1 /* $OpenBSD: auth.c,v 1.26 2003/02/18 13:14:43 jmc Exp $ */ 2 3 /* 4 * auth.c - PPP authentication and phase control. 5 * 6 * Copyright (c) 1989-2002 Paul Mackerras. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. The name(s) of the authors of this software must not be used to 21 * endorse or promote products derived from this software without 22 * prior written permission. 23 * 24 * 4. Redistributions of any form whatsoever must retain the following 25 * acknowledgment: 26 * "This product includes software developed by Paul Mackerras 27 * <paulus@samba.org>". 28 * 29 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO 30 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 31 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY 32 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 33 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 34 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 35 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 36 * 37 * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. 38 * 39 * Redistribution and use in source and binary forms, with or without 40 * modification, are permitted provided that the following conditions 41 * are met: 42 * 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 46 * 2. Redistributions in binary form must reproduce the above copyright 47 * notice, this list of conditions and the following disclaimer in 48 * the documentation and/or other materials provided with the 49 * distribution. 50 * 51 * 3. The name "Carnegie Mellon University" must not be used to 52 * endorse or promote products derived from this software without 53 * prior written permission. For permission or any legal 54 * details, please contact 55 * Office of Technology Transfer 56 * Carnegie Mellon University 57 * 5000 Forbes Avenue 58 * Pittsburgh, PA 15213-3890 59 * (412) 268-4387, fax: (412) 268-7395 60 * tech-transfer@andrew.cmu.edu 61 * 62 * 4. Redistributions of any form whatsoever must retain the following 63 * acknowledgment: 64 * "This product includes software developed by Computing Services 65 * at Carnegie Mellon University (http://www.cmu.edu/computing/)." 66 * 67 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 68 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 69 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 70 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 71 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 72 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 73 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 74 */ 75 76 #ifndef lint 77 #if 0 78 static char rcsid[] = "Id: auth.c,v 1.37 1998/03/26 04:46:03 paulus Exp $"; 79 #else 80 static char rcsid[] = "$OpenBSD: auth.c,v 1.26 2003/02/18 13:14:43 jmc Exp $"; 81 #endif 82 #endif 83 84 #include <stdio.h> 85 #include <stddef.h> 86 #include <stdlib.h> 87 #include <unistd.h> 88 #include <syslog.h> 89 #include <pwd.h> 90 #include <string.h> 91 #include <sys/types.h> 92 #include <sys/stat.h> 93 #include <sys/socket.h> 94 #include <utmp.h> 95 #include <fcntl.h> 96 #if defined(_PATH_LASTLOG) && defined(_linux_) 97 #include <lastlog.h> 98 #endif 99 100 #include <netdb.h> 101 #include <netinet/in.h> 102 #include <arpa/inet.h> 103 104 #ifdef USE_PAM 105 #include <security/pam_appl.h> 106 #endif 107 108 #ifdef HAS_SHADOW 109 #include <shadow.h> 110 #ifndef PW_PPP 111 #define PW_PPP PW_LOGIN 112 #endif 113 #endif 114 115 #include "pppd.h" 116 #include "fsm.h" 117 #include "lcp.h" 118 #include "ipcp.h" 119 #include "upap.h" 120 #include "chap.h" 121 #ifdef CBCP_SUPPORT 122 #include "cbcp.h" 123 #endif 124 #include "pathnames.h" 125 126 /* Used for storing a sequence of words. Usually malloced. */ 127 struct wordlist { 128 struct wordlist *next; 129 char word[1]; 130 }; 131 132 /* Bits in scan_authfile return value */ 133 #define NONWILD_SERVER 1 134 #define NONWILD_CLIENT 2 135 136 #define ISWILD(word) (word[0] == '*' && word[1] == 0) 137 138 #define FALSE 0 139 #define TRUE 1 140 141 /* The name by which the peer authenticated itself to us. */ 142 char peer_authname[MAXNAMELEN]; 143 144 /* Records which authentication operations haven't completed yet. */ 145 static int auth_pending[NUM_PPP]; 146 147 /* Set if we have successfully called plogin() */ 148 static int logged_in; 149 150 /* Set if we have run the /etc/ppp/auth-up script. */ 151 static int did_authup; 152 153 /* List of addresses which the peer may use. */ 154 static struct wordlist *addresses[NUM_PPP]; 155 156 /* Number of network protocols which we have opened. */ 157 static int num_np_open; 158 159 /* Number of network protocols which have come up. */ 160 static int num_np_up; 161 162 /* Set if we got the contents of passwd[] from the pap-secrets file. */ 163 static int passwd_from_file; 164 165 /* Bits in auth_pending[] */ 166 #define PAP_WITHPEER 1 167 #define PAP_PEER 2 168 #define CHAP_WITHPEER 4 169 #define CHAP_PEER 8 170 171 extern char *crypt(const