Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	usr.sbin/npppd/npppd/pap.c	Lines:	0	208	0.0 %
Date:	2017-11-07	Branches:	0	104	0.0 %


/*	$OpenBSD: pap.c,v 1.10 2016/03/22 04:11:27 yasuoka Exp $ */

/*-
 * Copyright (c) 2009 Internet Initiative Japan Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */
/* $Id: pap.c,v 1.10 2016/03/22 04:11:27 yasuoka Exp $ */
/**@file
 * This file provides Password Authentication Protocol (PAP) handlers.
 * @author Yasuoka Masahiko
 */
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <net/if_dl.h>
#include <netinet/in.h>

#include <event.h>
#include <md5.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <errno.h>
#include <vis.h>

#include "slist.h"
#include "npppd.h"
#include "ppp.h"

#ifdef USE_NPPPD_RADIUS
#include <radius.h>
#include "radius_chap_const.h"
#include "npppd_radius.h"
#endif

#include "debugutil.h"

#define	AUTHREQ				0x01
#define	AUTHACK				0x02
#define	AUTHNAK				0x03

#define	PAP_STATE_INITIAL		0
#define	PAP_STATE_STARTING		1
#define	PAP_STATE_AUTHENTICATING	2
#define	PAP_STATE_SENT_RESPONSE		3
#define	PAP_STATE_STOPPED		4
#define	PAP_STATE_PROXY_AUTHENTICATION	5

#define	DEFAULT_SUCCESS_MESSAGE		"OK"
#define	DEFAULT_FAILURE_MESSAGE		"Unknown username or password"
#define	DEFAULT_ERROR_MESSAGE		"Unknown failure"

#ifdef	PAP_DEBUG
#define	PAP_DBG(x)	pap_log x
#define	PAP_ASSERT(cond)					\
	if (!(cond)) {						\
	    fprintf(stderr,					\
		"\nASSERT(" #cond ") failed on %s() at %s:%d.\n"\
		, __func__, __FILE__, __LINE__);		\
	    abort(); 						\
	}
#else
#define	PAP_ASSERT(cond)
#define	PAP_DBG(x)
#endif

static void  pap_log (pap *, uint32_t, const char *, ...) __printflike(3,4);
static void  pap_response (pap *, int, const char *);
static void  pap_authenticate(pap *, const char *);
static void  pap_local_authenticate (pap *, const char *, const char *);
#ifdef USE_NPPPD_RADIUS
static void  pap_radius_authenticate (pap *, const char *, const char *);
static void  pap_radius_response (void *, RADIUS_PACKET *, int, RADIUS_REQUEST_CTX);
#endif

#ifdef __cplusplus
extern "C" {
#endif

void  pap_init (pap *, npppd_ppp *);
int   pap_start (pap *);
int   pap_stop (pap *);
int   pap_input (pap *, u_char *, int);

#ifdef __cplusplus
}
#endif

void
pap_init(pap *_this, npppd_ppp *ppp)
{
	_this->ppp = ppp;
	_this->state = PAP_STATE_INITIAL;
	_this->auth_id = -1;
}

int
pap_start(pap *_this)
{
	pap_log(_this, LOG_DEBUG, "%s", __func__);

	if (_this->state == PAP_STATE_PROXY_AUTHENTICATION) {
		_this->state = PAP_STATE_AUTHENTICATING;
		pap_authenticate(_this, _this->ppp->proxy_authen_resp);
		return 0;
	}

	_this->state = PAP_STATE_STARTING;
	return 0;
}

int
pap_stop(pap *_this)
{
	_this->state = PAP_STATE_STOPPED;
	_this->auth_id = -1;

#ifdef USE_NPPPD_RADIUS
	if (_this->radctx != NULL) {
		radius_cancel_request(_this->radctx);
		_this->radctx = NULL;
	}
#endif
	return 0;
}

/** Receiving PAP packet */
int
pap_input(pap *_this, u_char *pktp, int lpktp)
{
	int code, id, length, len;
	u_char *pktp1;
	char name[MAX_USERNAME_LENGTH], password[MAX_PASSWORD_LENGTH];

	if (_this->state == PAP_STATE_STOPPED ||
	    _this->state == PAP_STATE_INITIAL) {
		pap_log(_this, LOG_ERR, "Received pap packet.  But pap is "
		    "not started.");
		return -1;
	}
	pktp1 = pktp;

