iva2k_NetHttpServerTcpSockets - Example program with HTTPServer and sensor data s…

Users » iva2k » Code » iva2k_NetHttpServerTcpSockets

Ilya I / Mbed 2 deprecated iva2k_NetHttpServerTcpSockets

Example program with HTTPServer and sensor data streaming over TCPSockets, using Donatien Garnier's Net APIs and services code on top of LWIP. Files StreamServer.h and .cpp encapsulate streaming over TCPSockets. Broadcast is done by sendToAll(), and all incoming data is echoed back to the client. Echo code can be replaced with some remote control of the streaming interface. See main() that shows how to periodically send some data to all subscribed clients. To subscribe, a client should open a socket at <mbed_ip> port 123. I used few lines in TCL code to set up a quick sink for the data. HTTP files are served on port 80 concurrently to the streaming.

Dependencies: mbed

lwip/netif/ppp/auth.c@0:e614f7875b60, 2010-06-12 (annotated)

Committer:: iva2k
Date:: Sat Jun 12 06:01:50 2010 +0000
Revision:: 0:e614f7875b60

Who changed what in which revision?

User	Revision	Line number	New contents of line
iva2k	0:e614f7875b60	1	/*****************************************************************************
iva2k	0:e614f7875b60	2	* auth.c - Network Authentication and Phase Control program file.
iva2k	0:e614f7875b60	3	*
iva2k	0:e614f7875b60	4	* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
iva2k	0:e614f7875b60	5	* Copyright (c) 1997 by Global Election Systems Inc. All rights reserved.
iva2k	0:e614f7875b60	6	*
iva2k	0:e614f7875b60	7	* The authors hereby grant permission to use, copy, modify, distribute,
iva2k	0:e614f7875b60	8	* and license this software and its documentation for any purpose, provided
iva2k	0:e614f7875b60	9	* that existing copyright notices are retained in all copies and that this
iva2k	0:e614f7875b60	10	* notice and the following disclaimer are included verbatim in any
iva2k	0:e614f7875b60	11	* distributions. No written agreement, license, or royalty fee is required
iva2k	0:e614f7875b60	12	* for any of the authorized uses.
iva2k	0:e614f7875b60	13	*
iva2k	0:e614f7875b60	14	* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS AS IS AND ANY EXPRESS OR
iva2k	0:e614f7875b60	15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
iva2k	0:e614f7875b60	16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
iva2k	0:e614f7875b60	17	* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
iva2k	0:e614f7875b60	18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
iva2k	0:e614f7875b60	19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
iva2k	0:e614f7875b60	20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
iva2k	0:e614f7875b60	21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
iva2k	0:e614f7875b60	22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
iva2k	0:e614f7875b60	23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
iva2k	0:e614f7875b60	24	*
iva2k	0:e614f7875b60	25	******************************************************************************
iva2k	0:e614f7875b60	26	* REVISION HISTORY
iva2k	0:e614f7875b60	27	*
iva2k	0:e614f7875b60	28	* 03-01-01 Marc Boucher <marc@mbsi.ca>
iva2k	0:e614f7875b60	29	* Ported to lwIP.
iva2k	0:e614f7875b60	30	* 97-12-08 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
iva2k	0:e614f7875b60	31	* Ported from public pppd code.
iva2k	0:e614f7875b60	32	*****************************************************************************/
iva2k	0:e614f7875b60	33	/*
iva2k	0:e614f7875b60	34	* auth.c - PPP authentication and phase control.
iva2k	0:e614f7875b60	35	*
iva2k	0:e614f7875b60	36	* Copyright (c) 1993 The Australian National University.
iva2k	0:e614f7875b60	37	* All rights reserved.
iva2k	0:e614f7875b60	38	*
iva2k	0:e614f7875b60	39	* Redistribution and use in source and binary forms are permitted
iva2k	0:e614f7875b60	40	* provided that the above copyright notice and this paragraph are
iva2k	0:e614f7875b60	41	* duplicated in all such forms and that any documentation,
iva2k	0:e614f7875b60	42	* advertising materials, and other materials related to such
iva2k	0:e614f7875b60	43	* distribution and use acknowledge that the software was developed
iva2k	0:e614f7875b60	44	* by the Australian National University. The name of the University
iva2k	0:e614f7875b60	45	* may not be used to endorse or promote products derived from this
iva2k	0:e614f7875b60	46	* software without specific prior written permission.
iva2k	0:e614f7875b60	47	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
iva2k	0:e614f7875b60	48	* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
iva2k	0:e614f7875b60	49	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
iva2k	0:e614f7875b60	50	*
iva2k	0:e614f7875b60	51	* Copyright (c) 1989 Carnegie Mellon University.
iva2k	0:e614f7875b60	52	* All rights reserved.
iva2k	0:e614f7875b60	53	*
iva2k	0:e614f7875b60	54	* Redistribution and use in source and binary forms are permitted
iva2k	0:e614f7875b60	55	* provided that the above copyright notice and this paragraph are
iva2k	0:e614f7875b60	56	* duplicated in all such forms and that any documentation,
iva2k	0:e614f7875b60	57	* advertising materials, and other materials related to such
iva2k	0:e614f7875b60	58	* distribution and use acknowledge that the software was developed
iva2k	0:e614f7875b60	59	* by Carnegie Mellon University. The name of the
iva2k	0:e614f7875b60	60	* University may not be used to endorse or promote products derived
iva2k	0:e614f7875b60	61	* from this software without specific prior written permission.