char *, const char *); 172 173 /* Prototypes for procedures local to this file. */ 174 175 static void network_phase(int); 176 static void check_idle(void *); 177 static void connect_time_expired(void *); 178 static int plogin(char *, char *, char **, int *); 179 static void plogout(void); 180 static int null_login(int); 181 static int get_pap_passwd(char *); 182 static int have_pap_secret(void); 183 static int have_chap_secret(char *, char *, u_int32_t); 184 static int ip_addr_check(u_int32_t, struct wordlist *); 185 static int scan_authfile(FILE *, char *, char *, u_int32_t, char *, 186 struct wordlist **, char *); 187 static void free_wordlist(struct wordlist *); 188 static void auth_script(char *); 189 static void set_allowed_addrs(int, struct wordlist *); 190 191 /* 192 * An Open on LCP has requested a change from Dead to Establish phase. 193 * Do what's necessary to bring the physical layer up. 194 */ 195 void 196 link_required(unit) 197 int unit; 198 { 199 } 200 201 /* 202 * LCP has terminated the link; go to the Dead phase and take the 203 * physical layer down. 204 */ 205 void 206 link_terminated(unit) 207 int unit; 208 { 209 if (phase == PHASE_DEAD) 210 return; 211 if (logged_in) 212 plogout(); 213 phase = PHASE_DEAD; 214 syslog(LOG_NOTICE, "Connection terminated."); 215 } 216 217 /* 218 * LCP has gone down; it will either die or try to re-establish. 219 */ 220 void 221 link_down(unit) 222 int unit; 223 { 224 int i; 225 struct protent *protp; 226 227 if (did_authup) { 228 auth_script(_PATH_AUTHDOWN); 229 did_authup = 0; 230 } 231 for (i = 0; (protp = protocols[i]) != NULL; ++i) { 232 if (!protp->enabled_flag) 233 continue; 234 if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) 235 (*protp->lowerdown)(unit); 236 if (protp->protocol < 0xC000 && protp->close != NULL) 237 (*protp->close)(unit, "LCP down"); 238 } 239 num_np_open = 0; 240 num_np_up = 0; 241 if (phase != PHASE_DEAD) 242 phase = PHASE_TERMINATE; 243 } 244 245 /* 246 * The link is established. 247 * Proceed to the Dead, Authenticate or Network phase as appropriate. 248 */ 249 void 250 link_established(unit) 251 int unit; 252 { 253 int auth; 254 lcp_options *wo = &lcp_wantoptions[unit]; 255 lcp_options *go = &lcp_gotoptions[unit]; 256 lcp_options *ho = &lcp_hisoptions[unit]; 257 int i; 258 struct protent *protp; 259 260 /* 261 * Tell higher-level protocols that LCP is up. 262 */ 263 for (i = 0; (protp = protocols[i]) != NULL; ++i) 264 if (protp->protocol != PPP_LCP && protp->enabled_flag 265 && protp->lowerup != NULL) 266 (*protp->lowerup)(unit); 267 268 if (auth_required && !(go->neg_chap || go->neg_upap)) { 269 /* 270 * We wanted the peer to authenticate itself, and it refused: 271 * treat it as though it authenticated with PAP using a username 272 * of "" and a password of "". If that's not OK, boot it out. 273 */ 274 if (!wo->neg_upap || !null_login(unit)) { 275 syslog(LOG_WARNING, "peer refused to authenticate"); 276 lcp_close(unit, "peer refused to authenticate"); 277 return; 278 } 279 } 280 281 phase = PHASE_AUTHENTICATE; 282 auth = 0; 283 if (go->neg_chap) { 284 ChapAuthPeer(unit, our_name, go->chap_mdtype); 285 auth |= CHAP_PEER; 286 } else if (go->neg_upap) { 287 upap_authpeer(unit); 288 auth |= PAP_PEER; 289 } 290 if (ho->neg_chap) { 291 ChapAuthWithPeer(unit, user, ho->chap_mdtype); 292 auth |= CHAP_WITHPEER; 293 } else if (ho->neg_upap) { 294 if (passwd[0] == 0) { 295 passwd_from_file = 1; 296 if (!get_pap_passwd(passwd)) 297 syslog(LOG_ERR, "No secret found for PAP login"); 298 } 299 upap_authwithpeer(unit, user, passwd); 300 auth |= PAP_WITHPEER; 301 } 302 auth_pending[unit] = auth; 303 304 if (!auth) 305 network_phase(unit); 306 } 307 308 /* 309 * Proceed to the network phase. 310 */ 311 static void 312 network_phase(unit) 313 int unit; 314 { 315 int i; 316 struct protent *protp; 317 lcp_options *go = &lcp_gotoptions[unit]; 318 319 /* 320 * If the peer had to authenticate, run the auth-up script now. 321 */ 322 if ((go->neg_chap || go->neg_upap) && !did_authup) { 323 auth_script(_PATH_AUTHUP); 324 did_authup = 1; 325 } 326 327 #ifdef CBCP_SUPPORT 328 /* 329 * If we negotiated callback, do it now. 330 */ 331 if (go->neg_cbcp) { 332 phase = PHASE_CALLBACK; 333 (*cbcp_protent.open)(unit); 334 return; 335 } 336 #endif 337 338 phase = PHASE_NETWORK; 339 #if 0 340 if (!demand) 341 set_filters(&pass_filter, &active_filter); 342 #endif 343 for (i = 0; (protp = protocols[i]) != NULL; ++i) 344 if (protp->protocol < 0xC000 && protp->enabled_flag 345 && protp->open != NULL) { 346 (*protp->open)(unit); 347 if (protp->protocol != PPP_CCP) 348 ++num_np_open; 349 } 350 351 if (num_np_open == 0) 352 /* nothing to do */ 353 lcp_close(0, "No network protocols running"); 354 } 355 356 /* 357 * The peer has failed to authenticate himself using `protocol'. 