	GETCHAR(code, pktp1);
	GETCHAR(id, pktp1);
	GETSHORT(length, pktp1);

	if (code != AUTHREQ) {
		pap_log(_this, LOG_ERR, "%s: Received unknown code=%d",
		    __func__, code);
		return -1;
	}
	if (lpktp < length) {
		pap_log(_this, LOG_ERR, "%s: Received broken packet.",
		    __func__);
		return -1;
	}

	/* retribute the username */
#define	remlen		(lpktp - (pktp1 - pktp))
	if (remlen < 1)
		goto fail;
	GETCHAR(len, pktp1);
	if (len <= 0)
		goto fail;
	if (remlen < len)
		goto fail;
	if (len > 0)
		memcpy(name, pktp1, len);
	name[len] = '\0';
	pktp1 += len;

	if (_this->state != PAP_STATE_STARTING) {
		/*
		 * Receiving identical message again, it must be the message
		 * retransmit by the peer.  Continue if the username is same.
		 */
		if ((_this->state == PAP_STATE_AUTHENTICATING ||
		    _this->state == PAP_STATE_SENT_RESPONSE) &&
		    strcmp(_this->name, name) == 0) {
			/* continue */
		} else {
			pap_log(_this, LOG_ERR,
			    "Received AuthReq is not same as before.  "
			    "(%d,%s) != (%d,%s)", id, name, _this->auth_id,
			    _this->name);
			_this->auth_id = id;
			goto fail;
		}
	}
	if (_this->state == PAP_STATE_AUTHENTICATING)
		return 0;
	_this->auth_id = id;
	strlcpy(_this->name, name, sizeof(_this->name));

	_this->state = PAP_STATE_AUTHENTICATING;

	/* retribute the password */
	if (remlen < 1)
		goto fail;
	GETCHAR(len, pktp1);
	if (remlen < len)
		goto fail;
	if (len > 0)
		memcpy(password, pktp1, len);

	password[len] = '\0';
	pap_authenticate(_this, password);

	return 0;
fail:
	pap_response(_this, 0, DEFAULT_FAILURE_MESSAGE);
	return -1;
}

static void
pap_authenticate(pap *_this, const char *password)
{
	if (npppd_ppp_bind_realm(_this->ppp->pppd, _this->ppp, _this->name, 0)
	    == 0) {
		if (!npppd_ppp_is_realm_ready(_this->ppp->pppd, _this->ppp)) {
			pap_log(_this, LOG_INFO,
			    "username=\"%s\" realm is not ready.", _this->name);
			goto fail;
			/* NOTREACHED */
		}
#if USE_NPPPD_RADIUS
		if (npppd_ppp_is_realm_radius(_this->ppp->pppd, _this->ppp)) {
			pap_radius_authenticate(_this, _this->name, password);
			return;
			/* NOTREACHED */
		} else
#endif
		if (npppd_ppp_is_realm_local(_this->ppp->pppd, _this->ppp)) {
			pap_local_authenticate(_this, _this->name, password);
			return;
			/* NOTREACHED */
		}
	}
fail:
	pap_response(_this, 0, DEFAULT_FAILURE_MESSAGE);
}

static void
pap_log(pap *_this, uint32_t prio, const char *fmt, ...)
{
	char logbuf[BUFSIZ];
	va_list ap;

	va_start(ap, fmt);
	snprintf(logbuf, sizeof(logbuf), "ppp id=%u layer=pap %s",
	    _this->ppp->id, fmt);
	vlog_printf(prio, logbuf, ap);
	va_end(ap);
}

static void
pap_response(pap *_this, int authok, const char *mes)
{
	int lpktp, lmes;
	u_char *pktp, *pktp1;
	const char *realm;

	pktp = ppp_packetbuf(_this->ppp, PPP_PROTO_PAP) + HEADERLEN;
	lpktp = _this->ppp->mru - HEADERLEN;
	realm = npppd_ppp_get_realm_name(_this->ppp->pppd, _this->ppp);

	pktp1 = pktp;
	if (mes == NULL)
		lmes = 0;
	else
		lmes = strlen(mes);
	lmes = MINIMUM(lmes, lpktp - 1);

