GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.sbin/pppd/upap.c Lines: 0 206 0.0 %
Date: 2017-11-13 Branches: 0 100 0.0 %

Line Branch Exec Source
1
/*	$OpenBSD: upap.c,v 1.10 2009/10/27 23:59:53 deraadt Exp $	*/
2
3
/*
4
 * upap.c - User/Password Authentication Protocol.
5
 *
6
 * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. The name "Carnegie Mellon University" must not be used to
21
 *    endorse or promote products derived from this software without
22
 *    prior written permission. For permission or any legal
23
 *    details, please contact
24
 *      Office of Technology Transfer
25
 *      Carnegie Mellon University
26
 *      5000 Forbes Avenue
27
 *      Pittsburgh, PA  15213-3890
28
 *      (412) 268-4387, fax: (412) 268-7395
29
 *      tech-transfer@andrew.cmu.edu
30
 *
31
 * 4. Redistributions of any form whatsoever must retain the following
32
 *    acknowledgment:
33
 *    "This product includes software developed by Computing Services
34
 *     at Carnegie Mellon University (http://www.cmu.edu/computing/)."
35
 *
36
 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
37
 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
38
 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
39
 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
40
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
41
 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
42
 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
43
 */
44
45
/*
46
 * TODO:
47
 */
48
49
#include <stdio.h>
50
#include <string.h>
51
#include <sys/types.h>
52
#include <sys/time.h>
53
#include <syslog.h>
54
55
#include "pppd.h"
56
#include "upap.h"
57
58
/*
59
 * Protocol entry points.
60
 */
61
static void upap_init(int);
62
static void upap_lowerup(int);
63
static void upap_lowerdown(int);
64
static void upap_input(int, u_char *, int);
65
static void upap_protrej(int);
66
static int  upap_printpkt(u_char *, int, void (*)(void *, char *, ...), void *);
67
68
struct protent pap_protent = {
69
    PPP_PAP,
70
    upap_init,
71
    upap_input,
72
    upap_protrej,
73
    upap_lowerup,
74
    upap_lowerdown,
75
    NULL,
76
    NULL,
77
    upap_printpkt,
78
    NULL,
79
    1,
80
    "PAP",
81
    NULL,
82
    NULL,
83
    NULL
84
};
85
86
upap_state upap[NUM_PPP];		/* UPAP state; one for each unit */
87
88
static void upap_timeout(void *);
89
static void upap_reqtimeout(void *);
90
static void upap_rauthreq(upap_state *, u_char *, int, int);
91
static void upap_rauthack(upap_state *, u_char *, int, int);
92
static void upap_rauthnak(upap_state *, u_char *, int, int);
93
static void upap_sauthreq(upap_state *);
94
static void upap_sresp(upap_state *, int, int, char *, int);
95
96
97
/*
98
 * upap_init - Initialize a UPAP unit.
99
 */
100
static void
101
upap_init(unit)
102
    int unit;
103
{
104
    upap_state *u = &upap[unit];
105
106
    u->us_unit = unit;
107
    u->us_user = NULL;
108
    u->us_userlen = 0;
109
    u->us_passwd = NULL;
110
    u->us_passwdlen = 0;
111
    u->us_clientstate = UPAPCS_INITIAL;
112
    u->us_serverstate = UPAPSS_INITIAL;
113
    u->us_id = 0;
114
    u->us_timeouttime = UPAP_DEFTIMEOUT;
115
    u->us_maxtransmits = 10;
116
    u->us_reqtimeout = UPAP_DEFREQTIME;
117
}
118
119
120
/*
121
 * upap_authwithpeer - Authenticate us with our peer (start client).
122
 *
123
 * Set new state and send authenticate's.
