91#define NONWILD_SERVER 1
92#define NONWILD_CLIENT 2
94#define ISWILD(word) (word[0] == '*' && word[1] == 0)
97#if PAP_SUPPORT || CHAP_SUPPORT
103static int auth_pending[NUM_PPP];
109static int did_authup;
112static struct wordlist *addresses[NUM_PPP];
117static struct wordlist *noauth_addrs;
120static struct wordlist *extra_options;
124static int num_np_open;
129#if PAP_SUPPORT || CHAP_SUPPORT
131static int passwd_from_file;
136static bool default_auth;
139int (*idle_time_hook)
__P((
struct ppp_idle *)) =
NULL;
145int (*pap_auth_hook)
__P((
char *
user,
char *passwd,
char **msgp,
146 struct wordlist **paddrs,
147 struct wordlist **popts)) =
NULL;
164static enum script_state auth_state = s_down;
165static enum script_state auth_script_state = s_down;
166static pid_t auth_script_pid = 0;
177bool auth_required = 0;
178bool allow_any_ip = 0;
179bool explicit_remote = 0;
185#define PAP_WITHPEER 1
187#define CHAP_WITHPEER 4
193 struct wordlist *
next;
198extern char *crypt (
const char *,
const char *);
202static void network_phase (
int);
203static void check_idle (
void *);
204static void connect_time_expired (
void *);
206static int plogin (
char *,
char *,
char **,
int *);
208static void plogout (
void);
209static int null_login (
int);
210static int get_pap_passwd (
int,
char *,
char *);
211static int have_pap_secret (
void);
212static int have_chap_secret (
char *,
char *,
u32_t);
213static int ip_addr_check (
u32_t,
struct wordlist *);
216static int scan_authfile (
FILE *,
char *,
char *,
char *,
217 struct wordlist **,
struct wordlist **,
219static void free_wordlist (
struct wordlist *);
220static void auth_script (
char *);
221static void auth_script_done (
void *);
222static void set_allowed_addrs (
int unit,
struct wordlist *addrs);
223static int some_ip_ok (
struct wordlist *);
224static int setupapfile (
char **);
225static int privgroup (
char **);
226static int set_noauth_addr (
char **);
234option_t auth_options[] = {
236 "Require PAP authentication from peer", 1, &auth_required },
238 "Require PAP authentication from peer", 1, &auth_required },
239 {
"refuse-pap", o_bool, &refuse_pap,
240 "Don't agree to auth to peer with PAP", 1 },
241 {
"-pap", o_bool, &refuse_pap,
242 "Don't allow PAP authentication with peer", 1 },
244 "Require CHAP authentication from peer", 1, &auth_required },
246 "Require CHAP authentication from peer", 1, &auth_required },
247 {
"refuse-chap", o_bool, &refuse_chap,
248 "Don't agree to auth to peer with CHAP", 1 },
249 {
"-chap", o_bool, &refuse_chap,
250 "Don't allow CHAP authentication with peer", 1 },
251 {
"name", o_string, our_name,
252 "Set local name for authentication",
254 {
"user", o_string,
user,
256 {
"usehostname", o_bool, &usehostname,
257 "Must use hostname for authentication", 1 },
258 {
"remotename", o_string, remote_name,
259 "Set remote name for authentication", OPT_STATIC,
261 {
"auth", o_bool, &auth_required,
262 "Require authentication from peer", 1 },
263 {
"noauth", o_bool, &auth_required,
264 "Don't require peer to authenticate", OPT_PRIV, &allow_any_ip },
265 {
"login", o_bool, &uselogin,
266 "Use system password database for PAP", 1 },
267 {
"papcrypt", o_bool, &cryptpap,
268 "PAP passwords are encrypted", 1 },
269 {
"+ua", o_special, (
void *)setupapfile,
270 "Get PAP user and password from file" },
271 {
"password", o_string, passwd,
272 "Password for authenticating us to the peer", OPT_STATIC,
273 NULL, MAXSECRETLEN },
274 {
"privgroup", o_special, (
void *)privgroup,
275 "Allow group members to use privileged options", OPT_PRIV },
276 {
"allow-ip", o_special, (
void *)set_noauth_addr,
277 "Set IP address(es) which can be used without authentication",
287setupapfile(
char **
argv)
299 option_error(
"unable to open user login data file %s", *
argv);
306 ||
fgets(passwd, MAXSECRETLEN - 1, ufile) ==
NULL){
307 option_error(
"unable to read user login data file %s", *
argv);
314 if (
l > 0 &&