	PUTCHAR(lmes, pktp1);
	if (lmes > 0)
		memcpy(pktp1, mes, lmes);
	lpktp = lmes + 1;

	if (authok)
		ppp_output(_this->ppp, PPP_PROTO_PAP, AUTHACK, _this->auth_id,
		    pktp, lpktp);
	else
		ppp_output(_this->ppp, PPP_PROTO_PAP, AUTHNAK, _this->auth_id,
		    pktp, lpktp);

	if (!authok) {
		pap_log(_this, LOG_ALERT,
		    "logtype=Failure username=\"%s\" realm=%s", _this->name,
		    realm);
		pap_stop(_this);
		ppp_set_disconnect_cause(_this->ppp,
		    PPP_DISCON_AUTH_FAILED, PPP_PROTO_PAP, 1 /* peer */, NULL);
		ppp_stop(_this->ppp, "Authentication Required");
	} else {
		strlcpy(_this->ppp->username, _this->name,
		    sizeof(_this->ppp->username));
		pap_log(_this, LOG_INFO,
		    "logtype=Success username=\"%s\" realm=%s", _this->name,
		    realm);
		pap_stop(_this);
		ppp_auth_ok(_this->ppp);
		/* reset the state to response request of retransmision. */
		_this->state = PAP_STATE_SENT_RESPONSE;
	}
}

static void
pap_local_authenticate(pap *_this, const char *username, const char *password)
{
	int lpassword0;
	char password0[MAX_PASSWORD_LENGTH];

	lpassword0 = sizeof(password0);

	if (npppd_get_user_password(_this->ppp->pppd, _this->ppp, username,
	    password0, &lpassword0) == 0) {
		if (!strcmp(password0, password)) {
			pap_response(_this, 1, DEFAULT_SUCCESS_MESSAGE);
			return;
		}
	}
	pap_response(_this, 0, DEFAULT_FAILURE_MESSAGE);
}

/***********************************************************************
 * Proxy Authentication
 ***********************************************************************/
int
pap_proxy_authen_prepare(pap *_this, dialin_proxy_info *dpi)
{

	PAP_ASSERT(dpi->auth_type == PPP_AUTH_PAP);
	PAP_ASSERT(_this->state == PAP_STATE_INITIAL);

	_this->auth_id = dpi->auth_id;
	if (strlen(dpi->username) >= sizeof(_this->name)) {
		pap_log(_this, LOG_NOTICE,
		    "\"Proxy Authen Name\" is too long.");
		return -1;
	}

	/* copy the authenticaiton properties */
	PAP_ASSERT(_this->ppp->proxy_authen_resp == NULL);
	if ((_this->ppp->proxy_authen_resp = malloc(dpi->lauth_resp + 1)) ==
	    NULL) {
		pap_log(_this, LOG_ERR, "malloc() failed in %s(): %m",
		    __func__);
		return -1;
	}
	memcpy(_this->ppp->proxy_authen_resp, dpi->auth_resp,
	    dpi->lauth_resp);
	_this->ppp->proxy_authen_resp[dpi->lauth_resp] = '\0';
	strlcpy(_this->name, dpi->username, sizeof(_this->name));

	_this->state = PAP_STATE_PROXY_AUTHENTICATION;

	return 0;
}

#ifdef USE_NPPPD_RADIUS
static void
pap_radius_authenticate(pap *_this, const char *username, const char *password)
{
	void *radctx;
	RADIUS_PACKET *radpkt;
	MD5_CTX md5ctx;
	int i, j, s_len, passlen;
	u_char ra[16], digest[16], pass[128];
	const char *s;
	radius_req_setting *rad_setting = NULL;
	char buf0[MAX_USERNAME_LENGTH];

	if ((rad_setting = npppd_get_radius_auth_setting(_this->ppp->pppd,
	    _this->ppp)) == NULL)
		goto fail;

	if ((radpkt = radius_new_request_packet(RADIUS_CODE_ACCESS_REQUEST))
	    == NULL)
		goto fail;

	if (radius_prepare(rad_setting, _this, &radctx, pap_radius_response)
	    != 0) {
		radius_delete_packet(radpkt);
		goto fail;
	}

	if (ppp_set_radius_attrs_for_authreq(_this->ppp, rad_setting, radpkt)
	    != 0)
		goto fail;

	if (radius_put_string_attr(radpkt, RADIUS_TYPE_USER_NAME,
	    npppd_ppp_get_username_for_auth(_this->ppp->pppd, _this->ppp,
	    username, buf0)) != 0)
		goto fail;

	if (_this->radctx != NULL)
		radius_cancel_request(_this->radctx);

	_this->radctx = radctx;

