44#if PPP_SUPPORT && PAP_SUPPORT
63static option_t pap_option_list[] = {
64 {
"hide-password", o_bool, &hide_password,
65 "Don't output passwords to log", OPT_PRIO | 1 },
66 {
"show-password", o_bool, &hide_password,
67 "Show password string in debug log messages", OPT_PRIOSUB | 0 },
69 {
"pap-restart", o_int, &upap[0].us_timeouttime,
70 "Set retransmit timeout for PAP", OPT_PRIO },
71 {
"pap-max-authreq", o_int, &upap[0].us_maxtransmits,
72 "Set max number of transmissions for auth-reqs", OPT_PRIO },
73 {
"pap-timeout", o_int, &upap[0].us_reqtimeout,
74 "Set time limit for peer PAP authentication", OPT_PRIO },
83static void upap_init(ppp_pcb *pcb);
84static void upap_lowerup(ppp_pcb *pcb);
85static void upap_lowerdown(ppp_pcb *pcb);
86static void upap_input(ppp_pcb *pcb,
u_char *inpacket,
int l);
87static void upap_protrej(ppp_pcb *pcb);
89static int upap_printpkt(
const u_char *
p,
int plen,
void (*printer) (
void *,
const char *, ...),
void *
arg);
92const struct protent pap_protent = {
121static void upap_timeout(
void *
arg);
123static void upap_reqtimeout(
void *
arg);
124static void upap_rauthreq(ppp_pcb *pcb,
u_char *inp,
int id,
int len);
126static void upap_rauthack(ppp_pcb *pcb,
u_char *inp,
int id,
int len);
127static void upap_rauthnak(ppp_pcb *pcb,
u_char *inp,
int id,
int len);
128static void upap_sauthreq(ppp_pcb *pcb);
137static void upap_init(ppp_pcb *pcb) {
138 pcb->upap.us_user =
NULL;
139 pcb->upap.us_userlen = 0;
140 pcb->upap.us_passwd =
NULL;
141 pcb->upap.us_passwdlen = 0;
142 pcb->upap.us_clientstate = UPAPCS_INITIAL;
144 pcb->upap.us_serverstate = UPAPSS_INITIAL;
155void upap_authwithpeer(ppp_pcb *pcb,
const char *
user,
const char *
password) {
161 pcb->upap.us_user =
user;
165 pcb->upap.us_transmits = 0;
168 if (pcb->upap.us_clientstate == UPAPCS_INITIAL ||
169 pcb->upap.us_clientstate == UPAPCS_PENDING) {
170 pcb->upap.us_clientstate = UPAPCS_PENDING;
183void upap_authpeer(ppp_pcb *pcb) {
186 if (pcb->upap.us_serverstate == UPAPSS_INITIAL ||
187 pcb->upap.us_serverstate == UPAPSS_PENDING) {
188 pcb->upap.us_serverstate = UPAPSS_PENDING;
192 pcb->upap.us_serverstate = UPAPSS_LISTEN;
193 if (pcb->settings.pap_req_timeout > 0)
194 TIMEOUT(upap_reqtimeout, pcb, pcb->settings.pap_req_timeout);
201static void upap_timeout(
void *
arg) {
202 ppp_pcb *pcb = (ppp_pcb*)
arg;
204 if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ)
207 if (pcb->upap.us_transmits >= pcb->settings.pap_max_transmits) {
209 ppp_error((
"No response to PAP authenticate-requests"));
210 pcb->upap.us_clientstate = UPAPCS_BADAUTH;
211 auth_withpeer_fail(pcb, PPP_PAP);
223static void upap_reqtimeout(
void *
arg) {
224 ppp_pcb *pcb = (ppp_pcb*)
arg;
226 if (pcb->upap.us_serverstate != UPAPSS_LISTEN)
229 auth_peer_fail(pcb, PPP_PAP);
230 pcb->upap.us_serverstate = UPAPSS_BADAUTH;
240static void upap_lowerup(ppp_pcb *pcb) {
242 if (pcb->upap.us_clientstate == UPAPCS_INITIAL)
243 pcb->upap.us_clientstate = UPAPCS_CLOSED;
