88#if defined(_PATH_LASTLOG) && defined(__linux__)
93#include <netinet/in.h>
99#define PW_PPP PW_LOGIN
127#include "netif/ppp/cbcp.h"
136#define NONWILD_SERVER 1
137#define NONWILD_CLIENT 2
139#define ISWILD(word) (word[0] == '*' && word[1] == 0)
144static struct permitted_ip *addresses[NUM_PPP];
148static struct wordlist *noauth_addrs;
154static struct wordlist *permitted_numbers;
157static struct wordlist *extra_options;
162static bool default_auth;
165int (*idle_time_hook) (
struct ppp_idle *) =
NULL;
171int (*pap_auth_hook) (
char *
user,
char *passwd,
char **msgp,
172 struct wordlist **paddrs,
173 struct wordlist **popts) =
NULL;
179int (*pap_passwd_hook) (
char *
user,
char *passwd) =
NULL;
185int (*chap_passwd_hook) (
char *
user,
char *passwd) =
NULL;
189int (*null_auth_hook) (
struct wordlist **paddrs,
190 struct wordlist **popts) =
NULL;
203struct notifier *auth_up_notifier =
NULL;
206struct notifier *link_down_notifier =
NULL;
214bool session_mgmt = 0;
220bool refuse_mschap = 0;
221bool refuse_mschap_v2 = 0;
223bool refuse_mschap = 1;
224bool refuse_mschap_v2 = 1;
227bool auth_required = 0;
228bool allow_any_ip = 0;
229bool explicit_remote = 0;
230bool explicit_user = 0;
231bool explicit_passwd = 0;
235extern char *crypt (
const char *,
const char *);
239static void network_phase(ppp_pcb *pcb);
241static void check_idle(
void *
arg);
244static void connect_time_expired(
void *
arg);
247static int null_login (
int);
249static int have_pap_secret (
int *);
250static int have_chap_secret (
char *,
char *,
int,
int *);
251static int have_srp_secret (
char *
client,
char *
server,
int need_ip,
253static int ip_addr_check (
u32_t,
struct permitted_ip *);
254static int scan_authfile (
FILE *,
char *,
char *,
char *,
255 struct wordlist **,
struct wordlist **,
257static void free_wordlist (
struct wordlist *);
258static void set_allowed_addrs (
int,
struct wordlist *,
struct wordlist *);
259static int some_ip_ok (
struct wordlist *);
260static int setupapfile (
char **);
261static int privgroup (
char **);
262static int set_noauth_addr (
char **);
263static int set_permitted_number (
char **);
265static int wordlist_count (
struct wordlist *);
269static void check_maxoctets (
void *);
276option_t auth_options[] = {
277 {
"auth", o_bool, &auth_required,
278 "Require authentication from peer", OPT_PRIO | 1 },
279 {
"noauth", o_bool, &auth_required,
280 "Don't require peer to authenticate", OPT_PRIOSUB | OPT_PRIV,
282 {
"require-pap", o_bool, &lcp_wantoptions[0].neg_upap,
283 "Require PAP authentication from peer",
284 OPT_PRIOSUB | 1, &auth_required },
285 {
"+pap", o_bool, &lcp_wantoptions[0].neg_upap,
286 "Require PAP authentication from peer",
287 OPT_ALIAS | OPT_PRIOSUB | 1, &auth_required },
288 {
"require-chap", o_bool, &auth_required,
289 "Require CHAP authentication from peer",
290 OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5,
291 &lcp_wantoptions[0].chap_mdtype },
292 {
"+chap", o_bool, &auth_required,
293 "Require CHAP authentication from peer",
294 OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5,
295 &lcp_wantoptions[0].chap_mdtype },
297 {
"require-mschap", o_bool, &auth_required,
298 "Require MS-CHAP authentication from peer",
299 OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT,
300 &lcp_wantoptions[0].chap_mdtype },
301 {
"+mschap", o_bool, &auth_required,
302 "Require MS-CHAP authentication from peer",
303 OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT,
304 &lcp_wantoptions[0].chap_mdtype },
305 {
"require-mschap-v2", o_bool, &auth_required,
306 "Require MS-CHAPv2 authentication from peer",