user[
l-1] ==
'\n')
317 if (
l > 0 && passwd[
l-1] ==
'\n')
329privgroup(
char **
argv)
336 option_error(
"group %s is unknown", *
argv);
339 for (
i = 0;
i < ngroups; ++
i) {
355set_noauth_addr(
char **
argv)
361 wp = (
struct wordlist *)
malloc(
sizeof(
struct wordlist) +
l + 1);
363 novm(
"allow-ip argument");
364 wp->word = (
char *) (wp + 1);
365 wp->next = noauth_addrs;
366 BCOPY(
addr, wp->word,
l);
400 pppLinkTerminated(
unit);
410 struct protent *protp;
418 for (
i = 0; (protp = ppp_protocols[
i]) !=
NULL; ++
i) {
419 if (!protp->enabled_flag) {
422 if (protp->protocol != PPP_LCP && protp->lowerdown !=
NULL) {
423 (*protp->lowerdown)(
unit);
425 if (protp->protocol < 0xC000 && protp->close !=
NULL) {
426 (*protp->close)(
unit,
"LCP down");
447 struct protent *protp;
450#if PAP_SUPPORT || CHAP_SUPPORT
458 for (
i = 0; (protp = ppp_protocols[
i]) !=
NULL; ++
i) {
459 if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup !=
NULL) {
460 (*protp->lowerup)(
unit);
484#if PAP_SUPPORT && CHAP_SUPPORT
496 auth |= CHAP_WITHPEER;
499#if PAP_SUPPORT && CHAP_SUPPORT
504 if (ppp_settings.passwd[0] == 0) {
505 passwd_from_file = 1;
506 if (!get_pap_passwd(
unit, ppp_settings.user, ppp_settings.passwd)) {
510 upap_authwithpeer(
unit, ppp_settings.user, ppp_settings.passwd);
511 auth |= PAP_WITHPEER;
514 auth_pending[
unit] = auth;
525network_phase(
int unit)
528 struct protent *protp;
545 (*cbcp_protent.open)(
unit);
551 for (
i = 0; (protp = ppp_protocols[
i]) !=
NULL; ++
i) {
552 if (protp->protocol < 0xC000 && protp->enabled_flag && protp->open !=
NULL) {
553 (*protp->open)(
unit);
554 if (protp->protocol != PPP_CCP) {
560 if (num_np_open == 0) {
562 lcp_close(0,
"No network protocols running");
583#if PAP_SUPPORT || CHAP_SUPPORT
608 if (
namelen > (
int)
sizeof(peer_authname) - 1) {
609 namelen =
sizeof(peer_authname) - 1;
618 if ((auth_pending[
unit] &= ~pbit) == 0) {
629 int errCode = PPPERR_AUTHFAIL;
634 if (passwd_from_file) {
635 BZERO(ppp_settings.passwd, MAXSECRETLEN);
643 pppIOCtl(
unit, PPPCTLS_ERRCODE, &errCode);
658 pbit = CHAP_WITHPEER;
661 if (passwd_from_file) {
662 BZERO(ppp_settings.passwd, MAXSECRETLEN);
675 if ((auth_pending[
unit] &= ~pbit) == 0) {
692 if (num_np_up == 0) {
693 AUTHDEBUG(
LOG_INFO, (
"np_up: maxconnect=%d idle_time_limit=%d\n",ppp_settings.maxconnect,ppp_settings.idle_time_limit));
697 if (ppp_settings.idle_time_limit > 0) {
698 TIMEOUT(check_idle,
NULL, ppp_settings.idle_time_limit);
705 if (ppp_settings.maxconnect > 0) {
706 TIMEOUT(connect_time_expired, 0, ppp_settings.maxconnect);
722 if (--num_np_up == 0 && ppp_settings.idle_time_limit > 0) {
723 UNTIMEOUT(check_idle,
NULL);
737 if (--num_np_open <= 0) {
739 lcp_close(0,
"No network protocols running");
750 struct ppp_idle
idle;
754 if (!get_idle_time(0, &
idle)) {
758 if (itime >= ppp_settings.idle_time_limit) {
763 TIMEOUT(check_idle,
NULL, ppp_settings.idle_time_limit - itime);
771connect_time_expired(
void *
arg)
792 if (ppp_settings.our_name[0] == 0 || ppp_settings.usehostname) {
793 strcpy(ppp_settings.our_name, ppp_settings.hostname);
796 if (ppp_settings.user[0] == 0) {
797 strcpy(ppp_settings.user, ppp_settings.our_name);
810 can_auth = wo->
neg_upap && have_pap_secret();
813 can_auth = have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote);
816 if (ppp_settings.auth_required && !can_auth) {
817 ppp_panic(
"No auth secret");
836 ao->
neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(
unit,
NULL,
NULL));
837 ao->
neg_chap = !ppp_settings.refuse_chap && ppp_settings.passwd[0] != 0 ;
839 if (go->
neg_upap && !have_pap_secret()) {
844 if (!have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote)) {
862check_passwd(
int unit,
char *auser,
int userlen,
char *apasswd,
int passwdlen,
char **
msg,
int *msglen)
875 struct wordlist *addrs =
NULL;
876 char passwd[256],
user[256];
883 BCOPY(apasswd, passwd, passwdlen);
884 passwd[passwdlen] =
'\0';