iva2k	0:e614f7875b60	62	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
iva2k	0:e614f7875b60	63	* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
iva2k	0:e614f7875b60	64	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
iva2k	0:e614f7875b60	65	*/
iva2k	0:e614f7875b60	66
iva2k	0:e614f7875b60	67	#include "lwip/opt.h"
iva2k	0:e614f7875b60	68
iva2k	0:e614f7875b60	69	#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
iva2k	0:e614f7875b60	70
iva2k	0:e614f7875b60	71	#include "ppp.h"
iva2k	0:e614f7875b60	72	#include "pppdebug.h"
iva2k	0:e614f7875b60	73
iva2k	0:e614f7875b60	74	#include "fsm.h"
iva2k	0:e614f7875b60	75	#include "lcp.h"
iva2k	0:e614f7875b60	76	#include "pap.h"
iva2k	0:e614f7875b60	77	#include "chap.h"
iva2k	0:e614f7875b60	78	#include "auth.h"
iva2k	0:e614f7875b60	79	#include "ipcp.h"
iva2k	0:e614f7875b60	80
iva2k	0:e614f7875b60	81	#if CBCP_SUPPORT
iva2k	0:e614f7875b60	82	#include "cbcp.h"
iva2k	0:e614f7875b60	83	#endif /* CBCP_SUPPORT */
iva2k	0:e614f7875b60	84
iva2k	0:e614f7875b60	85	#include "lwip/inet.h"
iva2k	0:e614f7875b60	86
iva2k	0:e614f7875b60	87	#include <string.h>
iva2k	0:e614f7875b60	88
iva2k	0:e614f7875b60	89	#if 0 /* UNUSED */
iva2k	0:e614f7875b60	90	/* Bits in scan_authfile return value */
iva2k	0:e614f7875b60	91	#define NONWILD_SERVER 1
iva2k	0:e614f7875b60	92	#define NONWILD_CLIENT 2
iva2k	0:e614f7875b60	93
iva2k	0:e614f7875b60	94	#define ISWILD(word) (word[0] == '*' && word[1] == 0)
iva2k	0:e614f7875b60	95	#endif /* UNUSED */
iva2k	0:e614f7875b60	96
iva2k	0:e614f7875b60	97	#if PAP_SUPPORT \|\| CHAP_SUPPORT
iva2k	0:e614f7875b60	98	/* The name by which the peer authenticated itself to us. */
iva2k	0:e614f7875b60	99	static char peer_authname[MAXNAMELEN];
iva2k	0:e614f7875b60	100	#endif /* PAP_SUPPORT \|\| CHAP_SUPPORT */
iva2k	0:e614f7875b60	101
iva2k	0:e614f7875b60	102	/* Records which authentication operations haven't completed yet. */
iva2k	0:e614f7875b60	103	static int auth_pending[NUM_PPP];
iva2k	0:e614f7875b60	104
iva2k	0:e614f7875b60	105	/* Set if we have successfully called plogin() */
iva2k	0:e614f7875b60	106	static int logged_in;
iva2k	0:e614f7875b60	107
iva2k	0:e614f7875b60	108	/* Set if we have run the /etc/ppp/auth-up script. */
iva2k	0:e614f7875b60	109	static int did_authup; /* @todo, we don't need this in lwip*/
iva2k	0:e614f7875b60	110
iva2k	0:e614f7875b60	111	/* List of addresses which the peer may use. */
iva2k	0:e614f7875b60	112	static struct wordlist *addresses[NUM_PPP];
iva2k	0:e614f7875b60	113
iva2k	0:e614f7875b60	114	#if 0 /* UNUSED */
iva2k	0:e614f7875b60	115	/* Wordlist giving addresses which the peer may use
iva2k	0:e614f7875b60	116	without authenticating itself. */
iva2k	0:e614f7875b60	117	static struct wordlist *noauth_addrs;
iva2k	0:e614f7875b60	118
iva2k	0:e614f7875b60	119	/* Extra options to apply, from the secrets file entry for the peer. */
iva2k	0:e614f7875b60	120	static struct wordlist *extra_options;
iva2k	0:e614f7875b60	121	#endif /* UNUSED */
iva2k	0:e614f7875b60	122
iva2k	0:e614f7875b60	123	/* Number of network protocols which we have opened. */
iva2k	0:e614f7875b60	124	static int num_np_open;
iva2k	0:e614f7875b60	125
iva2k	0:e614f7875b60	126	/* Number of network protocols which have come up. */
iva2k	0:e614f7875b60	127	static int num_np_up;
iva2k	0:e614f7875b60	128
iva2k	0:e614f7875b60	129	#if PAP_SUPPORT \|\| CHAP_SUPPORT
iva2k	0:e614f7875b60	130	/* Set if we got the contents of passwd[] from the pap-secrets file. */
iva2k	0:e614f7875b60	131	static int passwd_from_file;
iva2k	0:e614f7875b60	132	#endif /* PAP_SUPPORT \|\| CHAP_SUPPORT */
iva2k	0:e614f7875b60	133
iva2k	0:e614f7875b60	134	#if 0 /* UNUSED */
iva2k	0:e614f7875b60	135	/* Set if we require authentication only because we have a default route. */
iva2k	0:e614f7875b60	136	static bool default_auth;
iva2k	0:e614f7875b60	137
iva2k	0:e614f7875b60	138	/* Hook to enable a plugin to control the idle time limit */
iva2k	0:e614f7875b60	139	int (idle_time_hook) __P((struct ppp_idle )) = NULL;
iva2k	0:e614f7875b60	140
iva2k	0:e614f7875b60	141	/* Hook for a plugin to say whether we can possibly authenticate any peer */
iva2k	0:e614f7875b60	142	int (*pap_check_hook) __P((void)) = NULL;
iva2k	0:e614f7875b60	143
iva2k	0:e614f7875b60	144	/* Hook for a plugin to check the PAP user and password */
iva2k	0:e614f7875b60	145	int (pap_auth_hook) __P((char user, char passwd, char *msgp,
iva2k	0:e614f7875b60	146	struct wordlist **paddrs,
iva2k	0:e614f7875b60	147	struct wordlist **popts)) = NULL;
iva2k	0:e614f7875b60	148
iva2k	0:e614f7875b60	149	/* Hook for a plugin to know about the PAP user logout */
iva2k	0:e614f7875b60	150	void (*pap_logout_hook) __P((void)) = NULL;
iva2k	0:e614f7875b60	151
iva2k	0:e614f7875b60	152	/* Hook for a plugin to get the PAP password for authenticating us */
iva2k	0:e614f7875b60	153	int (pap_passwd_hook) __P((char user, char *passwd)) = NULL;
iva2k	0:e614f7875b60	154
iva2k	0:e614f7875b60	155	/*
iva2k	0:e614f7875b60	156	* This is used to ensure that we don't start an auth-up/down
iva2k	0:e614f7875b60	157	* script while one is already running.