124
 */
125
void
126
upap_authwithpeer(unit, user, password)
127
    int unit;
128
    char *user, *password;
129
{
130
    upap_state *u = &upap[unit];
131
132
    /* Save the username and password we're given */
133
    u->us_user = user;
134
    u->us_userlen = strlen(user);
135
    u->us_passwd = password;
136
    u->us_passwdlen = strlen(password);
137
    u->us_transmits = 0;
138
139
    /* Lower layer up yet? */
140
    if (u->us_clientstate == UPAPCS_INITIAL ||
141
	u->us_clientstate == UPAPCS_PENDING) {
142
	u->us_clientstate = UPAPCS_PENDING;
143
	return;
144
    }
145
146
    upap_sauthreq(u);			/* Start protocol */
147
}
148
149
150
/*
151
 * upap_authpeer - Authenticate our peer (start server).
152
 *
153
 * Set new state.
154
 */
155
void
156
upap_authpeer(unit)
157
    int unit;
158
{
159
    upap_state *u = &upap[unit];
160
161
    /* Lower layer up yet? */
162
    if (u->us_serverstate == UPAPSS_INITIAL ||
163
	u->us_serverstate == UPAPSS_PENDING) {
164
	u->us_serverstate = UPAPSS_PENDING;
165
	return;
166
    }
167
168
    u->us_serverstate = UPAPSS_LISTEN;
169
    if (u->us_reqtimeout > 0)
170
	TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
171
}
172
173
174
/*
175
 * upap_timeout - Retransmission timer for sending auth-reqs expired.
176
 */
177
static void
178
upap_timeout(arg)
179
    void *arg;
180
{
181
    upap_state *u = (upap_state *) arg;
182
183
    if (u->us_clientstate != UPAPCS_AUTHREQ)
184
	return;
185
186
    if (u->us_transmits >= u->us_maxtransmits) {
187
	/* give up in disgust */
188
	syslog(LOG_ERR, "No response to PAP authenticate-requests");
189
	u->us_clientstate = UPAPCS_BADAUTH;
190
	auth_withpeer_fail(u->us_unit, PPP_PAP);
191
	return;
192
    }
193
194
    upap_sauthreq(u);		/* Send Authenticate-Request */
195
}
196
197
198
/*
199
 * upap_reqtimeout - Give up waiting for the peer to send an auth-req.
200
 */
201
static void
202
upap_reqtimeout(arg)
203
    void *arg;
204
{
205
    upap_state *u = (upap_state *) arg;
206
207
    if (u->us_serverstate != UPAPSS_LISTEN)
208
	return;			/* huh?? */
209
210
    auth_peer_fail(u->us_unit, PPP_PAP);
211
    u->us_serverstate = UPAPSS_BADAUTH;
212
}
213
214
215
/*
216
 * upap_lowerup - The lower layer is up.
217
 *
218
 * Start authenticating if pending.
219
 */
220
static void
221
upap_lowerup(unit)
222
    int unit;
223
{
224
    upap_state *u = &upap[unit];
225
226
    if (u->us_clientstate == UPAPCS_INITIAL)
227
	u->us_clientstate = UPAPCS_CLOSED;
228
    else if (u->us_clientstate == UPAPCS_PENDING) {
229
	upap_sauthreq(u);	/* send an auth-request */
230
    }
231
232
    if (u->us_serverstate == UPAPSS_INITIAL)
233
	u->us_serverstate = UPAPSS_CLOSED;
234
    else if (u->us_serverstate == UPAPSS_PENDING) {
235
	u->us_serverstate = UPAPSS_LISTEN;
236
	if (u->us_reqtimeout > 0)
237
	    TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
238
    }
239
}
240
241
242
/*
243
 * upap_lowerdown - The lower layer is down.
244
 *
245
 * Cancel all timeouts.
246
 */
247
static void
248
upap_lowerdown(unit)
249
    int unit;
250
{
251
    upap_state *u = &upap[unit];
252
253
    if (u->us_clientstate == UPAPCS_AUTHREQ)	/* Timeout pending? */
254
	UNTIMEOUT(upap_timeout, u);	/* Cancel timeout */
255
    if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0)
256
	UNTIMEOUT(upap_reqtimeout, u);
257
258
    u->us_clientstate = UPAPCS_INITIAL;
259
    u->us_serverstate = UPAPSS_INITIAL;
260
}
261
262
263
/*
264
 * upap_protrej - Peer doesn't speak this protocol.