307 OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT_V2,
308 &lcp_wantoptions[0].chap_mdtype },
309 {
"+mschap-v2", o_bool, &auth_required,
310 "Require MS-CHAPv2 authentication from peer",
311 OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT_V2,
312 &lcp_wantoptions[0].chap_mdtype },
315 {
"refuse-pap", o_bool, &refuse_pap,
316 "Don't agree to auth to peer with PAP", 1 },
317 {
"-pap", o_bool, &refuse_pap,
318 "Don't allow PAP authentication with peer", OPT_ALIAS | 1 },
319 {
"refuse-chap", o_bool, &refuse_chap,
320 "Don't agree to auth to peer with CHAP",
321 OPT_A2CLRB | MDTYPE_MD5,
322 &lcp_allowoptions[0].chap_mdtype },
323 {
"-chap", o_bool, &refuse_chap,
324 "Don't allow CHAP authentication with peer",
325 OPT_ALIAS | OPT_A2CLRB | MDTYPE_MD5,
326 &lcp_allowoptions[0].chap_mdtype },
330 {
"refuse-mschap", o_bool, &refuse_mschap,
331 "Don't agree to auth to peer with MS-CHAP",
332 OPT_A2CLRB | MDTYPE_MICROSOFT,
333 &lcp_allowoptions[0].chap_mdtype },
334 {
"-mschap", o_bool, &refuse_mschap,
335 "Don't allow MS-CHAP authentication with peer",
336 OPT_ALIAS | OPT_A2CLRB | MDTYPE_MICROSOFT,
337 &lcp_allowoptions[0].chap_mdtype },
338 {
"refuse-mschap-v2", o_bool, &refuse_mschap_v2,
339 "Don't agree to auth to peer with MS-CHAPv2",
340 OPT_A2CLRB | MDTYPE_MICROSOFT_V2,
341 &lcp_allowoptions[0].chap_mdtype },
342 {
"-mschap-v2", o_bool, &refuse_mschap_v2,
343 "Don't allow MS-CHAPv2 authentication with peer",
344 OPT_ALIAS | OPT_A2CLRB | MDTYPE_MICROSOFT_V2,
345 &lcp_allowoptions[0].chap_mdtype },
349 {
"require-eap", o_bool, &lcp_wantoptions[0].neg_eap,
350 "Require EAP authentication from peer", OPT_PRIOSUB | 1,
353 {
"refuse-eap", o_bool, &refuse_eap,
354 "Don't agree to authenticate to peer with EAP", 1 },
357 {
"name", o_string, our_name,
358 "Set local name for authentication",
361 {
"+ua", o_special, (
void *)setupapfile,
362 "Get PAP user and password from file",
363 OPT_PRIO | OPT_A2STRVAL, &uafname },
366 {
"user", o_string,
user,
367 "Set name for auth with peer", OPT_PRIO | OPT_STATIC,
370 {
"password", o_string, passwd,
371 "Password for authenticating us to the peer",
372 OPT_PRIO | OPT_STATIC | OPT_HIDE,
373 &explicit_passwd, MAXSECRETLEN },
376 {
"usehostname", o_bool, &usehostname,
377 "Must use hostname for authentication", 1 },
379 {
"remotename", o_string, remote_name,
380 "Set remote name for authentication", OPT_PRIO | OPT_STATIC,
383 {
"login", o_bool, &uselogin,
384 "Use system password database for PAP", OPT_A2COPY | 1 ,
386 {
"enable-session", o_bool, &session_mgmt,
387 "Enable session accounting for remote peers", OPT_PRIV | 1 },
389 {
"papcrypt", o_bool, &cryptpap,
390 "PAP passwords are encrypted", 1 },
392 {
"privgroup", o_special, (
void *)privgroup,
393 "Allow group members to use privileged options", OPT_PRIV | OPT_A2LIST },
395 {
"allow-ip", o_special, (
void *)set_noauth_addr,
396 "Set IP address(es) which can be used without authentication",
397 OPT_PRIV | OPT_A2LIST },
399 {
"remotenumber", o_string, remote_number,
400 "Set remote telephone number for authentication", OPT_PRIO | OPT_STATIC,
403 {
"allow-number", o_special, (
void *)set_permitted_number,
404 "Set telephone number(s) which are allowed to connect",
405 OPT_PRIV | OPT_A2LIST },
425 lcp_allowoptions[0].neg_upap = 1;
430 novm(
"+ua file name");
433 option_error(
"unable to reset uid before opening %s: %m", fname);
436 ufile =
fopen(fname,
"r");
438 fatal(
"unable to regain privileges: %m");
440 option_error(
"unable to open user login data file %s", fname);
448 ||
fgets(
p, MAXSECRETLEN - 1, ufile) ==