358 */ 359 void 360 auth_peer_fail(unit, protocol) 361 int unit, protocol; 362 { 363 /* 364 * Authentication failure: take the link down 365 */ 366 lcp_close(unit, "Authentication failed"); 367 } 368 369 /* 370 * The peer has been successfully authenticated using `protocol'. 371 */ 372 void 373 auth_peer_success(unit, protocol, name, namelen) 374 int unit, protocol; 375 char *name; 376 int namelen; 377 { 378 int bit; 379 380 switch (protocol) { 381 case PPP_CHAP: 382 bit = CHAP_PEER; 383 break; 384 case PPP_PAP: 385 bit = PAP_PEER; 386 break; 387 default: 388 syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", 389 protocol); 390 return; 391 } 392 393 /* 394 * Save the authenticated name of the peer for later. 395 */ 396 if (namelen > sizeof(peer_authname) - 1) 397 namelen = sizeof(peer_authname) - 1; 398 BCOPY(name, peer_authname, namelen); 399 peer_authname[namelen] = 0; 400 script_setenv("PEERNAME", peer_authname); 401 402 /* 403 * If there is no more authentication still to be done, 404 * proceed to the network (or callback) phase. 405 */ 406 if ((auth_pending[unit] &= ~bit) == 0) 407 network_phase(unit); 408 } 409 410 /* 411 * We have failed to authenticate ourselves to the peer using `protocol'. 412 */ 413 void 414 auth_withpeer_fail(unit, protocol) 415 int unit, protocol; 416 { 417 if (passwd_from_file) 418 BZERO(passwd, MAXSECRETLEN); 419 /* 420 * We've failed to authenticate ourselves to our peer. 421 * He'll probably take the link down, and there's not much 422 * we can do except wait for that. 423 */ 424 } 425 426 /* 427 * We have successfully authenticated ourselves with the peer using `protocol'. 428 */ 429 void 430 auth_withpeer_success(unit, protocol) 431 int unit, protocol; 432 { 433 int bit; 434 435 switch (protocol) { 436 case PPP_CHAP: 437 bit = CHAP_WITHPEER; 438 break; 439 case PPP_PAP: 440 if (passwd_from_file) 441 BZERO(passwd, MAXSECRETLEN); 442 bit = PAP_WITHPEER; 443 break; 444 default: 445 syslog(LOG_WARNING, "auth_peer_success: unknown protocol %x", 446 protocol); 447 bit = 0; 448 } 449 450 /* 451 * If there is no more authentication still being done, 452 * proceed to the network (or callback) phase. 453 */ 454 if ((auth_pending[unit] &= ~bit) == 0) 455 network_phase(unit); 456 } 457 458 459 /* 460 * np_up - a network protocol has come up. 461 */ 462 void 463 np_up(unit, proto) 464 int unit, proto; 465 { 466 if (num_np_up == 0) { 467 /* 468 * At this point we consider that the link has come up successfully. 469 */ 470 need_holdoff = 0; 471 472 if (idle_time_limit > 0) 473 TIMEOUT(check_idle, NULL, idle_time_limit); 474 475 /* 476 * Set a timeout to close the connection once the maximum 477 * connect time has expired. 478 */ 479 if (maxconnect > 0) 480 TIMEOUT(connect_time_expired, 0, maxconnect); 481 482 /* 483 * Detach now, if the updetach option was given. 484 */ 485 if (nodetach == -1) 486 detach(); 487 } 488 ++num_np_up; 489 } 490 491 /* 492 * np_down - a network protocol has gone down. 493 */ 494 void 495 np_down(unit, proto) 496 int unit, proto; 497 { 498 if (--num_np_up == 0 && idle_time_limit > 0) { 499 UNTIMEOUT(check_idle, NULL); 500 } 501 } 502 503 /* 504 * np_finished - a network protocol has finished using the link. 505 */ 506 void 507 np_finished(unit, proto) 508 int unit, proto; 509 { 510 if (--num_np_open <= 0) { 511 /* no further use for the link: shut up shop. */ 512 lcp_close(0, "No network protocols running"); 513 } 514 } 515 516 /* 517 * check_idle - check whether the link has been idle for long 518 * enough that we can shut it down. 519 */ 520 static void 521 check_idle(arg) 522 void *arg; 523 { 524 struct ppp_idle idle; 525 time_t itime; 526 527 if (!get_idle_time(0, &idle)) 528 return; 529 itime = MIN(idle.xmit_idle, idle.recv_idle); 530 if (itime >= idle_time_limit) { 531 /* link is idle: shut it down. */ 532 syslog(LOG_INFO, "Terminating connection due to lack of activity."); 533 lcp_close(0, "Link inactive"); 534 } else { 535 TIMEOUT(check_idle, NULL, idle_time_limit - itime); 536 } 537 } 538 539 /* 540 * connect_time_expired - log a message and close the connection. 541 */ 542 static void 543 connect_time_expired(arg) 544 void *arg; 545 { 546 syslog(LOG_INFO, "Connect time expired"); 547 lcp_close(0, "Connect time expired"); /* Close connection */ 548 } 549 550 /* 551 * auth_check_options - called to check authentication options. 