885 BCOPY(auser,
user, userlen);
886 user[userlen] =
'\0';
892 if (
ret == UPAP_AUTHNAK) {
893 if (*
msg == (
char *) 0) {
894 *
msg =
"Login incorrect";
902 if (attempts++ >= 10) {
913 free_wordlist(addrs);
917 if (*
msg == (
char *) 0) {
921 set_allowed_addrs(
unit, addrs);
924 BZERO(passwd,
sizeof(passwd));
957plogin(
char *
user,
char *passwd,
char **
msg,
int *msglen)
985 return (UPAP_AUTHNAK);
1020get_pap_passwd(
int unit,
char *
user,
char *passwd)
1044have_pap_secret(
void)
1078 struct wordlist *addrs;
1091 if (
len > MAXSECRETLEN) {
1096 BCOPY(ppp_settings.passwd,
secret,
len);
1102 struct wordlist *addrs;
1103 char secbuf[MAXWORDLEN];
1114 set_allowed_addrs(
unit, addrs);
1118 if (
len > MAXSECRETLEN) {
1124 BZERO(secbuf,
sizeof(secbuf));
1138set_allowed_addrs(
int unit,
struct wordlist *addrs)
1141 free_wordlist(addresses[
unit]);
1143 addresses[
unit] = addrs;
1151 char *
p = addrs->word;
1159 a = *(
u32_t *)hp->h_addr;
1179 return ip_addr_check(
addr, addresses[
unit]);
1183ip_addr_check(
u32_t addr,
struct wordlist *addrs)
1190 if (addrs ==
NULL) {
1191 return !ppp_settings.auth_required;
1217some_ip_ok(
struct wordlist *addrs)
1219 for (; addrs != 0; addrs = addrs->next) {
1220 if (addrs->word[0] ==
'-')
1222 if (addrs->word[0] !=
'!')
1239 warn(
"Warning - secret file %s has world and/or group access",
1267free_wordlist(
struct wordlist *wp)
1269 struct wordlist *
next;
1271 while (wp !=
NULL) {
1283auth_script_done(
void *
arg)
1285 auth_script_pid = 0;
1286 switch (auth_script_state) {
1288 if (auth_state == s_down) {
1289 auth_script_state = s_down;
1290 auth_script(_PATH_AUTHDOWN);
1294 if (auth_state == s_up) {
1295 auth_script_state = s_up;
1296 auth_script(_PATH_AUTHUP);
1318 slprintf(struid,
sizeof(struid),
"%d",
getuid());
1321 slprintf(strspeed,
sizeof(strspeed),
"%d", baud_rate);
1325 argv[2] = peer_authname;
1331 auth_script_pid = run_program(
script,
argv, 0, auth_script_done,
NULL);
int strcmp(const char *String1, const char *String2)
ACPI_SIZE strlen(const char *String)
char * strcpy(char *DstString, const char *SrcString)
char * strchr(const char *String, int ch)
#define LWIP_UNUSED_ARG(x)
void idle(int argc, const char *argv[])
void user(int argc, const char *argv[])
void ChapAuthPeer(int, char *, u_char)
void ChapAuthWithPeer(int, char *, u_char)
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
void link_established(int)
void auth_peer_success(int, u16_t, char *, int)
void link_terminated(int)
void np_finished(int, u16_t)
void auth_peer_fail(int, u16_t)
void auth_withpeer_fail(int, u16_t)
int get_secret(int, char *, char *, char *, int *, int)
u_char check_passwd(int, char *, int, char *, int, char **, int *)
void auth_withpeer_success(int, u16_t)
void auth_check_options(void)
int auth_ip_addr(int, u32_t)
PHOSTENT WSAAPI gethostbyname(IN const char FAR *name)
GLenum const GLvoid * addr
GLboolean GLboolean GLboolean GLboolean a
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
_Check_return_ _CRTIMP FILE *__cdecl fopen(_In_z_ const char *_Filename, _In_z_ const char *_Mode)
_Check_return_opt_ _CRTIMP char *__cdecl fgets(_Out_writes_z_(_MaxCount) char *_Buf, _In_ int _MaxCount, _Inout_ FILE *_File)
_Check_return_opt_ _CRTIMP int __cdecl fclose(_Inout_ FILE *_File)
ipcp_options ipcp_wantoptions[]
lcp_options lcp_wantoptions[]
lcp_options lcp_hisoptions[]
void lcp_close(int, char *)
LinkPhase lcp_phase[NUM_PPP]
lcp_options lcp_allowoptions[]
lcp_options lcp_gotoptions[]
static DATA_BLOB CRYPTPROTECT_PROMPTSTRUCT DATA_BLOB *static LPWSTR DATA_BLOB CRYPTPROTECT_PROMPTSTRUCT DATA_BLOB *static char secret[]
static WCHAR user_name[UNLEN+1]
static void check_access(LPCWSTR filename, const struct lock_test *current, DWORD access, DWORD sharing, const char *desc, DWORD open_mode, BOOL *any_failure)
png_const_structrp png_const_inforp int * unit
static unsigned __int64 next
EXPORT int seteuid(uid_t uid)
static rfbScreenInfoPtr server