NULL) {
450 option_error(
"unable to read user login data file %s", fname);
457 if (
l > 0 &&
u[
l-1] ==
'\n')
460 if (
l > 0 &&
p[
l-1] ==
'\n')
463 if (override_value(
"user", option_priority, fname)) {
464 strlcpy(ppp_settings.user,
u,
sizeof(ppp_settings.user));
467 if (override_value(
"passwd", option_priority, fname)) {
468 strlcpy(ppp_settings.passwd,
p,
sizeof(ppp_settings.passwd));
487 option_error(
"group %s is unknown", *
argv);
490 for (
i = 0;
i < ngroups; ++
i) {
512 wp = (
struct wordlist *)
malloc(
sizeof(
struct wordlist) +
l);
514 novm(
"allow-ip argument");
515 wp->word = (
char *) (wp + 1);
516 wp->next = noauth_addrs;
527set_permitted_number(
argv)
534 wp = (
struct wordlist *)
malloc(
sizeof(
struct wordlist) +
l);
536 novm(
"allow-number argument");
537 wp->word = (
char *) (wp + 1);
538 wp->next = permitted_numbers;
540 permitted_numbers = wp;
548void link_required(ppp_pcb *pcb) {
559 ppp_pcb *pcb = &ppp_pcb_list[
unit];
562 status = EXIT_NEGOTIATION_FAILED;
563 new_phase(pcb, PPP_PHASE_SERIALCONN);
566 devfd = the_channel->connect();
567 msg =
"Connect script failed";
579 fd_ppp = the_channel->establish_ppp(devfd);
580 msg =
"ppp establishment failed";
582 status = EXIT_FATAL_ERROR;
586 if (!demand && ifunit >= 0)
594 ppp_notice((
"Connect: %s <--> %s", ifname, ppp_devnam));
596 ppp_notice((
"Starting negotiation on %s", ppp_devnam));
599 new_phase(pcb, PPP_PHASE_ESTABLISH);
605 new_phase(pcb, PPP_PHASE_DISCONNECT);
606 if (the_channel->disconnect)
607 the_channel->disconnect();
610 new_phase(pcb, PPP_PHASE_DEAD);
611 if (the_channel->cleanup)
612 (*the_channel->cleanup)();
620void link_terminated(ppp_pcb *pcb) {
621 if (pcb->phase == PPP_PHASE_DEAD
623 || pcb->phase == PPP_PHASE_MASTER
627 new_phase(pcb, PPP_PHASE_DISCONNECT);
630 if (pap_logout_hook) {
636 if (!doing_multilink) {
637 ppp_notice((
"Connection terminated."));
642 ppp_notice((
"Link terminated."));
646 ppp_link_terminated(pcb);
653 if (!doing_multilink && !demand)
664 the_channel->disestablish_ppp(devfd);
671 if (!doing_multilink && !demand)
672 script_unsetenv(
"IFNAME");
678 if (devfd >= 0 && the_channel->disconnect) {
679 the_channel->disconnect();
682 if (the_channel->cleanup)
683 (*the_channel->cleanup)();
685 if (doing_multilink && multilink_master) {
686 if (!bundle_terminating)
687 new_phase(pcb, PPP_PHASE_MASTER);
689 mp_bundle_terminated();
691 new_phase(pcb, PPP_PHASE_DEAD);
698void link_down(ppp_pcb *pcb) {
700 notify(link_down_notifier, 0);
703 if (!doing_multilink) {
704 upper_layers_down(pcb);
705 if (pcb->phase != PPP_PHASE_DEAD
707 && pcb->phase != PPP_PHASE_MASTER
710 new_phase(pcb, PPP_PHASE_ESTABLISH);
716void upper_layers_down(ppp_pcb *pcb) {
718 const struct protent *protp;
721 if (protp->protocol != PPP_LCP && protp->lowerdown !=
NULL)
722 (*protp->lowerdown)(pcb);
723 if (protp->protocol < 0xC000 && protp->close !=
NULL)
724 (*protp->close)(pcb,
"LCP down");
726 pcb->num_np_open = 0;
734void link_established(ppp_pcb *pcb) {
739 lcp_options *wo = &pcb->lcp_wantoptions;
741 lcp_options *go = &pcb->lcp_gotoptions;
743 lcp_options *ho = &pcb->lcp_hisoptions;
746 const struct protent *protp;
751 if (!doing_multilink) {
753 if (protp->protocol != PPP_LCP
754 && protp->lowerup !=
NULL)
755 (*protp->lowerup)(pcb);
761 if (!auth_required && noauth_addrs !=
NULL)
765 if (pcb->settings.auth_required && !(0
785 if (noauth_addrs !=
NULL) {
789 if (!pcb->settings.null_login
794 ppp_warn((
"peer refused to authenticate: terminating link"));
796 status = EXIT_PEER_AUTH_FAILED;
798 pcb->err_code = PPPERR_AUTHFAIL;