552 */ 553 void 554 auth_check_options() 555 { 556 lcp_options *wo = &lcp_wantoptions[0]; 557 int can_auth; 558 ipcp_options *ipwo = &ipcp_wantoptions[0]; 559 u_int32_t remote; 560 561 /* Default our_name to hostname, and user to our_name */ 562 if (our_name[0] == 0 || usehostname) 563 strcpy(our_name, hostname); 564 if (user[0] == 0) 565 strcpy(user, our_name); 566 567 /* If authentication is required, ask peer for CHAP or PAP. */ 568 if (auth_required && !wo->neg_chap && !wo->neg_upap) { 569 wo->neg_chap = 1; 570 wo->neg_upap = 1; 571 } 572 573 /* 574 * Check whether we have appropriate secrets to use 575 * to authenticate the peer. 576 */ 577 can_auth = wo->neg_upap && (uselogin || have_pap_secret()); 578 if (!can_auth && wo->neg_chap) { 579 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 580 can_auth = have_chap_secret(remote_name, our_name, remote); 581 } 582 583 if (auth_required && !can_auth) { 584 option_error("peer authentication required but no suitable secret(s) found\n"); 585 if (remote_name[0] == 0) 586 option_error("for authenticating any peer to us (%s)\n", our_name); 587 else 588 option_error("for authenticating peer %s to us (%s)\n", 589 remote_name, our_name); 590 exit(1); 591 } 592 593 /* 594 * Check whether the user tried to override certain values 595 * set by root. 596 */ 597 if (!auth_required && auth_req_info.priv > 0) { 598 if (!default_device && devnam_info.priv == 0) { 599 option_error("can't override device name when noauth option used"); 600 exit(1); 601 } 602 if ((connector != NULL && connector_info.priv == 0) 603 || (disconnector != NULL && disconnector_info.priv == 0) 604 || (welcomer != NULL && welcomer_info.priv == 0)) { 605 option_error("can't override connect, disconnect or welcome"); 606 option_error("option values when noauth option used"); 607 exit(1); 608 } 609 } 610 } 611 612 /* 613 * auth_reset - called when LCP is starting negotiations to recheck 614 * authentication options, i.e. whether we have appropriate secrets 615 * to use for authenticating ourselves and/or the peer. 616 */ 617 void 618 auth_reset(unit) 619 int unit; 620 { 621 lcp_options *go = &lcp_gotoptions[unit]; 622 lcp_options *ao = &lcp_allowoptions[0]; 623 ipcp_options *ipwo = &ipcp_wantoptions[0]; 624 u_int32_t remote; 625 626 ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL)); 627 ao->neg_chap = !refuse_chap 628 && have_chap_secret(user, remote_name, (u_int32_t)0); 629 630 if (go->neg_upap && !uselogin && !have_pap_secret()) 631 go->neg_upap = 0; 632 if (go->neg_chap) { 633 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 634 if (!have_chap_secret(remote_name, our_name, remote)) 635 go->neg_chap = 0; 636 } 637 } 638 639 640 /* 641 * check_passwd - Check the user name and passwd against the PAP secrets 642 * file. If requested, also check against the system password database, 643 * and login the user if OK. 644 * 645 * returns: 646 * UPAP_AUTHNAK: Authentication failed. 647 * UPAP_AUTHACK: Authentication succeeded. 648 * In either case, msg points to an appropriate message. 649 */ 650 int 651 check_passwd(unit, auser, userlen, apasswd, passwdlen, msg, msglen) 652 int unit; 653 char *auser; 654 int userlen; 655 char *apasswd; 656 int passwdlen; 657 char **msg; 658 int *msglen; 659 { 660 int ret; 661 char *filename; 662 FILE *f; 663 struct wordlist *addrs; 664 u_int32_t remote; 665 ipcp_options *ipwo = &ipcp_wantoptions[unit]; 666 char passwd[256], user[256]; 667 char secret[MAXWORDLEN]; 668 static int attempts = 0; 669 670 /* 671 * Make copies of apasswd and auser, then null-terminate them. 672 */ 673 BCOPY(apasswd, passwd, passwdlen); 674 passwd[passwdlen] = '\0'; 675 BCOPY(auser, user, userlen); 676 user[userlen] = '\0'; 677 *msg = (char *) 0; 678 679 /* 680 * Open the file of pap secrets and scan for a suitable secret 681 * for authenticating this user. 682 */ 683 filename = _PATH_UPAPFILE; 684 addrs = NULL; 685 ret = UPAP_AUTHACK; 686 f = fopen(filename, "r"); 687 if (f == NULL) { 688 syslog(LOG_ERR, "Can't open PAP password file %s: %m", filename); 689 ret = UPAP_AUTHNAK; 690 } else { 691 check_access(f, filename); 692 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 693 if (scan_authfile(f, user, our_name, remote, 694 secret, &addrs, filename) < 0 695 || (secret[0] != 0 && (cryptpap || strcmp(passwd, secret) != 0) 696 && strcmp(crypt(passwd, secret), secret) != 0)) { 697 syslog(LOG_WARNING, "PAP authentication failure for %s", user); 698 ret = UPAP_AUTHNAK; 699 } 700 fclose(f); 701 } 702 703 if (uselogin && ret == UPAP_AUTHACK) { 704 ret = plogin(user, passwd, msg, msglen); 705 if (ret == UPAP_AUTHNAK) { 706 syslog(LOG_WARNING, "PAP login failure for %s", user); 707 } 708 } 709 710 if (ret == UPAP_AUTHNAK) { 711 if (*msg == (char *) 0) 712 *msg = "Login incorrect"; 713 *msglen = strlen(*msg); 714 /* 715 * Frustrate passwd stealer programs. 716 * Allow 10 tries, but start backing off after 3 (stolen from login). 717 * On 10'th, drop the connection. 