	/* Create RADIUS User-Password Attribute (RFC 2865, 5.2.) */
	s = radius_get_server_secret(_this->radctx);
	s_len = strlen(s);

	memset(pass, 0, sizeof(pass)); /* null padding */
	passlen = MINIMUM(strlen(password), sizeof(pass));
	memcpy(pass, password, passlen);
	if ((passlen % 16) != 0)
		passlen += 16 - (passlen % 16);

	radius_get_authenticator(radpkt, ra);

	MD5Init(&md5ctx);
	MD5Update(&md5ctx, s, s_len);
	MD5Update(&md5ctx, ra, 16);
	MD5Final(digest, &md5ctx);

	for (i = 0; i < 16; i++)
		pass[i] ^= digest[i];

	while (i < passlen) {
		MD5Init(&md5ctx);
		MD5Update(&md5ctx, s, s_len);
		MD5Update(&md5ctx, &pass[i - 16], 16);
		MD5Final(digest, &md5ctx);

		for (j = 0; j < 16; j++, i++)
			pass[i] ^= digest[j];
	}

	if (radius_put_raw_attr(radpkt, RADIUS_TYPE_USER_PASSWORD, pass,
	    passlen) != 0)
		goto fail;

	radius_request(_this->radctx, radpkt);

	return;
fail:
	if (_this->radctx != NULL)
		radius_cancel_request(_this->radctx);
	pap_log(_this, LOG_ERR, "%s() failed: %m", __func__);
	pap_response(_this, 0, DEFAULT_ERROR_MESSAGE);

	return;
}

static void
pap_radius_response(void *context, RADIUS_PACKET *pkt, int flags,
    RADIUS_REQUEST_CTX reqctx)
{
	int code = -1;
	const char *reason = NULL;
	RADIUS_REQUEST_CTX radctx;
	pap *_this;

	_this = context;
	radctx = _this->radctx;
	_this->radctx = NULL;	/* important */

	if (pkt == NULL) {
		if (flags & RADIUS_REQUEST_TIMEOUT)
			reason = "timeout";
		else if (flags & RADIUS_REQUEST_ERROR)
			reason = strerror(errno);
		else
			reason = "error";
		goto auth_failed;
	}
	code = radius_get_code(pkt);
	if (code == RADIUS_CODE_ACCESS_REJECT) {
		reason="reject";
		goto auth_failed;
	} else if (code != RADIUS_CODE_ACCESS_ACCEPT) {
		reason="error";
		goto auth_failed;
	}
	if ((flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_OK) == 0 &&
	    (flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_NO_CHECK) == 0) {
		reason="bad_authenticator";
		goto auth_failed;
	}
	/* Autentication succeeded */
	pap_response(_this, 1, DEFAULT_SUCCESS_MESSAGE);
	ppp_process_radius_framed_ip(_this->ppp, pkt);

	return;
auth_failed:
	/* Autentication failure */
	pap_log(_this, LOG_WARNING, "Radius authentication request failed: %s",
	    reason);
	/* log reply messages from radius server */
	if (pkt != NULL) {
		char radmsg[255], vissed[1024];
		size_t rmlen = 0;
		if ((radius_get_raw_attr(pkt, RADIUS_TYPE_REPLY_MESSAGE,
		    radmsg, &rmlen)) == 0) {
			if (rmlen != 0) {
				strvisx(vissed, radmsg, rmlen, VIS_WHITE);
				pap_log(_this, LOG_WARNING,
				    "Radius reply message: %s", vissed);
			}
		}
	}