iva2k	0:e614f7875b60	158	*/
iva2k	0:e614f7875b60	159	enum script_state {
iva2k	0:e614f7875b60	160	s_down,
iva2k	0:e614f7875b60	161	s_up
iva2k	0:e614f7875b60	162	};
iva2k	0:e614f7875b60	163
iva2k	0:e614f7875b60	164	static enum script_state auth_state = s_down;
iva2k	0:e614f7875b60	165	static enum script_state auth_script_state = s_down;
iva2k	0:e614f7875b60	166	static pid_t auth_script_pid = 0;
iva2k	0:e614f7875b60	167
iva2k	0:e614f7875b60	168	/*
iva2k	0:e614f7875b60	169	* Option variables.
iva2k	0:e614f7875b60	170	* lwip: some of these are present in the ppp_settings structure
iva2k	0:e614f7875b60	171	*/
iva2k	0:e614f7875b60	172	bool uselogin = 0; /* Use /etc/passwd for checking PAP */
iva2k	0:e614f7875b60	173	bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */
iva2k	0:e614f7875b60	174	bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */
iva2k	0:e614f7875b60	175	bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */
iva2k	0:e614f7875b60	176	bool usehostname = 0; /* Use hostname for our_name */
iva2k	0:e614f7875b60	177	bool auth_required = 0; /* Always require authentication from peer */
iva2k	0:e614f7875b60	178	bool allow_any_ip = 0; /* Allow peer to use any IP address */
iva2k	0:e614f7875b60	179	bool explicit_remote = 0; /* User specified explicit remote name */
iva2k	0:e614f7875b60	180	char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
iva2k	0:e614f7875b60	181
iva2k	0:e614f7875b60	182	#endif /* UNUSED */
iva2k	0:e614f7875b60	183
iva2k	0:e614f7875b60	184	/* Bits in auth_pending[] */
iva2k	0:e614f7875b60	185	#define PAP_WITHPEER 1
iva2k	0:e614f7875b60	186	#define PAP_PEER 2
iva2k	0:e614f7875b60	187	#define CHAP_WITHPEER 4
iva2k	0:e614f7875b60	188	#define CHAP_PEER 8
iva2k	0:e614f7875b60	189
iva2k	0:e614f7875b60	190	/* @todo, move this somewhere */
iva2k	0:e614f7875b60	191	/* Used for storing a sequence of words. Usually malloced. */
iva2k	0:e614f7875b60	192	struct wordlist {
iva2k	0:e614f7875b60	193	struct wordlist *next;
iva2k	0:e614f7875b60	194	char word[1];
iva2k	0:e614f7875b60	195	};
iva2k	0:e614f7875b60	196
iva2k	0:e614f7875b60	197
iva2k	0:e614f7875b60	198	extern char crypt (const char , const char *);
iva2k	0:e614f7875b60	199
iva2k	0:e614f7875b60	200	/* Prototypes for procedures local to this file. */
iva2k	0:e614f7875b60	201
iva2k	0:e614f7875b60	202	static void network_phase (int);
iva2k	0:e614f7875b60	203	static void check_idle (void *);
iva2k	0:e614f7875b60	204	static void connect_time_expired (void *);
iva2k	0:e614f7875b60	205	#if 0
iva2k	0:e614f7875b60	206	static int plogin (char , char , char *, int );
iva2k	0:e614f7875b60	207	#endif
iva2k	0:e614f7875b60	208	static void plogout (void);
iva2k	0:e614f7875b60	209	static int null_login (int);
iva2k	0:e614f7875b60	210	static int get_pap_passwd (int, char , char );
iva2k	0:e614f7875b60	211	static int have_pap_secret (void);
iva2k	0:e614f7875b60	212	static int have_chap_secret (char , char , u32_t);
iva2k	0:e614f7875b60	213	static int ip_addr_check (u32_t, struct wordlist *);
iva2k	0:e614f7875b60	214
iva2k	0:e614f7875b60	215	#if 0 /* PAP_SUPPORT \|\| CHAP_SUPPORT */
iva2k	0:e614f7875b60	216	static int scan_authfile (FILE , char , char , char ,
iva2k	0:e614f7875b60	217	struct wordlist , struct wordlist ,
iva2k	0:e614f7875b60	218	char *);
iva2k	0:e614f7875b60	219	static void free_wordlist (struct wordlist *);
iva2k	0:e614f7875b60	220	static void auth_script (char *);
iva2k	0:e614f7875b60	221	static void auth_script_done (void *);
iva2k	0:e614f7875b60	222	static void set_allowed_addrs (int unit, struct wordlist *addrs);
iva2k	0:e614f7875b60	223	static int some_ip_ok (struct wordlist *);
iva2k	0:e614f7875b60	224	static int setupapfile (char **);
iva2k	0:e614f7875b60	225	static int privgroup (char **);
iva2k	0:e614f7875b60	226	static int set_noauth_addr (char **);
iva2k	0:e614f7875b60	227	static void check_access (FILE , char );
iva2k	0:e614f7875b60	228	#endif /* 0 / / PAP_SUPPORT \|\| CHAP_SUPPORT */
iva2k	0:e614f7875b60	229
iva2k	0:e614f7875b60	230	#if 0 /* UNUSED */
iva2k	0:e614f7875b60	231	/*
iva2k	0:e614f7875b60	232	* Authentication-related options.