244 else if (pcb->upap.us_clientstate == UPAPCS_PENDING) {
249 if (pcb->upap.us_serverstate == UPAPSS_INITIAL)
250 pcb->upap.us_serverstate = UPAPSS_CLOSED;
251 else if (pcb->upap.us_serverstate == UPAPSS_PENDING) {
252 pcb->upap.us_serverstate = UPAPSS_LISTEN;
253 if (pcb->settings.pap_req_timeout > 0)
254 TIMEOUT(upap_reqtimeout, pcb, pcb->settings.pap_req_timeout);
265static void upap_lowerdown(ppp_pcb *pcb) {
267 if (pcb->upap.us_clientstate == UPAPCS_AUTHREQ)
268 UNTIMEOUT(upap_timeout, pcb);
270 if (pcb->upap.us_serverstate == UPAPSS_LISTEN && pcb->settings.pap_req_timeout > 0)
271 UNTIMEOUT(upap_reqtimeout, pcb);
274 pcb->upap.us_clientstate = UPAPCS_INITIAL;
276 pcb->upap.us_serverstate = UPAPSS_INITIAL;
286static void upap_protrej(ppp_pcb *pcb) {
288 if (pcb->upap.us_clientstate == UPAPCS_AUTHREQ) {
289 ppp_error((
"PAP authentication failed due to protocol-reject"));
290 auth_withpeer_fail(pcb, PPP_PAP);
293 if (pcb->upap.us_serverstate == UPAPSS_LISTEN) {
294 ppp_error((
"PAP authentication of peer failed (protocol-reject)"));
295 auth_peer_fail(pcb, PPP_PAP);
305static void upap_input(ppp_pcb *pcb,
u_char *inpacket,
int l) {
315 if (
l < UPAP_HEADERLEN) {
316 UPAPDEBUG((
"pap_input: rcvd short header."));
322 if (
len < UPAP_HEADERLEN) {
323 UPAPDEBUG((
"pap_input: rcvd illegal length."));
327 UPAPDEBUG((
"pap_input: rcvd short packet."));
330 len -= UPAP_HEADERLEN;
338 upap_rauthreq(pcb, inp,
id,
len);
343 upap_rauthack(pcb, inp,
id,
len);
347 upap_rauthnak(pcb, inp,
id,
len);
359static void upap_rauthreq(ppp_pcb *pcb,
u_char *inp,
int id,
int len) {
360 u_char ruserlen, rpasswdlen;
368 if (pcb->upap.us_serverstate < UPAPSS_LISTEN)
375 if (pcb->upap.us_serverstate == UPAPSS_OPEN) {
376 upap_sresp(pcb, UPAP_AUTHACK,
id,
"", 0);
379 if (pcb->upap.us_serverstate == UPAPSS_BADAUTH) {
380 upap_sresp(pcb, UPAP_AUTHNAK,
id,
"", 0);
388 UPAPDEBUG((
"pap_rauth: rcvd short packet."));
391 GETCHAR(ruserlen, inp);
394 UPAPDEBUG((
"pap_rauth: rcvd short packet."));
397 ruser = (
char *) inp;
398 INCPTR(ruserlen, inp);
399 GETCHAR(rpasswdlen, inp);
400 if (
len < rpasswdlen) {
401 UPAPDEBUG((
"pap_rauth: rcvd short packet."));
405 rpasswd = (
char *) inp;
410 retcode = UPAP_AUTHNAK;
411 if (auth_check_passwd(pcb, ruser, ruserlen, rpasswd, rpasswdlen, &
msg, &msglen)) {
412 retcode = UPAP_AUTHACK;
414 BZERO(rpasswd, rpasswdlen);
422 if (retcode == UPAP_AUTHACK) {
423 if (!auth_number()) {
425 retcode = UPAP_AUTHNAK;
426 warn(
"calling number %q is not authorized", remote_number);
435 upap_sresp(pcb, retcode,
id,
msg, msglen);
438 ppp_slprintf(rhostname,
sizeof(rhostname),
"%.*v", ruserlen, ruser);
440 if (retcode == UPAP_AUTHACK) {
441 pcb->upap.us_serverstate = UPAPSS_OPEN;
442 ppp_notice((
"PAP peer authentication succeeded for %q", rhostname));
443 auth_peer_success(pcb, PPP_PAP, 0, ruser, ruserlen);
445 pcb->upap.us_serverstate = UPAPSS_BADAUTH;
446 ppp_warn((
"PAP peer authentication failed for %q", rhostname));
447 auth_peer_fail(pcb, PPP_PAP);