799 lcp_close(pcb,
"peer refused to authenticate");
805 new_phase(pcb, PPP_PHASE_AUTHENTICATE);
810 eap_authpeer(pcb, PPP_OUR_NAME);
816 chap_auth_peer(pcb, PPP_OUR_NAME, CHAP_DIGEST(go->chap_mdtype));
831 eap_authwithpeer(pcb, pcb->settings.user);
832 auth |= EAP_WITHPEER;
837 chap_auth_with_peer(pcb, pcb->settings.user, CHAP_DIGEST(ho->chap_mdtype));
838 auth |= CHAP_WITHPEER;
843 upap_authwithpeer(pcb, pcb->settings.user, pcb->settings.passwd);
844 auth |= PAP_WITHPEER;
849 pcb->auth_pending = auth;
860static void network_phase(ppp_pcb *pcb) {
862 ppp_pcb *pcb = &ppp_pcb_list[
unit];
865 lcp_options *go = &lcp_gotoptions[
unit];
871 ppp_notice((
"peer from calling number %q authorized", remote_number));
889 notify(auth_up_notifier, 0);
898 new_phase(pcb, PPP_PHASE_CALLBACK);
899 (*cbcp_protent.open)(pcb);
909 options_from_list(extra_options, 1);
910 free_wordlist(extra_options);
917void start_networks(ppp_pcb *pcb) {
918#if CCP_SUPPORT || ECP_SUPPORT
920 const struct protent *protp;
923 new_phase(pcb, PPP_PHASE_NETWORK);
927 if (mp_join_bundle()) {
928 if (multilink_join_hook)
929 (*multilink_join_hook)();
930 if (updetach && !nodetach)
939 set_filters(&pass_filter, &active_filter);
941#if CCP_SUPPORT || ECP_SUPPORT
947 || protp->protocol == PPP_ECP
950 || protp->protocol == PPP_CCP
953 && protp->open !=
NULL)
962 && !ecp_gotoptions[
unit].required
965 && !pcb->ccp_gotoptions.mppe
968 continue_networks(pcb);
971void continue_networks(ppp_pcb *pcb) {
973 const struct protent *protp;
979 if (protp->protocol < 0xC000
981 && protp->protocol != PPP_CCP
984 && protp->protocol != PPP_ECP
986 && protp->open !=
NULL) {
991 if (pcb->num_np_open == 0)
993 lcp_close(pcb,
"No network protocols running");
1006int auth_check_passwd(ppp_pcb *pcb,
char *auser,
unsigned int userlen,
char *apasswd,
unsigned int passwdlen,
const char **
msg,
int *msglen) {
1007 size_t secretuserlen;
1008 size_t secretpasswdlen;
1010 if (pcb->settings.user && pcb->settings.passwd) {
1011 secretuserlen =
strlen(pcb->settings.user);
1012 secretpasswdlen =
strlen(pcb->settings.passwd);
1013 if (secretuserlen == userlen
1014 && secretpasswdlen == passwdlen
1015 && !
memcmp(auser, pcb->settings.user, userlen)
1016 && !
memcmp(apasswd, pcb->settings.passwd, passwdlen) ) {
1018 *msglen =
sizeof(
"Login ok")-1;
1023 *
msg =
"Login incorrect";
1024 *msglen =
sizeof(
"Login incorrect")-1;
1031void auth_peer_fail(ppp_pcb *pcb,
int protocol) {
1037 status = EXIT_PEER_AUTH_FAILED;
1039 pcb->err_code = PPPERR_AUTHFAIL;
1040 lcp_close(pcb,
"Authentication failed");
1046void auth_peer_success(ppp_pcb *pcb,
int protocol,
int prot_flavor,
const char *
name,
int namelen) {
1048#ifndef HAVE_MULTILINK
1058 switch (prot_flavor) {
1060 bit |= CHAP_MD5_PEER;
1063 case CHAP_MICROSOFT:
1064 bit |= CHAP_MS_PEER;
1066 case CHAP_MICROSOFT_V2:
1067 bit |= CHAP_MS2_PEER;
1086 ppp_warn((
"auth_peer_success: unknown protocol %x",
protocol));
1090#ifdef HAVE_MULTILINK
1094 if (
namelen > (
int)
sizeof(pcb->peer_authname) - 1)
1095 namelen = (
int)
sizeof(pcb->peer_authname) - 1;
1097 pcb->peer_authname[
namelen] = 0;
1100 script_setenv(
"PEERNAME", , 0);
1104 pcb->auth_done |= bit;
1110 if ((pcb->auth_pending &= ~bit) == 0)
1118void auth_withpeer_fail(ppp_pcb *pcb,
int protocol) {
1130 pcb->err_code = PPPERR_AUTHFAIL;
1131 lcp_close(pcb,
"Failed to authenticate ourselves to peer");
1137void auth_withpeer_success(ppp_pcb *pcb,
int protocol,
int prot_flavor) {
1139 const char *prot =
"";
1145 bit = CHAP_WITHPEER;
1147 switch (prot_flavor) {
1149 bit |= CHAP_MD5_WITHPEER;
1152 case CHAP_MICROSOFT:
1153 bit |= CHAP_MS_WITHPEER;
1155 case CHAP_MICROSOFT_V2:
1156 bit |= CHAP_MS2_WITHPEER;
1177 ppp_warn((
"auth_withpeer_success: unknown protocol %x",
protocol));
1182 ppp_notice((
"%s authentication succeeded", prot));
1185 pcb->auth_done |= bit;
1191 if ((pcb->auth_pending &= ~bit) == 0)
1200void np_up(ppp_pcb *pcb,
int proto) {
1201#if PPP_IDLETIMELIMIT
1206 if (pcb->num_np_up == 0) {
1210 new_phase(pcb, PPP_PHASE_RUNNING);
1212#if PPP_IDLETIMELIMIT
1214 if (idle_time_hook != 0)
1215 tlim = (*idle_time_hook)(
NULL);
1218 tlim = pcb->settings.idle_time_limit;
1220 TIMEOUT(check_idle, (
void*)pcb, tlim);
1228 if (pcb->settings.maxconnect > 0)
1229 TIMEOUT(connect_time_expired, (
void*)pcb, pcb->settings.maxconnect);
1234 TIMEOUT(check_maxoctets,
NULL, maxoctets_timeout);
1241 if (updetach && !nodetach)
1251void np_down(ppp_pcb *pcb,
int proto) {
1253 if (--pcb->num_np_up == 0) {
1254#if PPP_IDLETIMELIMIT
1255 UNTIMEOUT(check_idle, (
void*)pcb);
1258 UNTIMEOUT(connect_time_expired,
NULL);
1261 UNTIMEOUT(check_maxoctets,
NULL);
1263 new_phase(pcb, PPP_PHASE_NETWORK);
1270void np_finished(ppp_pcb *pcb,
int proto) {
1272 if (--pcb->num_np_open <= 0) {
1274 lcp_close(pcb,
"No network protocols running");
1283#if PPP_STATS_SUPPORT
1286 update_link_stats(ifunit);
1289 switch(maxoctets_dir) {
1290 case PPP_OCTETS_DIRECTION_IN:
1291 used = link_stats.bytes_in;
1293 case PPP_OCTETS_DIRECTION_OUT:
1294 used = link_stats.bytes_out;
1296 case PPP_OCTETS_DIRECTION_MAXOVERAL:
1297 case PPP_OCTETS_DIRECTION_MAXSESSION:
1298 used = (link_stats.bytes_in > link_stats.bytes_out) ? link_stats.bytes_in : link_stats.bytes_out;
1301 used = link_stats.bytes_in+link_stats.bytes_out;
1304 if (
used > maxoctets) {
1305 ppp_notice((
"Traffic limit reached. Limit: %u Used: %u", maxoctets,
used));
1306 status = EXIT_TRAFFIC_LIMIT;
1307 lcp_close(pcb,
"Traffic limit");
1312 TIMEOUT(check_maxoctets,
NULL, maxoctets_timeout);
1318#if PPP_IDLETIMELIMIT
1323static void check_idle(
void *
arg) {
1324 ppp_pcb *pcb = (ppp_pcb*)
arg;
1325 struct ppp_idle
idle;
1329 if (!get_idle_time(pcb, &
idle))
1332 if (idle_time_hook != 0) {
1333 tlim = idle_time_hook(&
idle);
1337 tlim = pcb->settings.idle_time_limit - itime;
1343 ppp_notice((
"Terminating connection due to lack of activity."));
1344 pcb->err_code = PPPERR_IDLETIMEOUT;
1345 lcp_close(pcb,
"Link inactive");
1350 TIMEOUT(check_idle, (
void*)pcb, tlim);
1359static void connect_time_expired(
void *
arg) {
1360 ppp_pcb *pcb = (ppp_pcb*)
arg;
1361 ppp_info((
"Connect time expired"));
1362 pcb->err_code = PPPERR_CONNECTTIME;
1363 lcp_close(pcb,
"Connect time expired");
1374 lcp_options *wo = &lcp_wantoptions[0];
1379 if (our_name[0] == 0 || usehostname)
1383 if (ppp_settings.user[0] == 0 && !explicit_user)
1384 strlcpy(ppp_settings.user, our_name,
sizeof(ppp_settings.user));
1390 if (!auth_required && !allow_any_ip && have_route_to(0) && !privileged) {
1397 if (wo->chap_mdtype)
1402 if (auth_required) {
1416 wo->neg_chap = CHAP_MDTYPE_SUPPORTED != MDTYPE_NONE;
1417 wo->chap_mdtype = CHAP_MDTYPE_SUPPORTED;
1429 wo->chap_mdtype = MDTYPE_NONE;
1446 can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip));
1459 can_auth = have_chap_secret((explicit_remote? remote_name:
NULL),
1460 our_name, 1, &lacks_ip);
1470 can_auth = have_srp_secret((explicit_remote? remote_name:
NULL),
1471 our_name, 1, &lacks_ip);
1474 if (auth_required && !can_auth && noauth_addrs ==
NULL) {
1477"By default the remote system is required to authenticate itself");
1479"(because this system has a default route to the internet)");
1480 }