	pap_response(_this, 0, DEFAULT_FAILURE_MESSAGE);
}
#endif


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: pap.c,v 1.10 2016/03/22 04:11:27 yasuoka Exp $ */
2
3			/*-
4			* Copyright (c) 2009 Internet Initiative Japan Inc.
5			* All rights reserved.
6			*
7			* Redistribution and use in source and binary forms, with or without
8			* modification, are permitted provided that the following conditions
9			* are met:
10			* 1. Redistributions of source code must retain the above copyright
11			* notice, this list of conditions and the following disclaimer.
12			* 2. Redistributions in binary form must reproduce the above copyright
13			* notice, this list of conditions and the following disclaimer in the
14			* documentation and/or other materials provided with the distribution.
15			*
16			* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17			* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19			* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20			* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21			* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22			* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24			* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25			* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26			* SUCH DAMAGE.
27			*/
28			/* $Id: pap.c,v 1.10 2016/03/22 04:11:27 yasuoka Exp $ */
29			/**@file
30			* This file provides Password Authentication Protocol (PAP) handlers.
31			* @author Yasuoka Masahiko
32			*/
33			#include <sys/types.h>
34			#include <sys/socket.h>
35			#include <sys/time.h>
36			#include <net/if_dl.h>
37			#include <netinet/in.h>
38
39			#include <event.h>
40			#include <md5.h>
41			#include <stdarg.h>
42			#include <stdio.h>
43			#include <stdlib.h>
44			#include <string.h>
45			#include <syslog.h>
46			#include <errno.h>
47			#include <vis.h>
48
49			#include "slist.h"
50			#include "npppd.h"
51			#include "ppp.h"
52
53			#ifdef USE_NPPPD_RADIUS
54			#include <radius.h>
55			#include "radius_chap_const.h"
56			#include "npppd_radius.h"
57			#endif
58
59			#include "debugutil.h"
60
61			#define AUTHREQ 0x01
62			#define AUTHACK 0x02
63			#define AUTHNAK 0x03
64
65			#define PAP_STATE_INITIAL 0
66			#define PAP_STATE_STARTING 1
67			#define PAP_STATE_AUTHENTICATING 2
68			#define PAP_STATE_SENT_RESPONSE 3
69			#define PAP_STATE_STOPPED 4
70			#define PAP_STATE_PROXY_AUTHENTICATION 5
71
72			#define DEFAULT_SUCCESS_MESSAGE "OK"
73			#define DEFAULT_FAILURE_MESSAGE "Unknown username or password"
74			#define DEFAULT_ERROR_MESSAGE "Unknown failure"
75
76			#ifdef PAP_DEBUG
77			#define PAP_DBG(x) pap_log x
78			#define PAP_ASSERT(cond) \
79			if (!(cond)) { \
80			fprintf(stderr, \
81			"\nASSERT(" #cond ") failed on %s() at %s:%d.\n"\
82			, __func__, __FILE__, __LINE__); \
83			abort(); \
84			}
85			#else
86			#define PAP_ASSERT(cond)
87			#define PAP_DBG(x)
88			#endif
89
90			static void pap_log (pap , uint32_t, const char , ...) __printflike(3,4);
91			static void pap_response (pap , int, const char );
92			static void pap_authenticate(pap , const char );
93			static void pap_local_authenticate (pap , const char , const char *);
94			#ifdef USE_NPPPD_RADIUS
95			static void pap_radius_authenticate (pap , const char , const char *);
96			static void pap_radius_response (void , RADIUS_PACKET , int, RADIUS_REQUEST_CTX);
97			#endif
98
99			#ifdef __cplusplus
100			extern "C" {
101			#endif
102
103			void pap_init (pap , npppd_ppp );
104			int pap_start (pap *);
105			int pap_stop (pap *);
106			int pap_input (pap , u_char , int);
107
108			#ifdef __cplusplus
109			}
110			#endif
111
112			void
113			pap_init(pap _this, npppd_ppp ppp)
114			{
115			_this->ppp = ppp;
116			_this->state = PAP_STATE_INITIAL;
117			_this->auth_id = -1;
118			}
119
120			int
121			pap_start(pap *_this)
122			{
123			pap_log(_this, LOG_DEBUG, "%s", __func__);