iva2k	0:e614f7875b60	233	*/
iva2k	0:e614f7875b60	234	option_t auth_options[] = {
iva2k	0:e614f7875b60	235	{ "require-pap", o_bool, &lcp_wantoptions[0].neg_upap,
iva2k	0:e614f7875b60	236	"Require PAP authentication from peer", 1, &auth_required },
iva2k	0:e614f7875b60	237	{ "+pap", o_bool, &lcp_wantoptions[0].neg_upap,
iva2k	0:e614f7875b60	238	"Require PAP authentication from peer", 1, &auth_required },
iva2k	0:e614f7875b60	239	{ "refuse-pap", o_bool, &refuse_pap,
iva2k	0:e614f7875b60	240	"Don't agree to auth to peer with PAP", 1 },
iva2k	0:e614f7875b60	241	{ "-pap", o_bool, &refuse_pap,
iva2k	0:e614f7875b60	242	"Don't allow PAP authentication with peer", 1 },
iva2k	0:e614f7875b60	243	{ "require-chap", o_bool, &lcp_wantoptions[0].neg_chap,
iva2k	0:e614f7875b60	244	"Require CHAP authentication from peer", 1, &auth_required },
iva2k	0:e614f7875b60	245	{ "+chap", o_bool, &lcp_wantoptions[0].neg_chap,
iva2k	0:e614f7875b60	246	"Require CHAP authentication from peer", 1, &auth_required },
iva2k	0:e614f7875b60	247	{ "refuse-chap", o_bool, &refuse_chap,
iva2k	0:e614f7875b60	248	"Don't agree to auth to peer with CHAP", 1 },
iva2k	0:e614f7875b60	249	{ "-chap", o_bool, &refuse_chap,
iva2k	0:e614f7875b60	250	"Don't allow CHAP authentication with peer", 1 },
iva2k	0:e614f7875b60	251	{ "name", o_string, our_name,
iva2k	0:e614f7875b60	252	"Set local name for authentication",
iva2k	0:e614f7875b60	253	OPT_PRIV\|OPT_STATIC, NULL, MAXNAMELEN },
iva2k	0:e614f7875b60	254	{ "user", o_string, user,
iva2k	0:e614f7875b60	255	"Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN },
iva2k	0:e614f7875b60	256	{ "usehostname", o_bool, &usehostname,
iva2k	0:e614f7875b60	257	"Must use hostname for authentication", 1 },
iva2k	0:e614f7875b60	258	{ "remotename", o_string, remote_name,
iva2k	0:e614f7875b60	259	"Set remote name for authentication", OPT_STATIC,
iva2k	0:e614f7875b60	260	&explicit_remote, MAXNAMELEN },
iva2k	0:e614f7875b60	261	{ "auth", o_bool, &auth_required,
iva2k	0:e614f7875b60	262	"Require authentication from peer", 1 },
iva2k	0:e614f7875b60	263	{ "noauth", o_bool, &auth_required,
iva2k	0:e614f7875b60	264	"Don't require peer to authenticate", OPT_PRIV, &allow_any_ip },
iva2k	0:e614f7875b60	265	{ "login", o_bool, &uselogin,
iva2k	0:e614f7875b60	266	"Use system password database for PAP", 1 },
iva2k	0:e614f7875b60	267	{ "papcrypt", o_bool, &cryptpap,
iva2k	0:e614f7875b60	268	"PAP passwords are encrypted", 1 },
iva2k	0:e614f7875b60	269	{ "+ua", o_special, (void *)setupapfile,
iva2k	0:e614f7875b60	270	"Get PAP user and password from file" },
iva2k	0:e614f7875b60	271	{ "password", o_string, passwd,
iva2k	0:e614f7875b60	272	"Password for authenticating us to the peer", OPT_STATIC,
iva2k	0:e614f7875b60	273	NULL, MAXSECRETLEN },
iva2k	0:e614f7875b60	274	{ "privgroup", o_special, (void *)privgroup,
iva2k	0:e614f7875b60	275	"Allow group members to use privileged options", OPT_PRIV },
iva2k	0:e614f7875b60	276	{ "allow-ip", o_special, (void *)set_noauth_addr,
iva2k	0:e614f7875b60	277	"Set IP address(es) which can be used without authentication",
iva2k	0:e614f7875b60	278	OPT_PRIV },
iva2k	0:e614f7875b60	279	{ NULL }
iva2k	0:e614f7875b60	280	};
iva2k	0:e614f7875b60	281	#endif /* UNUSED */
iva2k	0:e614f7875b60	282	#if 0 /* UNUSED */
iva2k	0:e614f7875b60	283	/*
iva2k	0:e614f7875b60	284	* setupapfile - specifies UPAP info for authenticating with peer.
iva2k	0:e614f7875b60	285	*/
iva2k	0:e614f7875b60	286	static int
iva2k	0:e614f7875b60	287	setupapfile(char **argv)
iva2k	0:e614f7875b60	288	{
iva2k	0:e614f7875b60	289	FILE * ufile;
iva2k	0:e614f7875b60	290	int l;
iva2k	0:e614f7875b60	291
iva2k	0:e614f7875b60	292	lcp_allowoptions[0].neg_upap = 1;
iva2k	0:e614f7875b60	293
iva2k	0:e614f7875b60	294	/* open user info file */
iva2k	0:e614f7875b60	295	seteuid(getuid());
iva2k	0:e614f7875b60	296	ufile = fopen(*argv, "r");
iva2k	0:e614f7875b60	297	seteuid(0);
iva2k	0:e614f7875b60	298	if (ufile == NULL) {
iva2k	0:e614f7875b60	299	option_error("unable to open user login data file %s", *argv);
iva2k	0:e614f7875b60	300	return 0;
iva2k	0:e614f7875b60	301	}
iva2k	0:e614f7875b60	302	check_access(ufile, *argv);
iva2k	0:e614f7875b60	303
iva2k	0:e614f7875b60	304	/* get username */
iva2k	0:e614f7875b60	305	if (fgets(user, MAXNAMELEN - 1, ufile) == NULL
iva2k	0:e614f7875b60	306	\|\| fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){
iva2k	0:e614f7875b60	307	option_error("unable to read user login data file %s", *argv);
iva2k	0:e614f7875b60	308	return 0;
iva2k	0:e614f7875b60	309	}
iva2k	0:e614f7875b60	310	fclose(ufile);
iva2k	0:e614f7875b60	311
iva2k	0:e614f7875b60	312	/* get rid of newlines */
iva2k	0:e614f7875b60	313	l = strlen(user);
iva2k	0:e614f7875b60	314	if (l > 0 && user[l-1] == '\n')
iva2k	0:e614f7875b60	315	user[l-1] = 0;
iva2k	0:e614f7875b60	316	l = strlen(passwd);
iva2k	0:e614f7875b60	317	if (l > 0 && passwd[l-1] == '\n')
iva2k	0:e614f7875b60	318	passwd[l-1] = 0;
iva2k	0:e614f7875b60	319
iva2k	0:e614f7875b60	320	return (1);
iva2k	0:e614f7875b60	321	}
iva2k	0:e614f7875b60	322	#endif /* UNUSED */
iva2k	0:e614f7875b60	323
iva2k	0:e614f7875b60	324	#if 0 /* UNUSED */
iva2k	0:e614f7875b60	325	/*
iva2k	0:e614f7875b60	326	* privgroup - allow members of the group to have privileged access.