else if (explicit_remote)
1482"The remote system (%s) is required to authenticate itself",
1486"The remote system is required to authenticate itself");
1488"but I couldn't find any suitable secret (password) for it to use to do so.");
1491"(None of the available passwords would let it use an IP address.)");
1499 if (!auth_number()) {
1500 ppp_warn((
"calling number %q is not authorized", remote_number));
1501 exit(EXIT_CNID_AUTH_FAILED);
1516 lcp_options *go = &lcp_gotoptions[
unit];
1517 lcp_options *ao = &lcp_allowoptions[
unit];
1521 ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(
NULL));
1522 ao->neg_chap = (!refuse_chap || !refuse_mschap || !refuse_mschap_v2)
1523 && (passwd[0] != 0 ||
1524 (hadchap = have_chap_secret(
user, (explicit_remote? remote_name:
1526 ao->neg_eap = !refuse_eap && (
1528 (hadchap == 1 || (hadchap == -1 && have_chap_secret(
user,
1529 (explicit_remote? remote_name:
NULL), 0,
NULL))) ||
1530 have_srp_secret(
user, (explicit_remote? remote_name:
NULL), 0,
NULL));
1533 if (go->neg_upap && !uselogin && !have_pap_secret(
NULL))
1536 if (!(hadchap = have_chap_secret((explicit_remote? remote_name:
NULL),
1537 our_name, 1,
NULL)))
1541 (hadchap == 0 || (hadchap == -1 &&
1542 !have_chap_secret((explicit_remote? remote_name:
NULL), our_name,
1544 !have_srp_secret((explicit_remote? remote_name:
NULL), our_name, 1,
1560check_passwd(
unit, auser, userlen, apasswd, passwdlen,
msg)
1568 return UPAP_AUTHNAK;
1572 struct wordlist *addrs =
NULL, *opts =
NULL;
1573 char passwd[256],
user[256];
1575 static int attempts = 0;
1582 slprintf(ppp_settings.passwd,
sizeof(ppp_settings.passwd),
"%.*v", passwdlen, apasswd);
1583 slprintf(ppp_settings.user,
sizeof(ppp_settings.user),
"%.*v", userlen, auser);
1589 if (pap_auth_hook) {
1590 ret = (*pap_auth_hook)(ppp_settings.user, ppp_settings.passwd,
msg, &addrs, &opts);
1595 set_allowed_addrs(
unit, addrs, opts);
1597 free_wordlist(opts);
1599 free_wordlist(addrs);
1600 BZERO(ppp_settings.passwd,
sizeof(ppp_settings.passwd));
1601 return ret? UPAP_AUTHACK: UPAP_AUTHNAK;
1610 addrs = opts =
NULL;
1614 ppp_error((
"Can't open PAP password file %s: %m",
filename));
1618 if (scan_authfile(
f, ppp_settings.user, our_name,
secret, &addrs, &opts,
filename, 0) < 0) {
1619 ppp_warn((
"no PAP secret found for %s",
user));
1627 if (uselogin || login_secret) {
1629 if (session_full(ppp_settings.user, ppp_settings.passwd, devnam,
msg) == 0) {
1632 }
else if (session_mgmt) {
1633 if (session_check(ppp_settings.user,
NULL, devnam,
NULL) == 0) {
1634 ppp_warn((
"Peer %q failed PAP Session verification",
user));
1638 if (
secret[0] != 0 && !login_secret) {
1640 if ((cryptpap ||
strcmp(ppp_settings.passwd,
secret) != 0)
1648 if (
ret == UPAP_AUTHNAK) {
1650 *
msg =
"Login incorrect";
1657 if (attempts++ >= 10) {
1658 ppp_warn((
"%d LOGIN FAILURES ON %s, %s", attempts, devnam,
user));
1659 lcp_close(pcb,
"login failed");
1664 free_wordlist(opts);
1670 set_allowed_addrs(
unit, addrs, opts);
1674 free_wordlist(addrs);
1675 BZERO(ppp_settings.passwd,
sizeof(ppp_settings.passwd));
1693 struct wordlist *addrs, *opts;
1701 ret = (*null_auth_hook)(&addrs, &opts);
1721 set_allowed_addrs(
unit, addrs, opts);
1723 free_wordlist(opts);
1725 free_wordlist(addrs);
1737get_pap_passwd(passwd)
1748 if (pap_passwd_hook) {
1749 ret = (*pap_passwd_hook)(ppp_settings,
user, ppp_settings.passwd);
1760 (remote_name[0]? remote_name:
NULL),
1776have_pap_secret(lacks_ipp)
1782 struct wordlist *addrs;
1785 if (pap_check_hook) {
1786 ret = (*pap_check_hook)();
1796 ret = scan_authfile(
f, (explicit_remote? remote_name:
NULL), our_name,
1799 if (
ret >= 0 && !some_ip_ok(addrs)) {
1805 free_wordlist(addrs);
1826 struct wordlist *addrs;
1828 if (chap_check_hook) {
1829 ret = (*chap_check_hook)();
1847 if (
ret >= 0 && need_ip && !some_ip_ok(addrs)) {
1853 free_wordlist(addrs);
1874 struct wordlist *addrs;
1888 if (
ret >= 0 && need_ip && !some_ip_ok(addrs)) {
1894 free_wordlist(addrs);
1906int get_secret(ppp_pcb *pcb,
const char *
client,
const char *
server,
char *
secret,
int *secret_len,
int am_server) {
1916 if (
len > MAXSECRETLEN) {
1917 ppp_error((
"Secret for %s on %s is too long",
client,
server));
1930 struct wordlist *addrs, *opts;
1931 char secbuf[MAXWORDLEN];
1932 struct wordlist *addrs;
1935 if (!am_server && ppp_settings.passwd[0] != 0) {
1936 strlcpy(secbuf, ppp_settings.passwd,
sizeof(secbuf));
1937 }
else if (!am_server && chap_passwd_hook) {
1938 if ( (*chap_passwd_hook)(
client, secbuf) < 0) {
1939 ppp_error((
"Unable to obtain CHAP password for %s on %s from plugin",
1950 ppp_error((
"Can't open chap secret file %s: %m",
filename));
1961 set_allowed_addrs(
unit, addrs, opts);
1963 free_wordlist(opts);
1965 free_wordlist(addrs);
1969 if (
len > MAXSECRETLEN) {
1970 ppp_error((
"Secret for %s on %s is too long",
client,
server));
1974 BZERO(secbuf,
sizeof(secbuf));
2000 struct wordlist *addrs, *opts;
2002 if (!am_server && ppp_settings.passwd[0] !=
'\0') {
2010 ppp_error((
"Can't open srp secret file %s: %m",
filename));
2023 set_allowed_addrs(
unit, addrs, opts);
2024 else if (opts !=
NULL)
2025 free_wordlist(opts);
2027 free_wordlist(addrs);
2039set_allowed_addrs(
unit, addrs, opts)
2041 struct wordlist *addrs;
2042 struct wordlist *opts;
2045 struct wordlist *
ap, **plink;
2046 struct permitted_ip *
ip;
2047 char *ptr_word, *ptr_mask;
2051 struct ipcp_options *wo = &ipcp_wantoptions[
unit];
2052 u32_t suggested_ip = 0;
2057 if (extra_options !=
NULL)
2058 free_wordlist(extra_options);
2059 extra_options = opts;
2064 n = wordlist_count(addrs) + wordlist_count(noauth_addrs);
2067 ip = (
struct permitted_ip *)
malloc((
n + 1) *
sizeof(
struct permitted_ip));
2072 for (plink = &addrs; *plink !=
NULL; plink = &(*plink)->
next)
2074 *plink = noauth_addrs;
2079 ptr_word =
ap->word;
2080 if (
strcmp(ptr_word,
"-") == 0)
2082 if (
strcmp(ptr_word,
"*") == 0) {
2084 ip[
n].base =
ip[
n].mask = 0;
2090 if (*ptr_word ==
'!') {
2097 ptr_mask =
strchr (ptr_word,
'/');
2098 if (ptr_mask !=
NULL) {
2102 bit_count = (
int)
strtol (ptr_mask+1, &endp, 10);
2103 if (bit_count <= 0 || bit_count > 32) {
2104 ppp_warn((
"invalid address length %v in auth. address list",
2108 bit_count = 32 - bit_count;
2114 ppp_warn((
"invalid address length syntax: %v", ptr_mask+1));
2123 a = *(
u32_t *)hp->h_addr;
2128 if (ptr_mask ==
NULL) {
2143 if (ptr_mask !=
NULL)
2147 ppp_warn((
"unknown host %s in auth. address list",
ap->word));
2152 ppp_warn((
"interface unit %d too large for subnet %v",
2162 if (~
mask == 0 && suggested_ip == 0)
2178 if (suggested_ip != 0
2179 && (wo->hisaddr == 0 || !auth_ip_addr(
unit, wo->hisaddr))) {
2180 wo->hisaddr = suggested_ip;
2186 wo->accept_remote = 1;
2202 if (bad_ip_adrs(
addr))
2205 if (allowed_address_hook) {
2206 ok = allowed_address_hook(
addr);
2207 if (
ok >= 0)
return ok;
2218 return allow_any_ip || privileged || !have_route_to(
addr);
2222ip_addr_check(
addr, addrs)
2224 struct permitted_ip *addrs;
2227 if ((
addr & addrs->mask) == addrs->base)
2228 return addrs->permit;
2251 struct wordlist *addrs;
2253 for (; addrs != 0; addrs = addrs->next) {
2254 if (addrs->word[0] ==
'-')
2256 if (addrs->word[0] !=
'!')