718 */ 719 if (attempts++ >= 10) { 720 syslog(LOG_WARNING, "%d LOGIN FAILURES ON %s, %s", 721 attempts, devnam, user); 722 quit(); 723 } 724 if (attempts > 3) 725 sleep((u_int) (attempts - 3) * 5); 726 if (addrs != NULL) 727 free_wordlist(addrs); 728 729 } else { 730 attempts = 0; /* Reset count */ 731 if (*msg == (char *) 0) 732 *msg = "Login ok"; 733 *msglen = strlen(*msg); 734 set_allowed_addrs(unit, addrs); 735 } 736 737 BZERO(passwd, sizeof(passwd)); 738 BZERO(secret, sizeof(secret)); 739 740 return ret; 741 } 742 743 /* 744 * This function is needed for PAM. 745 */ 746 747 #ifdef USE_PAM 748 static char *PAM_username = ""; 749 static char *PAM_password = ""; 750 751 #ifdef PAM_ESTABLISH_CRED /* new PAM defines :(^ */ 752 #define MY_PAM_STRERROR(err_code) (char *) pam_strerror(pamh,err_code) 753 #else 754 #define MY_PAM_STRERROR(err_code) (char *) pam_strerror(err_code) 755 #endif 756 757 static int pam_conv (int num_msg, 758 const struct pam_message **msg, 759 struct pam_response **resp, 760 void *appdata_ptr) 761 { 762 int count = 0, replies = 0; 763 struct pam_response *reply = NULL; 764 int size = 0; 765 766 for (count = 0; count < num_msg; count++) 767 { 768 size += sizeof (struct pam_response); 769 reply = realloc (reply, size); /* ANSI: is malloc() if reply==NULL */ 770 if (!reply) 771 return PAM_CONV_ERR; 772 773 switch (msg[count]->msg_style) 774 { 775 case PAM_PROMPT_ECHO_ON: 776 reply[replies].resp_retcode = PAM_SUCCESS; 777 reply[replies++].resp = strdup(PAM_username); /* never NULL */ 778 break; 779 780 case PAM_PROMPT_ECHO_OFF: 781 reply[replies].resp_retcode = PAM_SUCCESS; 782 reply[replies++].resp = strdup(PAM_password); /* never NULL */ 783 break; 784 785 case PAM_TEXT_INFO: 786 reply[replies].resp_retcode = PAM_SUCCESS; 787 reply[replies++].resp = NULL; 788 break; 789 790 case PAM_ERROR_MSG: 791 default: 792 free (reply); 793 return PAM_CONV_ERR; 794 } 795 } 796 797 if (resp) 798 *resp = reply; 799 else 800 free (reply); 801 802 return PAM_SUCCESS; 803 } 804 #endif 805 806 /* 807 * plogin - Check the user name and password against the system 808 * password database, and login the user if OK. 809 * 810 * returns: 811 * UPAP_AUTHNAK: Login failed. 812 * UPAP_AUTHACK: Login succeeded. 813 * In either case, msg points to an appropriate message. 814 */ 815 816 static int 817 plogin(user, passwd, msg, msglen) 818 char *user; 819 char *passwd; 820 char **msg; 821 int *msglen; 822 { 823 824 #ifdef USE_PAM 825 826 struct pam_conv pam_conversation; 827 pam_handle_t *pamh; 828 int pam_error; 829 /* 830 * Fill the pam_conversion structure 831 */ 832 memset (&pam_conversation, '\0', sizeof (struct pam_conv)); 833 pam_conversation.conv = &pam_conv; 834 835 pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); 836 837 if (pam_error != PAM_SUCCESS) { 838 *msg = MY_PAM_STRERROR (pam_error); 839 return UPAP_AUTHNAK; 840 } 841 /* 842 * Define the fields for the credential validation 843 */ 844 (void) pam_set_item (pamh, PAM_TTY, devnam); 845 PAM_username = user; 846 PAM_password = passwd; 847 /* 848 * Validate the user 849 */ 850 pam_error = pam_authenticate (pamh, PAM_SILENT); 851 if (pam_error == PAM_SUCCESS) { 852 pam_error = pam_acct_mgmt (pamh, PAM_SILENT); 853 854 /* start a session for this user. Session closed when link ends. */ 855 if (pam_error == PAM_SUCCESS) 856 (void) pam_open_session (pamh, PAM_SILENT); 857 } 858 859 *msg = MY_PAM_STRERROR (pam_error); 860 861 PAM_username = 862 PAM_password = ""; 863 /* 864 * Clean up the mess 865 */ 866 (void) pam_end (pamh, pam_error); 867 868 if (pam_error != PAM_SUCCESS) 869 return UPAP_AUTHNAK; 870 /* 871 * Use the non-PAM methods directly 872 */ 873 #else /* #ifdef USE_PAM */ 874 875 struct passwd *pw; 876 char *tty; 877 878 #ifdef HAS_SHADOW 879 struct spwd *spwd; 880 struct spwd *getspnam(); 881 #endif 882 883 pw = getpwnam(user); 884 endpwent(); 885 if (pw == NULL) { 886 return (UPAP_AUTHNAK); 887 } 888 889 #ifdef HAS_SHADOW 890 spwd = getspnam(user); 891 endspent(); 892 if (spwd) { 893 /* check the age of the password entry */ 894 long now = time(NULL) / 86400L; 895 896 if ((spwd->sp_expire > 0 && now >= spwd->sp_expire) 897 || ((spwd->sp_max >= 0 && spwd->sp_max < 10000) 898 && spwd->sp_lstchg >= 0 899 && now >= spwd->sp_lstchg + spwd->sp_max)) { 900 syslog(LOG_WARNING, "Password for %s has expired", user); 901 return (UPAP_AUTHNAK); 902 } 903 pw->pw_passwd = spwd->sp_pwdp; 904 } 905 #endif 906 907 /* 908 * If no passwd, don't let them login. 909 */ 910 if (pw->pw_passwd == NULL || *pw->pw_passwd == '\0' 911 || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) 912 return (UPAP_AUTHNAK); 913 914 /* These functions are not enabled for PAM. The reason for this is that */ 915 /* there is not necessarily a "passwd" entry for this user. That is */ 916 /* real purpose of 'PAM' -- to virtualize the account data from the */ 917 /* application. If you want to do the same thing, write the entry in */ 918 /* the 'session' hook. */ 919 920 /* 921 * Write a wtmp entry for this user. 922 */ 923 924 tty = devnam; 925 if (strncmp(tty, "/dev/", 5) == 0) 926 tty += 5; 927 logwtmp(tty, user, remote_name); /* Add wtmp login entry */ 928 929 #if defined(_PATH_LASTLOG) 930 { 931 struct lastlog ll; 932 int fd; 933 934 if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { 935 (void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET); 936 memset((void *)&ll, 0, sizeof(ll)); 937 (void)time(&ll.ll_time); 938 (void)strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); 939 (void)write(fd, (char *)&ll, sizeof(ll)); 940 (void)close(fd); 941 } 942 } 943 #endif 944 945 #endif /* #ifdef USE_PAM */ 946 947 syslog(LOG_INFO, "user %s logged in", user); 948 logged_in = TRUE; 949 950 return (UPAP_AUTHACK); 951 } 952 953 /* 954 * plogout - Logout the user. 955 */ 956 static void 957 plogout() 958 { 959 #ifdef USE_PAM 960 struct pam_conv pam_conversation; 961 pam_handle_t *pamh; 962 int pam_error; 963 /* 964 * Fill the pam_conversion structure. The PAM specification states that the 965 * session must be able to be closed by a totally different handle from which 966 * it was created. Hold the PAM group to their own specification! 