iva2k	0:e614f7875b60	327	*/
iva2k	0:e614f7875b60	328	static int
iva2k	0:e614f7875b60	329	privgroup(char **argv)
iva2k	0:e614f7875b60	330	{
iva2k	0:e614f7875b60	331	struct group *g;
iva2k	0:e614f7875b60	332	int i;
iva2k	0:e614f7875b60	333
iva2k	0:e614f7875b60	334	g = getgrnam(*argv);
iva2k	0:e614f7875b60	335	if (g == 0) {
iva2k	0:e614f7875b60	336	option_error("group %s is unknown", *argv);
iva2k	0:e614f7875b60	337	return 0;
iva2k	0:e614f7875b60	338	}
iva2k	0:e614f7875b60	339	for (i = 0; i < ngroups; ++i) {
iva2k	0:e614f7875b60	340	if (groups[i] == g->gr_gid) {
iva2k	0:e614f7875b60	341	privileged = 1;
iva2k	0:e614f7875b60	342	break;
iva2k	0:e614f7875b60	343	}
iva2k	0:e614f7875b60	344	}
iva2k	0:e614f7875b60	345	return 1;
iva2k	0:e614f7875b60	346	}
iva2k	0:e614f7875b60	347	#endif
iva2k	0:e614f7875b60	348
iva2k	0:e614f7875b60	349	#if 0 /* UNUSED */
iva2k	0:e614f7875b60	350	/*
iva2k	0:e614f7875b60	351	* set_noauth_addr - set address(es) that can be used without authentication.
iva2k	0:e614f7875b60	352	* Equivalent to specifying an entry like `"" * "" addr' in pap-secrets.
iva2k	0:e614f7875b60	353	*/
iva2k	0:e614f7875b60	354	static int
iva2k	0:e614f7875b60	355	set_noauth_addr(char **argv)
iva2k	0:e614f7875b60	356	{
iva2k	0:e614f7875b60	357	char addr = argv;
iva2k	0:e614f7875b60	358	int l = strlen(addr);
iva2k	0:e614f7875b60	359	struct wordlist *wp;
iva2k	0:e614f7875b60	360
iva2k	0:e614f7875b60	361	wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l + 1);
iva2k	0:e614f7875b60	362	if (wp == NULL)
iva2k	0:e614f7875b60	363	novm("allow-ip argument");
iva2k	0:e614f7875b60	364	wp->word = (char *) (wp + 1);
iva2k	0:e614f7875b60	365	wp->next = noauth_addrs;
iva2k	0:e614f7875b60	366	BCOPY(addr, wp->word, l);
iva2k	0:e614f7875b60	367	noauth_addrs = wp;
iva2k	0:e614f7875b60	368	return 1;
iva2k	0:e614f7875b60	369	}
iva2k	0:e614f7875b60	370	#endif /* UNUSED */
iva2k	0:e614f7875b60	371
iva2k	0:e614f7875b60	372	/*
iva2k	0:e614f7875b60	373	* An Open on LCP has requested a change from Dead to Establish phase.
iva2k	0:e614f7875b60	374	* Do what's necessary to bring the physical layer up.
iva2k	0:e614f7875b60	375	*/
iva2k	0:e614f7875b60	376	void
iva2k	0:e614f7875b60	377	link_required(int unit)
iva2k	0:e614f7875b60	378	{
iva2k	0:e614f7875b60	379	LWIP_UNUSED_ARG(unit);
iva2k	0:e614f7875b60	380
iva2k	0:e614f7875b60	381	AUTHDEBUG(LOG_INFO, ("link_required: %d\n", unit));
iva2k	0:e614f7875b60	382	}
iva2k	0:e614f7875b60	383
iva2k	0:e614f7875b60	384	/*
iva2k	0:e614f7875b60	385	* LCP has terminated the link; go to the Dead phase and take the
iva2k	0:e614f7875b60	386	* physical layer down.
iva2k	0:e614f7875b60	387	*/
iva2k	0:e614f7875b60	388	void
iva2k	0:e614f7875b60	389	link_terminated(int unit)
iva2k	0:e614f7875b60	390	{
iva2k	0:e614f7875b60	391	AUTHDEBUG(LOG_INFO, ("link_terminated: %d\n", unit));
iva2k	0:e614f7875b60	392	if (lcp_phase[unit] == PHASE_DEAD) {
iva2k	0:e614f7875b60	393	return;
iva2k	0:e614f7875b60	394	}
iva2k	0:e614f7875b60	395	if (logged_in) {
iva2k	0:e614f7875b60	396	plogout();
iva2k	0:e614f7875b60	397	}
iva2k	0:e614f7875b60	398	lcp_phase[unit] = PHASE_DEAD;
iva2k	0:e614f7875b60	399	AUTHDEBUG(LOG_NOTICE, ("Connection terminated.\n"));
iva2k	0:e614f7875b60	400	pppLinkTerminated(unit);
iva2k	0:e614f7875b60	401	}
iva2k	0:e614f7875b60	402
iva2k	0:e614f7875b60	403	/*
iva2k	0:e614f7875b60	404	* LCP has gone down; it will either die or try to re-establish.