265
 *
266
 * This shouldn't happen.  In any case, pretend lower layer went down.
267
 */
268
static void
269
upap_protrej(unit)
270
    int unit;
271
{
272
    upap_state *u = &upap[unit];
273
274
    if (u->us_clientstate == UPAPCS_AUTHREQ) {
275
	syslog(LOG_ERR, "PAP authentication failed due to protocol-reject");
276
	auth_withpeer_fail(unit, PPP_PAP);
277
    }
278
    if (u->us_serverstate == UPAPSS_LISTEN) {
279
	syslog(LOG_ERR, "PAP authentication of peer failed (protocol-reject)");
280
	auth_peer_fail(unit, PPP_PAP);
281
    }
282
    upap_lowerdown(unit);
283
}
284
285
286
/*
287
 * upap_input - Input UPAP packet.
288
 */
289
static void
290
upap_input(unit, inpacket, l)
291
    int unit;
292
    u_char *inpacket;
293
    int l;
294
{
295
    upap_state *u = &upap[unit];
296
    u_char *inp;
297
    u_char code, id;
298
    int len;
299
300
    /*
301
     * Parse header (code, id and length).
302
     * If packet too short, drop it.
303
     */
304
    inp = inpacket;
305
    if (l < UPAP_HEADERLEN) {
306
	UPAPDEBUG((LOG_INFO, "pap_input: rcvd short header."));
307
	return;
308
    }
309
    GETCHAR(code, inp);
310
    GETCHAR(id, inp);
311
    GETSHORT(len, inp);
312
    if (len < UPAP_HEADERLEN) {
313
	UPAPDEBUG((LOG_INFO, "pap_input: rcvd illegal length."));
314
	return;
315
    }
316
    if (len > l) {
317
	UPAPDEBUG((LOG_INFO, "pap_input: rcvd short packet."));
318
	return;
319
    }
320
    len -= UPAP_HEADERLEN;
321
322
    /*
323
     * Action depends on code.
324
     */
325
    switch (code) {
326
    case UPAP_AUTHREQ:
327
	upap_rauthreq(u, inp, id, len);
328
	break;
329
330
    case UPAP_AUTHACK:
331
	upap_rauthack(u, inp, id, len);
332
	break;
333
334
    case UPAP_AUTHNAK:
335
	upap_rauthnak(u, inp, id, len);
336
	break;
337
338
    default:				/* XXX Need code reject */
339
	break;
340
    }
341
}
342
343
344
/*
345
 * upap_rauth - Receive Authenticate.
346
 */
347
static void
348
upap_rauthreq(u, inp, id, len)
349
    upap_state *u;
350
    u_char *inp;
351
    int id;
352
    int len;
353
{
354
    u_char ruserlen, rpasswdlen;
355
    char *ruser, *rpasswd;
356
    int retcode;
357
    char *msg;
358
    int msglen;
359
360
    UPAPDEBUG((LOG_INFO, "pap_rauth: Rcvd id %d.", id));
361
362
    if (u->us_serverstate < UPAPSS_LISTEN)
363
	return;
364
365
    /*
366
     * If we receive a duplicate authenticate-request, we are
367
     * supposed to return the same status as for the first request.
368
     */
369
    if (u->us_serverstate == UPAPSS_OPEN) {
370
	upap_sresp(u, UPAP_AUTHACK, id, "", 0);	/* return auth-ack */
371
	return;
372
    }
373
    if (u->us_serverstate == UPAPSS_BADAUTH) {
374
	upap_sresp(u, UPAP_AUTHNAK, id, "", 0);	/* return auth-nak */
375
	return;
376
    }
377
378
    /*
379
     * Parse user/passwd.