450 if (pcb->settings.pap_req_timeout > 0)
451 UNTIMEOUT(upap_reqtimeout, pcb);
458static void upap_rauthack(ppp_pcb *pcb,
u_char *inp,
int id,
int len) {
463 if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ)
470 UPAPDEBUG((
"pap_rauthack: ignoring missing msg-length."));
472 GETCHAR(msglen, inp);
476 UPAPDEBUG((
"pap_rauthack: rcvd short packet."));
480 PRINTMSG(
msg, msglen);
484 UNTIMEOUT(upap_timeout, pcb);
485 pcb->upap.us_clientstate = UPAPCS_OPEN;
487 auth_withpeer_success(pcb, PPP_PAP, 0);
494static void upap_rauthnak(ppp_pcb *pcb,
u_char *inp,
int id,
int len) {
499 if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ)
506 UPAPDEBUG((
"pap_rauthnak: ignoring missing msg-length."));
508 GETCHAR(msglen, inp);
512 UPAPDEBUG((
"pap_rauthnak: rcvd short packet."));
516 PRINTMSG(
msg, msglen);
520 UNTIMEOUT(upap_timeout, pcb);
521 pcb->upap.us_clientstate = UPAPCS_BADAUTH;
523 ppp_error((
"PAP authentication failed"));
524 auth_withpeer_fail(pcb, PPP_PAP);
531static void upap_sauthreq(ppp_pcb *pcb) {
536 outlen = UPAP_HEADERLEN + 2 *
sizeof (
u_char) +
537 pcb->upap.us_userlen + pcb->upap.us_passwdlen;
541 if(
p->tot_len !=
p->len) {
547 MAKEHEADER(outp, PPP_PAP);
549 PUTCHAR(UPAP_AUTHREQ, outp);
550 PUTCHAR(++pcb->upap.us_id, outp);
551 PUTSHORT(outlen, outp);
552 PUTCHAR(pcb->upap.us_userlen, outp);
553 MEMCPY(outp, pcb->upap.us_user, pcb->upap.us_userlen);
554 INCPTR(pcb->upap.us_userlen, outp);
555 PUTCHAR(pcb->upap.us_passwdlen, outp);
556 MEMCPY(outp, pcb->upap.us_passwd, pcb->upap.us_passwdlen);
560 TIMEOUT(upap_timeout, pcb, pcb->settings.pap_timeout_time);
561 ++pcb->upap.us_transmits;
562 pcb->upap.us_clientstate = UPAPCS_AUTHREQ;
574 outlen = UPAP_HEADERLEN +
sizeof (
u_char) + msglen;
578 if(
p->tot_len !=
p->len) {
584 MAKEHEADER(outp, PPP_PAP);
588 PUTSHORT(outlen, outp);
589 PUTCHAR(msglen, outp);
600static const char*
const upap_codenames[] = {
601 "AuthReq",
"AuthAck",
"AuthNak"
604static int upap_printpkt(
const u_char *
p,
int plen,
void (*printer) (
void *,
const char *, ...),
void *
arg) {
606 int mlen, ulen, wlen;
610 if (plen < UPAP_HEADERLEN)
616 if (len < UPAP_HEADERLEN || len > plen)
620 printer(
arg,
" %s", upap_codenames[
code-1]);
622 printer(
arg,
" code=0x%x",
code);
623 printer(
arg,
" id=0x%x",
id);
624 len -= UPAP_HEADERLEN;
633 if (
len < ulen + wlen + 2)
637 p += ulen + wlen + 2;
638 len -= ulen + wlen + 2;
639 printer(
arg,
" user=");
640 ppp_print_string(
user, ulen, printer,
arg);
641 printer(
arg,
" password=");
644 if (!pcb->settings.hide_password)
646 ppp_print_string(
pwd, wlen, printer,
arg);
649 printer(
arg,
"<hidden>");
663 ppp_print_string(
msg, mlen, printer,
arg);
ACPI_SIZE strlen(const char *String)
void pwd(int argc, const char *argv[])
void user(int argc, const char *argv[])
#define LWIP_ARRAYSIZE(x)
#define LWIP_UNUSED_ARG(x)
struct pbuf * pbuf_alloc(pbuf_layer layer, u16_t length, pbuf_type type)
u8_t pbuf_free(struct pbuf *p)
#define MEMCPY(DST, SRC, BYTES)