iva2k	0:e614f7875b60	405	*/
iva2k	0:e614f7875b60	406	void
iva2k	0:e614f7875b60	407	link_down(int unit)
iva2k	0:e614f7875b60	408	{
iva2k	0:e614f7875b60	409	int i;
iva2k	0:e614f7875b60	410	struct protent *protp;
iva2k	0:e614f7875b60	411
iva2k	0:e614f7875b60	412	AUTHDEBUG(LOG_INFO, ("link_down: %d\n", unit));
iva2k	0:e614f7875b60	413
iva2k	0:e614f7875b60	414	if (did_authup) {
iva2k	0:e614f7875b60	415	/* XXX Do link down processing. */
iva2k	0:e614f7875b60	416	did_authup = 0;
iva2k	0:e614f7875b60	417	}
iva2k	0:e614f7875b60	418	for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
iva2k	0:e614f7875b60	419	if (!protp->enabled_flag) {
iva2k	0:e614f7875b60	420	continue;
iva2k	0:e614f7875b60	421	}
iva2k	0:e614f7875b60	422	if (protp->protocol != PPP_LCP && protp->lowerdown != NULL) {
iva2k	0:e614f7875b60	423	(*protp->lowerdown)(unit);
iva2k	0:e614f7875b60	424	}
iva2k	0:e614f7875b60	425	if (protp->protocol < 0xC000 && protp->close != NULL) {
iva2k	0:e614f7875b60	426	(*protp->close)(unit, "LCP down");
iva2k	0:e614f7875b60	427	}
iva2k	0:e614f7875b60	428	}
iva2k	0:e614f7875b60	429	num_np_open = 0; /* number of network protocols we have opened */
iva2k	0:e614f7875b60	430	num_np_up = 0; /* Number of network protocols which have come up */
iva2k	0:e614f7875b60	431
iva2k	0:e614f7875b60	432	if (lcp_phase[unit] != PHASE_DEAD) {
iva2k	0:e614f7875b60	433	lcp_phase[unit] = PHASE_TERMINATE;
iva2k	0:e614f7875b60	434	}
iva2k	0:e614f7875b60	435	pppLinkDown(unit);
iva2k	0:e614f7875b60	436	}
iva2k	0:e614f7875b60	437
iva2k	0:e614f7875b60	438	/*
iva2k	0:e614f7875b60	439	* The link is established.
iva2k	0:e614f7875b60	440	* Proceed to the Dead, Authenticate or Network phase as appropriate.
iva2k	0:e614f7875b60	441	*/
iva2k	0:e614f7875b60	442	void
iva2k	0:e614f7875b60	443	link_established(int unit)
iva2k	0:e614f7875b60	444	{
iva2k	0:e614f7875b60	445	int auth;
iva2k	0:e614f7875b60	446	int i;
iva2k	0:e614f7875b60	447	struct protent *protp;
iva2k	0:e614f7875b60	448	lcp_options *wo = &lcp_wantoptions[unit];
iva2k	0:e614f7875b60	449	lcp_options *go = &lcp_gotoptions[unit];
iva2k	0:e614f7875b60	450	#if PAP_SUPPORT \|\| CHAP_SUPPORT
iva2k	0:e614f7875b60	451	lcp_options *ho = &lcp_hisoptions[unit];
iva2k	0:e614f7875b60	452	#endif /* PAP_SUPPORT \|\| CHAP_SUPPORT */
iva2k	0:e614f7875b60	453
iva2k	0:e614f7875b60	454	AUTHDEBUG(LOG_INFO, ("link_established: unit %d; Lowering up all protocols...\n", unit));
iva2k	0:e614f7875b60	455	/*
iva2k	0:e614f7875b60	456	* Tell higher-level protocols that LCP is up.
iva2k	0:e614f7875b60	457	*/
iva2k	0:e614f7875b60	458	for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
iva2k	0:e614f7875b60	459	if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL) {
iva2k	0:e614f7875b60	460	(*protp->lowerup)(unit);
iva2k	0:e614f7875b60	461	}
iva2k	0:e614f7875b60	462	}
iva2k	0:e614f7875b60	463	if (ppp_settings.auth_required && !(go->neg_chap \|\| go->neg_upap)) {
iva2k	0:e614f7875b60	464	/*
iva2k	0:e614f7875b60	465	* We wanted the peer to authenticate itself, and it refused:
iva2k	0:e614f7875b60	466	* treat it as though it authenticated with PAP using a username
iva2k	0:e614f7875b60	467	* of "" and a password of "". If that's not OK, boot it out.