380
     */
381
    if (len < sizeof (u_char)) {
382
	UPAPDEBUG((LOG_INFO, "pap_rauth: rcvd short packet."));
383
	return;
384
    }
385
    GETCHAR(ruserlen, inp);
386
    len -= sizeof (u_char) + ruserlen + sizeof (u_char);
387
    if (len < 0) {
388
	UPAPDEBUG((LOG_INFO, "pap_rauth: rcvd short packet."));
389
	return;
390
    }
391
    ruser = (char *) inp;
392
    INCPTR(ruserlen, inp);
393
    GETCHAR(rpasswdlen, inp);
394
    if (len < rpasswdlen) {
395
	UPAPDEBUG((LOG_INFO, "pap_rauth: rcvd short packet."));
396
	return;
397
    }
398
    rpasswd = (char *) inp;
399
400
    /*
401
     * Check the username and password given.
402
     */
403
    retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd,
404
			   rpasswdlen, &msg, &msglen);
405
    BZERO(rpasswd, rpasswdlen);
406
407
    upap_sresp(u, retcode, id, msg, msglen);
408
409
    if (retcode == UPAP_AUTHACK) {
410
	u->us_serverstate = UPAPSS_OPEN;
411
	auth_peer_success(u->us_unit, PPP_PAP, ruser, ruserlen);
412
    } else {
413
	u->us_serverstate = UPAPSS_BADAUTH;
414
	auth_peer_fail(u->us_unit, PPP_PAP);
415
    }
416
417
    if (u->us_reqtimeout > 0)
418
	UNTIMEOUT(upap_reqtimeout, u);
419
}
420
421
422
/*
423
 * upap_rauthack - Receive Authenticate-Ack.
424
 */
425
static void
426
upap_rauthack(u, inp, id, len)
427
    upap_state *u;
428
    u_char *inp;
429
    int id;
430
    int len;
431
{
432
    u_char msglen;
433
    char *msg;
434
435
    UPAPDEBUG((LOG_INFO, "pap_rauthack: Rcvd id %d.", id));
436
    if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */
437
	return;
438
439
    /*
440
     * Parse message.
441
     */
442
    if (len < sizeof (u_char)) {
443
	UPAPDEBUG((LOG_INFO, "pap_rauthack: rcvd short packet."));
444
	return;
445
    }
446
    GETCHAR(msglen, inp);
447
    len -= sizeof (u_char);
448
    if (len < msglen) {
449
	UPAPDEBUG((LOG_INFO, "pap_rauthack: rcvd short packet."));
450
	return;
451
    }
452
    msg = (char *) inp;
453
    PRINTMSG(msg, msglen);
454
455
    u->us_clientstate = UPAPCS_OPEN;
456
457
    auth_withpeer_success(u->us_unit, PPP_PAP);
458
}
459
460
461
/*
462
 * upap_rauthnak - Receive Authenticate-Nakk.
463
 */
464
static void
465
upap_rauthnak(u, inp, id, len)
466
    upap_state *u;
467
    u_char *inp;
468
    int id;
469
    int len;
470
{
471
    u_char msglen;
472
    char *msg;
473
474
    UPAPDEBUG((LOG_INFO, "pap_rauthnak: Rcvd id %d.", id));
475
    if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */
476
	return;
477
478
    /*
479
     * Parse message.
480
     */
481
    if (len < sizeof (u_char)) {
482
	UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet."));
483
	return;
484
    }
485
    GETCHAR(msglen, inp);
486
    len -= sizeof (u_char);
487
    if (len < msglen) {
488
	UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet."));
489
	return;
490
    }
491
    msg = (char *) inp;
492
    PRINTMSG(msg, msglen);
493
494
    u->us_clientstate = UPAPCS_BADAUTH;
495
496
    syslog(LOG_ERR, "PAP authentication failed");
497
    auth_withpeer_fail(u->us_unit, PPP_PAP);
498
}
499
500
501
/*
502
 * upap_sauthreq - Send an Authenticate-Request.