124
125			if (_this->state == PAP_STATE_PROXY_AUTHENTICATION) {
126			_this->state = PAP_STATE_AUTHENTICATING;
127			pap_authenticate(_this, _this->ppp->proxy_authen_resp);
128			return 0;
129			}
130
131			_this->state = PAP_STATE_STARTING;
132			return 0;
133			}
134
135			int
136			pap_stop(pap *_this)
137			{
138			_this->state = PAP_STATE_STOPPED;
139			_this->auth_id = -1;
140
141			#ifdef USE_NPPPD_RADIUS
142			if (_this->radctx != NULL) {
143			radius_cancel_request(_this->radctx);
144			_this->radctx = NULL;
145			}
146			#endif
147			return 0;
148			}
149
150			/** Receiving PAP packet */
151			int
152			pap_input(pap _this, u_char pktp, int lpktp)
153			{
154			int code, id, length, len;
155			u_char *pktp1;
156			char name[MAX_USERNAME_LENGTH], password[MAX_PASSWORD_LENGTH];
157
158			if (_this->state == PAP_STATE_STOPPED \|\|
159			_this->state == PAP_STATE_INITIAL) {
160			pap_log(_this, LOG_ERR, "Received pap packet. But pap is "
161			"not started.");
162			return -1;
163			}
164			pktp1 = pktp;
165
166			GETCHAR(code, pktp1);
167			GETCHAR(id, pktp1);
168			GETSHORT(length, pktp1);
169
170			if (code != AUTHREQ) {
171			pap_log(_this, LOG_ERR, "%s: Received unknown code=%d",
172			__func__, code);
173			return -1;
174			}
175			if (lpktp < length) {
176			pap_log(_this, LOG_ERR, "%s: Received broken packet.",
177			__func__);
178			return -1;
179			}
180
181			/* retribute the username */
182			#define remlen (lpktp - (pktp1 - pktp))
183			if (remlen < 1)
184			goto fail;
185			GETCHAR(len, pktp1);
186			if (len <= 0)
187			goto fail;
188			if (remlen < len)
189			goto fail;
190			if (len > 0)
191			memcpy(name, pktp1, len);
192			name[len] = '\0';
193			pktp1 += len;
194
195			if (_this->state != PAP_STATE_STARTING) {
196			/*
197			* Receiving identical message again, it must be the message
198			* retransmit by the peer. Continue if the username is same.
199			*/
200			if ((_this->state == PAP_STATE_AUTHENTICATING \|\|
201			_this->state == PAP_STATE_SENT_RESPONSE) &&
202			strcmp(_this->name, name) == 0) {
203			/* continue */
204			} else {
205			pap_log(_this, LOG_ERR,
206			"Received AuthReq is not same as before. "
207			"(%d,%s) != (%d,%s)", id, name, _this->auth_id,
208			_this->name);
209			_this->auth_id = id;
210			goto fail;
211			}
212			}
213			if (_this->state == PAP_STATE_AUTHENTICATING)
214			return 0;
215			_this->auth_id = id;
216			strlcpy(_this->name, name, sizeof(_this->name));
217
218			_this->state = PAP_STATE_AUTHENTICATING;
219
220			/* retribute the password */
221			if (remlen < 1)
222			goto fail;
223			GETCHAR(len, pktp1);
224			if (remlen < len)
225			goto fail;
226			if (len > 0)
227			memcpy(password, pktp1, len);
228
229			password[len] = '\0';
230			pap_authenticate(_this, password);
231
232			return 0;
233			fail:
234			pap_response(_this, 0, DEFAULT_FAILURE_MESSAGE);
235			return -1;
236			}
237
238			static void
239			pap_authenticate(pap _this, const char password)
240			{
241			if (npppd_ppp_bind_realm(_this->ppp->pppd, _this->ppp, _this->name, 0)
242			== 0) {
243			if (!npppd_ppp_is_realm_ready(_this->ppp->pppd, _this->ppp)) {
244			pap_log(_this, LOG_INFO,
245			"username=\"%s\" realm is not ready.", _this->name);
246			goto fail;
247			/* NOTREACHED */
248			}
249			#if USE_NPPPD_RADIUS
250			if (npppd_ppp_is_realm_radius(_this->ppp->pppd, _this->ppp)) {
251			pap_radius_authenticate(_this, _this->name, password);
252			return;
253			/* NOTREACHED */
254			} else
255			#endif
256			if (npppd_ppp_is_realm_local(_this->ppp->pppd, _this->ppp)) {
257			pap_local_authenticate(_this, _this->name, password);
258			return;
259			/* NOTREACHED */
260			}
261			}
262			fail:
263			pap_response(_this, 0, DEFAULT_FAILURE_MESSAGE);
264			}
265
266			static void
267			pap_log(pap _this, uint32_t prio, const char fmt, ...)
268			{