iva2k	0:e614f7875b60	468	*/
iva2k	0:e614f7875b60	469	if (!wo->neg_upap \|\| !null_login(unit)) {
iva2k	0:e614f7875b60	470	AUTHDEBUG(LOG_WARNING, ("peer refused to authenticate\n"));
iva2k	0:e614f7875b60	471	lcp_close(unit, "peer refused to authenticate");
iva2k	0:e614f7875b60	472	return;
iva2k	0:e614f7875b60	473	}
iva2k	0:e614f7875b60	474	}
iva2k	0:e614f7875b60	475
iva2k	0:e614f7875b60	476	lcp_phase[unit] = PHASE_AUTHENTICATE;
iva2k	0:e614f7875b60	477	auth = 0;
iva2k	0:e614f7875b60	478	#if CHAP_SUPPORT
iva2k	0:e614f7875b60	479	if (go->neg_chap) {
iva2k	0:e614f7875b60	480	ChapAuthPeer(unit, ppp_settings.our_name, go->chap_mdtype);
iva2k	0:e614f7875b60	481	auth \|= CHAP_PEER;
iva2k	0:e614f7875b60	482	}
iva2k	0:e614f7875b60	483	#endif /* CHAP_SUPPORT */
iva2k	0:e614f7875b60	484	#if PAP_SUPPORT && CHAP_SUPPORT
iva2k	0:e614f7875b60	485	else
iva2k	0:e614f7875b60	486	#endif /* PAP_SUPPORT && CHAP_SUPPORT */
iva2k	0:e614f7875b60	487	#if PAP_SUPPORT
iva2k	0:e614f7875b60	488	if (go->neg_upap) {
iva2k	0:e614f7875b60	489	upap_authpeer(unit);
iva2k	0:e614f7875b60	490	auth \|= PAP_PEER;
iva2k	0:e614f7875b60	491	}
iva2k	0:e614f7875b60	492	#endif /* PAP_SUPPORT */
iva2k	0:e614f7875b60	493	#if CHAP_SUPPORT
iva2k	0:e614f7875b60	494	if (ho->neg_chap) {
iva2k	0:e614f7875b60	495	ChapAuthWithPeer(unit, ppp_settings.user, ho->chap_mdtype);
iva2k	0:e614f7875b60	496	auth \|= CHAP_WITHPEER;
iva2k	0:e614f7875b60	497	}
iva2k	0:e614f7875b60	498	#endif /* CHAP_SUPPORT */
iva2k	0:e614f7875b60	499	#if PAP_SUPPORT && CHAP_SUPPORT
iva2k	0:e614f7875b60	500	else
iva2k	0:e614f7875b60	501	#endif /* PAP_SUPPORT && CHAP_SUPPORT */
iva2k	0:e614f7875b60	502	#if PAP_SUPPORT
iva2k	0:e614f7875b60	503	if (ho->neg_upap) {
iva2k	0:e614f7875b60	504	if (ppp_settings.passwd[0] == 0) {
iva2k	0:e614f7875b60	505	passwd_from_file = 1;
iva2k	0:e614f7875b60	506	if (!get_pap_passwd(unit, ppp_settings.user, ppp_settings.passwd)) {
iva2k	0:e614f7875b60	507	AUTHDEBUG(LOG_ERR, ("No secret found for PAP login\n"));
iva2k	0:e614f7875b60	508	}
iva2k	0:e614f7875b60	509	}
iva2k	0:e614f7875b60	510	upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd);
iva2k	0:e614f7875b60	511	auth \|= PAP_WITHPEER;
iva2k	0:e614f7875b60	512	}
iva2k	0:e614f7875b60	513	#endif /* PAP_SUPPORT */
iva2k	0:e614f7875b60	514	auth_pending[unit] = auth;
iva2k	0:e614f7875b60	515
iva2k	0:e614f7875b60	516	if (!auth) {
iva2k	0:e614f7875b60	517	network_phase(unit);
iva2k	0:e614f7875b60	518	}
iva2k	0:e614f7875b60	519	}
iva2k	0:e614f7875b60	520
iva2k	0:e614f7875b60	521	/*
iva2k	0:e614f7875b60	522	* Proceed to the network phase.
iva2k	0:e614f7875b60	523	*/
iva2k	0:e614f7875b60	524	static void
iva2k	0:e614f7875b60	525	network_phase(int unit)
iva2k	0:e614f7875b60	526	{
iva2k	0:e614f7875b60	527	int i;
iva2k	0:e614f7875b60	528	struct protent *protp;
iva2k	0:e614f7875b60	529	lcp_options *go = &lcp_gotoptions[unit];
iva2k	0:e614f7875b60	530
iva2k	0:e614f7875b60	531	/*
iva2k	0:e614f7875b60	532	* If the peer had to authenticate, run the auth-up script now.
iva2k	0:e614f7875b60	533	*/
iva2k	0:e614f7875b60	534	if ((go->neg_chap \|\| go->neg_upap) && !did_authup) {
iva2k	0:e614f7875b60	535	/* XXX Do setup for peer authentication. */
iva2k	0:e614f7875b60	536	did_authup = 1;
iva2k	0:e614f7875b60	537	}
iva2k	0:e614f7875b60	538
iva2k	0:e614f7875b60	539	#if CBCP_SUPPORT
iva2k	0:e614f7875b60	540	/*
iva2k	0:e614f7875b60	541	* If we negotiated callback, do it now.
iva2k	0:e614f7875b60	542	*/
iva2k	0:e614f7875b60	543	if (go->neg_cbcp) {
iva2k	0:e614f7875b60	544	lcp_phase[unit] = PHASE_CALLBACK;
iva2k	0:e614f7875b60	545	(*cbcp_protent.open)(unit);
iva2k	0:e614f7875b60	546	return;
iva2k	0:e614f7875b60	547	}
iva2k	0:e614f7875b60	548	#endif /* CBCP_SUPPORT */
iva2k	0:e614f7875b60	549
iva2k	0:e614f7875b60	550	lcp_phase[unit] = PHASE_NETWORK;
iva2k	0:e614f7875b60	551	for (i = 0; (protp = ppp_protocols[i]) != NULL; ++i) {
iva2k	0:e614f7875b60	552	if (protp->protocol < 0xC000 && protp->enabled_flag && protp->open != NULL) {
iva2k	0:e614f7875b60	553	(*protp->open)(unit);
iva2k	0:e614f7875b60	554	if (protp->protocol != PPP_CCP) {
iva2k	0:e614f7875b60	555	++num_np_open;
iva2k	0:e614f7875b60	556	}
iva2k	0:e614f7875b60	557	}
iva2k	0:e614f7875b60	558	}
iva2k	0:e614f7875b60	559
iva2k	0:e614f7875b60	560	if (num_np_open == 0) {
iva2k	0:e614f7875b60	561	/* nothing to do */
iva2k	0:e614f7875b60	562	lcp_close(0, "No network protocols running");
iva2k	0:e614f7875b60	563	}
iva2k	0:e614f7875b60	564	}
iva2k	0:e614f7875b60	565	/* @todo: add void start_networks(void) here (pppd 2.3.11) */
iva2k	0:e614f7875b60	566
iva2k	0:e614f7875b60	567	/*
iva2k	0:e614f7875b60	568	* The peer has failed to authenticate himself using `protocol'.