503
 */
504
static void
505
upap_sauthreq(u)
506
    upap_state *u;
507
{
508
    u_char *outp;
509
    int outlen;
510
511
    outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) +
512
	u->us_userlen + u->us_passwdlen;
513
    outp = outpacket_buf;
514
515
    MAKEHEADER(outp, PPP_PAP);
516
517
    PUTCHAR(UPAP_AUTHREQ, outp);
518
    PUTCHAR(++u->us_id, outp);
519
    PUTSHORT(outlen, outp);
520
    PUTCHAR(u->us_userlen, outp);
521
    BCOPY(u->us_user, outp, u->us_userlen);
522
    INCPTR(u->us_userlen, outp);
523
    PUTCHAR(u->us_passwdlen, outp);
524
    BCOPY(u->us_passwd, outp, u->us_passwdlen);
525
526
    output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
527
528
    UPAPDEBUG((LOG_INFO, "pap_sauth: Sent id %d.", u->us_id));
529
530
    TIMEOUT(upap_timeout, u, u->us_timeouttime);
531
    ++u->us_transmits;
532
    u->us_clientstate = UPAPCS_AUTHREQ;
533
}
534
535
536
/*
537
 * upap_sresp - Send a response (ack or nak).
538
 */
539
static void
540
upap_sresp(u, code, id, msg, msglen)
541
    upap_state *u;
542
    u_char code, id;
543
    char *msg;
544
    int msglen;
545
{
546
    u_char *outp;
547
    int outlen;
548
549
    outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
550
    outp = outpacket_buf;
551
    MAKEHEADER(outp, PPP_PAP);
552
553
    PUTCHAR(code, outp);
554
    PUTCHAR(id, outp);
555
    PUTSHORT(outlen, outp);
556
    PUTCHAR(msglen, outp);
557
    BCOPY(msg, outp, msglen);
558
    output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
559
560
    UPAPDEBUG((LOG_INFO, "pap_sresp: Sent code %d, id %d.", code, id));
561
}
562
563
/*
564
 * upap_printpkt - print the contents of a PAP packet.
565
 */
566
static char *upap_codenames[] = {
567
    "AuthReq", "AuthAck", "AuthNak"
568
};
569
570
static int
571
upap_printpkt(p, plen, printer, arg)
572
    u_char *p;
573
    int plen;
574
    void (*printer)(void *, char *, ...);
575
    void *arg;
576
{
577
    int code, id, len;
578
    int mlen, ulen, wlen;
579
    char *user, *pwd, *msg;
580
    u_char *pstart;
581
582
    if (plen < UPAP_HEADERLEN)
583
	return 0;
584
    pstart = p;
585
    GETCHAR(code, p);
586
    GETCHAR(id, p);
587
    GETSHORT(len, p);
588
    if (len < UPAP_HEADERLEN || len > plen)
589
	return 0;
590
591
    if (code >= 1 && code <= sizeof(upap_codenames) / sizeof(char *))
592
	printer(arg, " %s", upap_codenames[code-1]);
593
    else
594
	printer(arg, " code=0x%x", code);
595
    printer(arg, " id=0x%x", id);
596
    len -= UPAP_HEADERLEN;
597
    switch (code) {
598
    case UPAP_AUTHREQ:
599
	if (len < 1)
600
	    break;
601
	ulen = p[0];
602
	if (len < ulen + 2)
603
	    break;
604
	wlen = p[ulen + 1];
605
	if (len < ulen + wlen + 2)
606
	    break;
607
	user = (char *) (p + 1);
608
	pwd = (char *) (p + ulen + 2);
609
	p += ulen + wlen + 2;
610
	len -= ulen + wlen + 2;
611
	printer(arg, " user=");
612
	print_string(user, ulen, printer, arg);
613
	printer(arg, " password=");
614
	print_string(pwd, wlen, printer, arg);
615
	break;
616
    case UPAP_AUTHACK:
617
    case UPAP_AUTHNAK:
618
	if (len < 1)
619
	    break;
620
	mlen = p[0];
621
	if (len < mlen + 1)
622
	    break;
623
	msg = (char *) (p + 1);
624
	p += mlen + 1;
625
	len -= mlen + 1;
626
	printer(arg, " ");
627
	print_string(msg, mlen, printer, arg);
628
	break;
629
    }
630
631
    /* print the rest of the bytes in the packet */
632
    for (; len > 0; --len) {
633
	GETCHAR(code, p);
634
	printer(arg, " %.2x", code);
635
    }
636
637
    return p - pstart;
638
}