269			char logbuf[BUFSIZ];
270			va_list ap;
271
272			va_start(ap, fmt);
273			snprintf(logbuf, sizeof(logbuf), "ppp id=%u layer=pap %s",
274			_this->ppp->id, fmt);
275			vlog_printf(prio, logbuf, ap);
276			va_end(ap);
277			}
278
279			static void
280			pap_response(pap _this, int authok, const char mes)
281			{
282			int lpktp, lmes;
283			u_char pktp, pktp1;
284			const char *realm;
285
286			pktp = ppp_packetbuf(_this->ppp, PPP_PROTO_PAP) + HEADERLEN;
287			lpktp = _this->ppp->mru - HEADERLEN;
288			realm = npppd_ppp_get_realm_name(_this->ppp->pppd, _this->ppp);
289
290			pktp1 = pktp;
291			if (mes == NULL)
292			lmes = 0;
293			else
294			lmes = strlen(mes);
295			lmes = MINIMUM(lmes, lpktp - 1);
296
297			PUTCHAR(lmes, pktp1);
298			if (lmes > 0)
299			memcpy(pktp1, mes, lmes);
300			lpktp = lmes + 1;
301
302			if (authok)
303			ppp_output(_this->ppp, PPP_PROTO_PAP, AUTHACK, _this->auth_id,
304			pktp, lpktp);
305			else
306			ppp_output(_this->ppp, PPP_PROTO_PAP, AUTHNAK, _this->auth_id,
307			pktp, lpktp);
308
309			if (!authok) {
310			pap_log(_this, LOG_ALERT,
311			"logtype=Failure username=\"%s\" realm=%s", _this->name,
312			realm);
313			pap_stop(_this);
314			ppp_set_disconnect_cause(_this->ppp,
315			PPP_DISCON_AUTH_FAILED, PPP_PROTO_PAP, 1 /* peer */, NULL);
316			ppp_stop(_this->ppp, "Authentication Required");
317			} else {
318			strlcpy(_this->ppp->username, _this->name,
319			sizeof(_this->ppp->username));
320			pap_log(_this, LOG_INFO,
321			"logtype=Success username=\"%s\" realm=%s", _this->name,
322			realm);
323			pap_stop(_this);
324			ppp_auth_ok(_this->ppp);
325			/* reset the state to response request of retransmision. */
326			_this->state = PAP_STATE_SENT_RESPONSE;
327			}
328			}
329
330			static void
331			pap_local_authenticate(pap _this, const char username, const char *password)
332			{
333			int lpassword0;
334			char password0[MAX_PASSWORD_LENGTH];
335
336			lpassword0 = sizeof(password0);
337
338			if (npppd_get_user_password(_this->ppp->pppd, _this->ppp, username,
339			password0, &lpassword0) == 0) {
340			if (!strcmp(password0, password)) {
341			pap_response(_this, 1, DEFAULT_SUCCESS_MESSAGE);
342			return;
343			}
344			}
345			pap_response(_this, 0, DEFAULT_FAILURE_MESSAGE);
346			}
347
348			/***********************************************************************
349			* Proxy Authentication
350			***********************************************************************/
351			int
352			pap_proxy_authen_prepare(pap _this, dialin_proxy_info dpi)
353			{
354
355			PAP_ASSERT(dpi->auth_type == PPP_AUTH_PAP);
356			PAP_ASSERT(_this->state == PAP_STATE_INITIAL);
357
358			_this->auth_id = dpi->auth_id;
359			if (strlen(dpi->username) >= sizeof(_this->name)) {
360			pap_log(_this, LOG_NOTICE,
361			"\"Proxy Authen Name\" is too long.");
362			return -1;
363			}
364
365			/* copy the authenticaiton properties */
366			PAP_ASSERT(_this->ppp->proxy_authen_resp == NULL);
367			if ((_this->ppp->proxy_authen_resp = malloc(dpi->lauth_resp + 1)) ==
368			NULL) {
369			pap_log(_this, LOG_ERR, "malloc() failed in %s(): %m",
370			__func__);
371			return -1;
372			}
373			memcpy(_this->ppp->proxy_authen_resp, dpi->auth_resp,
374			dpi->lauth_resp);
375			_this->ppp->proxy_authen_resp[dpi->lauth_resp] = '\0';
376			strlcpy(_this->name, dpi->username, sizeof(_this->name));
377
378			_this->state = PAP_STATE_PROXY_AUTHENTICATION;
379
380			return 0;
381			}
382
383			#ifdef USE_NPPPD_RADIUS
384			static void
385			pap_radius_authenticate(pap _this, const char username, const char *password)
386			{
387			void *radctx;
388			RADIUS_PACKET *radpkt;
389			MD5_CTX md5ctx;
390			int i, j, s_len, passlen;
391			u_char ra[16], digest[16], pass[128];
392			const char *s;
393			radius_req_setting *rad_setting = NULL;
394			char buf0[MAX_USERNAME_LENGTH];
395