2269 struct wordlist *wp = permitted_numbers;
2280 if ((wp->word)[
l - 1] ==
'*')
2301 ppp_warn((
"cannot stat secret file %s: %m",
filename));
2303 ppp_warn((
"Warning - secret file %s has world and/or group access",
2328 struct wordlist **addrs;
2329 struct wordlist **opts;
2334 int got_flag, best_flag;
2336 struct wordlist *
ap, *addr_list, *alist, **app;
2337 char word[MAXWORDLEN];
2338 char atfile[MAXWORDLEN];
2339 char lsecret[MAXWORDLEN];
2369 got_flag = NONWILD_CLIENT;
2378 if (!ISWILD(
word)) {
2381 got_flag |= NONWILD_SERVER;
2388 if (got_flag <= best_flag)
2411 if (
word[0] ==
'@' &&
word[1] ==
'/') {
2413 if ((sf =
fopen(atfile,
"r")) ==
NULL) {
2414 ppp_warn((
"can't open indirect secret file %s", atfile));
2418 if (!getword(sf,
word, &xxx, atfile)) {
2419 ppp_warn((
"no secret in indirect secret file %s", atfile));
2435 ap = (
struct wordlist *)
2438 novm(
"authorized addresses");
2439 ap->word = (
char *) (
ap + 1);
2449 best_flag = got_flag;
2451 free_wordlist(addr_list);
2461 for (app = &addr_list; (
ap = *app) !=
NULL; app = &
ap->next)
2476 else if (addr_list !=
NULL)
2477 free_wordlist(addr_list);
2487 struct wordlist *wp;
2501 struct wordlist *wp;
2503 struct wordlist *
next;
2505 while (wp !=
NULL) {
int strcmp(const char *String1, const char *String2)
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
ACPI_SIZE strlen(const char *String)
char * strchr(const char *String, int ch)
ULONG WSAAPI inet_addr(IN CONST CHAR FAR *cp)
void idle(int argc, const char *argv[])
void user(int argc, const char *argv[])
void disconnect(int argc, const char *argv[])
size_t strlcpy(char *d, const char *s, size_t bufsize)
struct protocol * protocols
struct netent *WINAPI getnetbyname(const char *name)
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
PHOSTENT WSAAPI gethostbyname(IN const char FAR *name)
GLenum const GLvoid * addr
GLboolean GLboolean GLboolean GLboolean a
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble * u
#define LWIP_UNUSED_ARG(x)
_Check_return_ _CRTIMP FILE *__cdecl fopen(_In_z_ const char *_Filename, _In_z_ const char *_Mode)
_Check_return_opt_ _CRTIMP char *__cdecl fgets(_Out_writes_z_(_MaxCount) char *_Buf, _In_ int _MaxCount, _Inout_ FILE *_File)
_Check_return_opt_ _CRTIMP int __cdecl fclose(_Inout_ FILE *_File)
_Check_return_ long __cdecl strtol(_In_z_ const char *_Str, _Out_opt_ _Deref_post_z_ char **_EndPtr, _In_ int _Radix)
#define MEMCPY(DST, SRC, BYTES)
static DATA_BLOB CRYPTPROTECT_PROMPTSTRUCT DATA_BLOB *static LPWSTR DATA_BLOB CRYPTPROTECT_PROMPTSTRUCT DATA_BLOB *static char secret[]
static unsigned int number
static void check_access(LPCWSTR filename, const struct lock_test *current, DWORD access, DWORD sharing, const char *desc, DWORD open_mode, BOOL *any_failure)
png_const_structrp png_const_inforp int * unit
static unsigned __int64 next
_Check_return_ _CRTIMP char *__cdecl strdup(_In_opt_z_ const char *_Src)
EXPORT int seteuid(uid_t uid)
static rfbScreenInfoPtr server
void int int ULONGLONG int va_list * ap
void fatal(const char *msg)