967 */ 968 memset (&pam_conversation, '\0', sizeof (struct pam_conv)); 969 pam_conversation.conv = &pam_conv; 970 971 pam_error = pam_start ("ppp", user, &pam_conversation, &pamh); 972 if (pam_error == PAM_SUCCESS) { 973 (void) pam_set_item (pamh, PAM_TTY, devnam); 974 (void) pam_close_session (pamh, PAM_SILENT); 975 (void) pam_end (pamh, PAM_SUCCESS); 976 } 977 978 #else 979 char *tty; 980 981 tty = devnam; 982 if (strncmp(tty, "/dev/", 5) == 0) 983 tty += 5; 984 logwtmp(tty, "", ""); /* Wipe out utmp logout entry */ 985 #endif 986 987 logged_in = FALSE; 988 } 989 990 991 /* 992 * null_login - Check if a username of "" and a password of "" are 993 * acceptable, and iff so, set the list of acceptable IP addresses 994 * and return 1. 995 */ 996 static int 997 null_login(unit) 998 int unit; 999 { 1000 char *filename; 1001 FILE *f; 1002 int i, ret; 1003 struct wordlist *addrs; 1004 char secret[MAXWORDLEN]; 1005 1006 /* 1007 * Open the file of pap secrets and scan for a suitable secret. 1008 * We don't accept a wildcard client. 1009 */ 1010 filename = _PATH_UPAPFILE; 1011 addrs = NULL; 1012 f = fopen(filename, "r"); 1013 if (f == NULL) 1014 return 0; 1015 check_access(f, filename); 1016 1017 i = scan_authfile(f, "", our_name, (u_int32_t)0, secret, &addrs, filename); 1018 ret = i >= 0 && (i & NONWILD_CLIENT) != 0 && secret[0] == 0; 1019 BZERO(secret, sizeof(secret)); 1020 1021 if (ret) 1022 set_allowed_addrs(unit, addrs); 1023 else 1024 free_wordlist(addrs); 1025 1026 fclose(f); 1027 return ret; 1028 } 1029 1030 1031 /* 1032 * get_pap_passwd - get a password for authenticating ourselves with 1033 * our peer using PAP. Returns 1 on success, 0 if no suitable password 1034 * could be found. 1035 */ 1036 static int 1037 get_pap_passwd(passwd) 1038 char *passwd; 1039 { 1040 char *filename; 1041 FILE *f; 1042 int ret; 1043 struct wordlist *addrs; 1044 char secret[MAXWORDLEN]; 1045 1046 filename = _PATH_UPAPFILE; 1047 addrs = NULL; 1048 f = fopen(filename, "r"); 1049 if (f == NULL) 1050 return 0; 1051 check_access(f, filename); 1052 ret = scan_authfile(f, user, 1053 remote_name[0]? remote_name: NULL, 1054 (u_int32_t)0, secret, NULL, filename); 1055 fclose(f); 1056 if (ret < 0) 1057 return 0; 1058 if (passwd != NULL) 1059 strlcpy(passwd, secret, MAXSECRETLEN); 1060 BZERO(secret, sizeof(secret)); 1061 return 1; 1062 } 1063 1064 1065 /* 1066 * have_pap_secret - check whether we have a PAP file with any 1067 * secrets that we could possibly use for authenticating the peer. 1068 */ 1069 static int 1070 have_pap_secret() 1071 { 1072 FILE *f; 1073 int ret; 1074 char *filename; 1075 ipcp_options *ipwo = &ipcp_wantoptions[0]; 1076 u_int32_t remote; 1077 1078 filename = _PATH_UPAPFILE; 1079 f = fopen(filename, "r"); 1080 if (f == NULL) 1081 return 0; 1082 1083 remote = ipwo->accept_remote? 0: ipwo->hisaddr; 1084 ret = scan_authfile(f, NULL, our_name, remote, NULL, NULL, filename); 1085 fclose(f); 1086 if (ret < 0) 1087 return 0; 1088 1089 return 1; 1090 } 1091 1092 1093 /* 1094 * have_chap_secret - check whether we have a CHAP file with a 1095 * secret that we could possibly use for authenticating `client' 1096 * on `server'. Either can be the null string, meaning we don't 1097 * know the identity yet. 1098 */ 1099 static int 1100 have_chap_secret(client, server, remote) 1101 char *client; 1102 char *server; 1103 u_int32_t remote; 1104 { 1105 FILE *f; 1106 int ret; 1107 char *filename; 1108 1109 filename = _PATH_CHAPFILE; 1110 f = fopen(filename, "r"); 1111 if (f == NULL) 1112 return 0; 1113 1114 if (client[0] == 0) 1115 client = NULL; 1116 else if (server[0] == 0) 1117 server = NULL; 1118 1119 ret = scan_authfile(f, client, server, remote, NULL, NULL, filename); 1120 fclose(f); 1121 if (ret < 0) 1122 return 0; 1123 1124 return 1; 1125 } 1126 1127 1128 /* 1129 * get_secret - open the CHAP secret file and return the secret 1130 * for authenticating the given client on the given server. 1131 * (We could be either client or server). 