396			if ((rad_setting = npppd_get_radius_auth_setting(_this->ppp->pppd,
397			_this->ppp)) == NULL)
398			goto fail;
399
400			if ((radpkt = radius_new_request_packet(RADIUS_CODE_ACCESS_REQUEST))
401			== NULL)
402			goto fail;
403
404			if (radius_prepare(rad_setting, _this, &radctx, pap_radius_response)
405			!= 0) {
406			radius_delete_packet(radpkt);
407			goto fail;
408			}
409
410			if (ppp_set_radius_attrs_for_authreq(_this->ppp, rad_setting, radpkt)
411			!= 0)
412			goto fail;
413
414			if (radius_put_string_attr(radpkt, RADIUS_TYPE_USER_NAME,
415			npppd_ppp_get_username_for_auth(_this->ppp->pppd, _this->ppp,
416			username, buf0)) != 0)
417			goto fail;
418
419			if (_this->radctx != NULL)
420			radius_cancel_request(_this->radctx);
421
422			_this->radctx = radctx;
423
424			/* Create RADIUS User-Password Attribute (RFC 2865, 5.2.) */
425			s = radius_get_server_secret(_this->radctx);
426			s_len = strlen(s);
427
428			memset(pass, 0, sizeof(pass)); /* null padding */
429			passlen = MINIMUM(strlen(password), sizeof(pass));
430			memcpy(pass, password, passlen);
431			if ((passlen % 16) != 0)
432			passlen += 16 - (passlen % 16);
433
434			radius_get_authenticator(radpkt, ra);
435
436			MD5Init(&md5ctx);
437			MD5Update(&md5ctx, s, s_len);
438			MD5Update(&md5ctx, ra, 16);
439			MD5Final(digest, &md5ctx);
440
441			for (i = 0; i < 16; i++)
442			pass[i] ^= digest[i];
443
444			while (i < passlen) {
445			MD5Init(&md5ctx);
446			MD5Update(&md5ctx, s, s_len);
447			MD5Update(&md5ctx, &pass[i - 16], 16);
448			MD5Final(digest, &md5ctx);
449
450			for (j = 0; j < 16; j++, i++)
451			pass[i] ^= digest[j];
452			}
453
454			if (radius_put_raw_attr(radpkt, RADIUS_TYPE_USER_PASSWORD, pass,
455			passlen) != 0)
456			goto fail;
457
458			radius_request(_this->radctx, radpkt);
459
460			return;
461			fail:
462			if (_this->radctx != NULL)
463			radius_cancel_request(_this->radctx);
464			pap_log(_this, LOG_ERR, "%s() failed: %m", __func__);
465			pap_response(_this, 0, DEFAULT_ERROR_MESSAGE);
466
467			return;
468			}
469
470			static void
471			pap_radius_response(void context, RADIUS_PACKET pkt, int flags,
472			RADIUS_REQUEST_CTX reqctx)
473			{
474			int code = -1;
475			const char *reason = NULL;
476			RADIUS_REQUEST_CTX radctx;
477			pap *_this;
478
479			_this = context;
480			radctx = _this->radctx;
481			_this->radctx = NULL; /* important */
482
483			if (pkt == NULL) {
484			if (flags & RADIUS_REQUEST_TIMEOUT)
485			reason = "timeout";
486			else if (flags & RADIUS_REQUEST_ERROR)
487			reason = strerror(errno);
488			else
489			reason = "error";
490			goto auth_failed;
491			}
492			code = radius_get_code(pkt);
493			if (code == RADIUS_CODE_ACCESS_REJECT) {
494			reason="reject";
495			goto auth_failed;
496			} else if (code != RADIUS_CODE_ACCESS_ACCEPT) {
497			reason="error";
498			goto auth_failed;
499			}
500			if ((flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_OK) == 0 &&
501			(flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_NO_CHECK) == 0) {
502			reason="bad_authenticator";
503			goto auth_failed;
504			}
505			/* Autentication succeeded */
506			pap_response(_this, 1, DEFAULT_SUCCESS_MESSAGE);
507			ppp_process_radius_framed_ip(_this->ppp, pkt);
508
509			return;
510			auth_failed:
511			/* Autentication failure */
512			pap_log(_this, LOG_WARNING, "Radius authentication request failed: %s",
513			reason);
514			/* log reply messages from radius server */
515			if (pkt != NULL) {
516			char radmsg[255], vissed[1024];
517			size_t rmlen = 0;
518			if ((radius_get_raw_attr(pkt, RADIUS_TYPE_REPLY_MESSAGE,
519			radmsg, &rmlen)) == 0) {
520			if (rmlen != 0) {
521			strvisx(vissed, radmsg, rmlen, VIS_WHITE);
522			pap_log(_this, LOG_WARNING,
523			"Radius reply message: %s", vissed);
524			}
525			}
526			}
527
528			pap_response(_this, 0, DEFAULT_FAILURE_MESSAGE);
529			}
530			#endif