcpy(atfile, word+1); 1392 if ((sf = fopen(atfile, "r")) == NULL) { 1393 syslog(LOG_WARNING, "can't open indirect secret file %s", 1394 atfile); 1395 continue; 1396 } 1397 check_access(sf, atfile); 1398 if (!getword(sf, word, &xxx, atfile)) { 1399 syslog(LOG_WARNING, "no secret in indirect secret file %s", 1400 atfile); 1401 fclose(sf); 1402 continue; 1403 } 1404 fclose(sf); 1405 } 1406 if (secret != NULL) 1407 strcpy(lsecret, word); 1408 1409 /* 1410 * Now read address authorization info and make a wordlist. 1411 */ 1412 alist = alast = NULL; 1413 for (;;) { 1414 if (!getword(f, word, &newline, filename) || newline) 1415 break; 1416 ap = (struct wordlist *) malloc(sizeof(struct wordlist) 1417 + strlen(word)); 1418 if (ap == NULL) 1419 novm("authorized addresses"); 1420 ap->next = NULL; 1421 strcpy(ap->word, word); 1422 if (alist == NULL) 1423 alist = ap; 1424 else 1425 alast->next = ap; 1426 alast = ap; 1427 } 1428 1429 /* 1430 * Check if the given IP address is allowed by the wordlist. 1431 */ 1432 if (ipaddr != 0 && !ip_addr_check(ipaddr, alist)) { 1433 free_wordlist(alist); 1434 continue; 1435 } 1436 1437 /* 1438 * This is the best so far; remember it. 1439 */ 1440 best_flag = got_flag; 1441 if (addr_list) 1442 free_wordlist(addr_list); 1443 addr_list = alist; 1444 if (secret != NULL) 1445 strcpy(secret, lsecret); 1446 1447 if (!newline) 1448 break; 1449 } 1450 1451 if (addrs != NULL) 1452 *addrs = addr_list; 1453 else if (addr_list != NULL) 1454 free_wordlist(addr_list); 1455 1456 return best_flag; 1457 } 1458 1459 /* 1460 * free_wordlist - release memory allocated for a wordlist. 1461 */ 1462 static void 1463 free_wordlist(wp) 1464 struct wordlist *wp; 1465 { 1466 struct wordlist *next; 1467 1468 while (wp != NULL) { 1469 next = wp->next; 1470 free(wp); 1471 wp = next; 1472 } 1473 } 1474 1475 /* 1476 * auth_script - execute a script with arguments 1477 * interface-name peer-name real-user tty speed 1478 */ 1479 static void 1480 auth_script(script) 1481 char *script; 1482 { 1483 char strspeed[32]; 1484 struct passwd *pw; 1485 char struid[32]; 1486 char *user_name; 1487 char *argv[8]; 1488 1489 if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL) 1490 user_name = pw->pw_name; 1491 else { 1492 sprintf(struid, "%u", getuid()); 1493 user_name = struid; 1494 } 1495 sprintf(strspeed, "%d", baud_rate); 1496 1497 argv[0] = script; 1498 argv[1] = ifname; 1499 argv[2] = peer_authname; 1500 argv[3] = user_name; 1501 argv[4] = devnam; 1502 argv[5] = strspeed; 1503 argv[6] = NULL; 1504 1505 run_program(script, argv, 0); 1506 } 1507