1132 */ 1133 int 1134 get_secret(unit, client, server, secret, secret_len, save_addrs) 1135 int unit; 1136 char *client; 1137 char *server; 1138 char *secret; 1139 int *secret_len; 1140 int save_addrs; 1141 { 1142 FILE *f; 1143 int ret, len; 1144 char *filename; 1145 struct wordlist *addrs; 1146 char secbuf[MAXWORDLEN]; 1147 1148 filename = _PATH_CHAPFILE; 1149 addrs = NULL; 1150 secbuf[0] = 0; 1151 1152 f = fopen(filename, "r"); 1153 if (f == NULL) { 1154 syslog(LOG_ERR, "Can't open chap secret file %s: %m", filename); 1155 return 0; 1156 } 1157 check_access(f, filename); 1158 1159 ret = scan_authfile(f, client, server, (u_int32_t)0, 1160 secbuf, &addrs, filename); 1161 fclose(f); 1162 if (ret < 0) 1163 return 0; 1164 1165 if (save_addrs) 1166 set_allowed_addrs(unit, addrs); 1167 1168 len = strlen(secbuf); 1169 if (len > MAXSECRETLEN) { 1170 syslog(LOG_ERR, "Secret for %s on %s is too long", client, server); 1171 len = MAXSECRETLEN; 1172 } 1173 BCOPY(secbuf, secret, len); 1174 BZERO(secbuf, sizeof(secbuf)); 1175 *secret_len = len; 1176 1177 return 1; 1178 } 1179 1180 /* 1181 * set_allowed_addrs() - set the list of allowed addresses. 1182 */ 1183 static void 1184 set_allowed_addrs(unit, addrs) 1185 int unit; 1186 struct wordlist *addrs; 1187 { 1188 if (addresses[unit] != NULL) 1189 free_wordlist(addresses[unit]); 1190 addresses[unit] = addrs; 1191 1192 /* 1193 * If there's only one authorized address we might as well 1194 * ask our peer for that one right away 1195 */ 1196 if (addrs != NULL && addrs->next == NULL) { 1197 char *p = addrs->word; 1198 struct ipcp_options *wo = &ipcp_wantoptions[unit]; 1199 struct in_addr ina; 1200 struct hostent *hp; 1201 1202 if (*p != '!' && *p != '-' && !ISWILD(p) && strchr(p, '/') == NULL) { 1203 hp = gethostbyname(p); 1204 if (hp != NULL && hp->h_addrtype == AF_INET) 1205 wo->hisaddr = *(u_int32_t *)hp->h_addr; 1206 else if (inet_aton(p, &ina) == 1) 1207 wo->hisaddr = ina.s_addr; 1208 } 1209 } 1210 } 1211 1212 /* 1213 * auth_ip_addr - check whether the peer is authorized to use 1214 * a given IP address. Returns 1 if authorized, 0 otherwise. 1215 */ 1216 int 1217 auth_ip_addr(unit, addr) 1218 int unit; 1219 u_int32_t addr; 1220 { 1221 return ip_addr_check(addr, addresses[unit]); 1222 } 1223 1224 static int 1225 ip_addr_check(addr, addrs) 1226 u_int32_t addr; 1227 struct wordlist *addrs; 1228 { 1229 u_int32_t mask, ah; 1230 struct in_addr ina; 1231 int accept, r = 1; 1232 char *ptr_word, *ptr_mask; 1233 struct hostent *hp; 1234 struct netent *np; 1235 1236 /* don't allow loopback or multicast address */ 1237 if (bad_ip_adrs(addr)) 1238 return 0; 1239 1240 if (addrs == NULL) 1241 return !auth_required; /* no addresses authorized */ 1242 1243 for (; addrs != NULL; addrs = addrs->next) { 1244 /* "-" means no addresses authorized, "*" means any address allowed */ 1245 ptr_word = addrs->word; 1246 if (strcmp(ptr_word, "-") == 0) 1247 break; 1248 if (strcmp(ptr_word, "*") == 0) 1249 return 1; 1250 1251 accept = 1; 1252 if (*ptr_word == '!') { 1253 accept = 0; 1254 ++ptr_word; 1255 } 1256 1257 mask = ~ (u_int32_t) 0; 1258 ptr_mask = strchr (ptr_word, '/'); 1259 if (ptr_mask != NULL) { 1260 int bit_count; 1261 1262 bit_count = (int) strtol (ptr_mask+1, (char **) 0, 10); 1263 if (bit_count <= 0 || bit_count > 32) { 1264 syslog (LOG_WARNING, 1265 "invalid address length %s in auth. address list", 1266 ptr_mask); 1267 continue; 1268 } 1269 *ptr_mask = '\0'; 1270 mask <<= 32 - bit_count; 1271 } 1272 1273 hp = gethostbyname(ptr_word); 1274 if (hp != NULL && hp->h_addrtype == AF_INET) { 1275 ina.s_addr = *(u_int32_t *)hp->h_addr; 1276 } else { 1277 np = getnetbyname (ptr_word); 1278 if (np != NULL && np->n_addrtype == AF_INET) 1279 ina.s_addr = htonl (np->n_net); 1280 else 1281 r = inet_aton (ptr_word, &ina); 1282 if (ptr_mask == NULL) { 1283 /* calculate appropriate mask for net */ 1284 ah = ntohl(ina.s_addr); 1285 if (IN_CLASSA(ah)) 1286 mask = IN_CLASSA_NET; 1287 else if (IN_CLASSB(ah)) 1288 mask = IN_CLASSB_NET; 1289 else if (IN_CLASSC(ah)) 1290 mask = IN_CLASSC_NET; 1291 } 1292 } 1293 1294 if (ptr_mask != NULL) 1295 *ptr_mask = '/'; 1296 1297 if (r == 0) 1298 syslog (LOG_WARNING, 1299 "unknown host %s in auth. address list", 1300 addrs->word); 1301 else 1302 /* Here ina.s_addr and addr are in network byte order, 1303 and mask is in host order. */ 1304 if (((addr ^ ina.s_addr) & htonl(mask)) == 0) 1305 return accept; 1306 } 1307 return 0; /* not in list => can't have it */ 1308 } 1309 1310 /* 1311 * bad_ip_adrs - return 1 if the IP address is one we don't want 1312 * to use, such as an address in the loopback net or a multicast address. 1313 * addr is in network byte order. 1314 */ 1315 int 1316 bad_ip_adrs(addr) 1317 u_int32_t addr; 1318 { 1319 addr = ntohl(addr); 1320 return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET 1321 || IN_MULTICAST(addr) || IN_BADCLASS(addr); 1322 } 1323 1324 /* 1325 * check_access - complain if a secret file has too-liberal permissions. 1326 */ 1327 void 1328 check_access(f, filename) 1329 FILE *f; 1330 char *filename; 1331 { 1332 struct stat sbuf; 1333 1334 if (fstat(fileno(f), &sbuf) < 0) { 1335 syslog(LOG_WARNING, "cannot stat secret file %s: %m", filename); 1336 } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) { 1337 syslog(LOG_WARNING, "Warning - secret file %s has world and/or group access", filename); 1338 } 1339 } 1340 1341 1342 /* 1343 * scan_authfile - Scan an authorization file for a secret suitable 1344 * for authenticating `client' on `server'. The return value is -1 1345 * if no secret is found, otherwise >= 0. The return value has 1346 * NONWILD_CLIENT set if the secret didn't have "*" for the client, and 1347 * NONWILD_SERVER set if the secret didn't have "*" for the server. 1348 * Any following words on the line (i.e. address authorization 1349 * info) are placed in a wordlist and returned in *addrs. 1350 */ 1351 static int 1352 scan_authfile(f, client, server, ipaddr, secret, addrs, filename) 1353 FILE *f; 1354 char *client; 1355 char *server; 1356 u_int32_t ipaddr; 1357 char *secret; 1358 struct wordlist **addrs; 1359 char *filename; 1360 { 1361 int newline, xxx; 1362 int got_flag, best_flag; 1363 FILE *sf; 1364 struct wordlist *ap, *addr_list, *alist, *alast; 1365 char word[MAXWORDLEN]; 1366 char atfile[MAXWORDLEN]; 1367 char lsecret[MAXWORDLEN]; 1368 1369 if (addrs != NULL) 1370 *addrs = NULL; 1371 addr_list = NULL; 1372 if (!getword(f, word, &newline, filename)) 1373 return -1; /* file is empty??? */ 1374 newline = 1; 1375 best_flag = -1; 1376 for (;;) { 1377 /* 1378 * Skip until we find a word at the start of a line. 1379 */ 1380 while (!newline && getword(f, word, &newline, filename)) 1381 ; 1382 if (!newline) 1383 break; /* got to end of file */ 1384 1385 /* 1386 * Got a client - check if it's a match or a wildcard. 1387 */ 1388 got_flag = 0; 1389 if (client != NULL && strcmp(word, client) != 0 && !ISWILD(word)) { 1390 newline = 0; 1391 continue; 1392 } 1393 if (!ISWILD(word)) 1394 got_flag = NONWILD_CLIENT; 1395 1396 /* 1397 * Now get a server and check if it matches. 1398 */ 1399 if (!getword(f, word, &newline, filename)) 1400 break; 1401 if (newline) 1402 continue; 1403 if (server != NULL && strcmp(word, server) != 0 && !ISWILD(word)) 1404 continue; 1405 if (!ISWILD(word)) 1406 got_flag |= NONWILD_SERVER; 1407 1408 /* 1409 * Got some sort of a match - see if it's better than what 1410 * we have already. 1411 */ 1412 if (got_flag <= best_flag) 1413 continue; 1414 1415 /* 1416 * Get the secret. 1417 */ 1418 if (!getword(f, word, &newline, filename)) 1419 break; 1420 if (newline) 1421 continue; 1422 1423 /* 1424 * Special syntax: @filename means read secret from file. 1425 */ 1426 if (word[0] == '@') { 1427 strcpy(atfile, word+1); 1428 if ((sf = fopen(atfile, "r")) == NULL) { 1429 syslog(LOG_WARNING, "can't open indirect secret file %s", 1430 atfile); 1431 continue; 1432 } 1433 check_access(sf, atfile); 1434 if (!getword(sf, word, &xxx, atfile)) { 1435 syslog(LOG_WARNING, "no secret in indirect secret file %s", 1436 atfile); 1437 fclose(sf); 1438 continue; 1439 } 1440 fclose(sf); 1441 } 1442 if (secret != NULL) 1443 strcpy(lsecret, word); 1444 1445 /* 1446 * Now read address authorization info and make a wordlist. 1447 */ 1448 alist = alast = NULL; 1449 for (;;) { 1450 if (!getword(f, word, &newline, filename) || newline) 1451 break; 1452 ap = (struct wordlist *) malloc(sizeof(struct wordlist) 1453 + strlen(word)); 1454 if (ap == NULL) 1455 novm("authorized addresses"); 1456 ap->next = NULL; 1457 strcpy(ap->word, word); 1458 if (alist == NULL) 1459 alist = ap; 1460 else 1461 alast->next = ap; 1462 alast = ap; 1463 } 1464 1465 /* 1466 * Check if the given IP address is allowed by the wordlist. 1467 */ 1468 if (ipaddr != 0 && !ip_addr_check(ipaddr, alist)) { 1469 free_wordlist(alist); 1470 continue; 1471 } 1472 1473 /* 1474 * This is the best so far; remember it. 1475 */ 1476 best_flag = got_flag; 1477 if (addr_list) 1478 free_wordlist(addr_list); 1479 addr_list = alist; 1480 if (secret != NULL) 1481 strcpy(secret, lsecret); 1482 1483 if (!newline) 1484 break; 1485 } 1486 1487 if (addrs != NULL) 1488 *addrs = addr_list; 1489 else if (addr_list != NULL) 1490 free_wordlist(addr_list); 1491 1492 return best_flag; 1493 } 1494 1495 /* 1496 * free_wordlist - release memory allocated for a wordlist. 1497 */ 1498 static void 1499 free_wordlist(wp) 1500 struct wordlist *wp; 1501 { 1502 struct wordlist *next; 1503 1504 while (wp != NULL) { 1505 next = wp->next; 1506 free(wp); 1507 wp = next; 1508 } 1509 } 1510 1511 /* 1512 * auth_script - execute a script with arguments 1513 * interface-name peer-name real-user tty speed 1514 */ 1515 static void 1516 auth_script(script) 1517 char *script; 1518 { 1519 char strspeed[32]; 1520 struct passwd *pw; 1521 char struid[32]; 1522 char *user_name; 1523 char *argv[8]; 1524 1525 if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL) 1526 user_name = pw->pw_name; 1527 else { 1528 sprintf(struid, "%u", getuid()); 1529 user_name = struid; 1530 } 1531 sprintf(strspeed, "%d", baud_rate); 1532 1533 argv[0] = script; 1534 argv[1] = ifname; 1535 argv[2] = peer_authname; 1536 argv[3] = user_name; 1537 argv[4] = devnam; 1538 argv[5] = strspeed; 1539 argv[6] = NULL; 1540 1541 run_program(script, argv, 0); 1542 } 1543