iva2k	0:e614f7875b60	569	*/
iva2k	0:e614f7875b60	570	void
iva2k	0:e614f7875b60	571	auth_peer_fail(int unit, u16_t protocol)
iva2k	0:e614f7875b60	572	{
iva2k	0:e614f7875b60	573	LWIP_UNUSED_ARG(protocol);
iva2k	0:e614f7875b60	574
iva2k	0:e614f7875b60	575	AUTHDEBUG(LOG_INFO, ("auth_peer_fail: %d proto=%X\n", unit, protocol));
iva2k	0:e614f7875b60	576	/*
iva2k	0:e614f7875b60	577	* Authentication failure: take the link down
iva2k	0:e614f7875b60	578	*/
iva2k	0:e614f7875b60	579	lcp_close(unit, "Authentication failed");
iva2k	0:e614f7875b60	580	}
iva2k	0:e614f7875b60	581
iva2k	0:e614f7875b60	582
iva2k	0:e614f7875b60	583	#if PAP_SUPPORT \|\| CHAP_SUPPORT
iva2k	0:e614f7875b60	584	/*
iva2k	0:e614f7875b60	585	* The peer has been successfully authenticated using `protocol'.
iva2k	0:e614f7875b60	586	*/
iva2k	0:e614f7875b60	587	void
iva2k	0:e614f7875b60	588	auth_peer_success(int unit, u16_t protocol, char *name, int namelen)
iva2k	0:e614f7875b60	589	{
iva2k	0:e614f7875b60	590	int pbit;
iva2k	0:e614f7875b60	591
iva2k	0:e614f7875b60	592	AUTHDEBUG(LOG_INFO, ("auth_peer_success: %d proto=%X\n", unit, protocol));
iva2k	0:e614f7875b60	593	switch (protocol) {
iva2k	0:e614f7875b60	594	case PPP_CHAP:
iva2k	0:e614f7875b60	595	pbit = CHAP_PEER;
iva2k	0:e614f7875b60	596	break;
iva2k	0:e614f7875b60	597	case PPP_PAP:
iva2k	0:e614f7875b60	598	pbit = PAP_PEER;
iva2k	0:e614f7875b60	599	break;
iva2k	0:e614f7875b60	600	default:
iva2k	0:e614f7875b60	601	AUTHDEBUG(LOG_WARNING, ("auth_peer_success: unknown protocol %x\n", protocol));
iva2k	0:e614f7875b60	602	return;
iva2k	0:e614f7875b60	603	}
iva2k	0:e614f7875b60	604
iva2k	0:e614f7875b60	605	/*
iva2k	0:e614f7875b60	606	* Save the authenticated name of the peer for later.
iva2k	0:e614f7875b60	607	*/
iva2k	0:e614f7875b60	608	if (namelen > (int)sizeof(peer_authname) - 1) {
iva2k	0:e614f7875b60	609	namelen = sizeof(peer_authname) - 1;
iva2k	0:e614f7875b60	610	}
iva2k	0:e614f7875b60	611	BCOPY(name, peer_authname, namelen);
iva2k	0:e614f7875b60	612	peer_authname[namelen] = 0;
iva2k	0:e614f7875b60	613
iva2k	0:e614f7875b60	614	/*
iva2k	0:e614f7875b60	615	* If there is no more authentication still to be done,
iva2k	0:e614f7875b60	616	* proceed to the network (or callback) phase.
iva2k	0:e614f7875b60	617	*/
iva2k	0:e614f7875b60	618	if ((auth_pending[unit] &= ~pbit) == 0) {
iva2k	0:e614f7875b60	619	network_phase(unit);
iva2k	0:e614f7875b60	620	}
iva2k	0:e614f7875b60	621	}
iva2k	0:e614f7875b60	622
iva2k	0:e614f7875b60	623	/*
iva2k	0:e614f7875b60	624	* We have failed to authenticate ourselves to the peer using `protocol'.
iva2k	0:e614f7875b60	625	*/
iva2k	0:e614f7875b60	626	void
iva2k	0:e614f7875b60	627	auth_withpeer_fail(int unit, u16_t protocol)
iva2k	0:e614f7875b60	628	{
iva2k	0:e614f7875b60	629	int errCode = PPPERR_AUTHFAIL;
iva2k	0:e614f7875b60	630
iva2k	0:e614f7875b60	631	LWIP_UNUSED_ARG(protocol);
iva2k	0:e614f7875b60	632
iva2k	0:e614f7875b60	633	AUTHDEBUG(LOG_INFO, ("auth_withpeer_fail: %d proto=%X\n", unit, protocol));
iva2k	0:e614f7875b60	634	if (passwd_from_file) {
iva2k	0:e614f7875b60	635	BZERO(ppp_settings.passwd, MAXSECRETLEN);
iva2k	0:e614f7875b60	636	}
iva2k	0:e614f7875b60	637	/*
iva2k	0:e614f7875b60	638	* XXX Warning: the unit number indicates the interface which is
iva2k	0:e614f7875b60	639	* not necessarily the PPP connection. It works here as long
iva2k	0:e614f7875b60	640	* as we are only supporting PPP interfaces.
iva2k	0:e614f7875b60	641	*/
iva2k	0:e614f7875b60	642	/* @todo: Remove pppIOCtl, it is not used anywhere else.
iva2k	0:e614f7875b60	643	Instead, directly set errCode. */
iva2k	0:e614f7875b60	644	pppIOCtl(unit, PPPCTLS_ERRCODE, &errCode);
iva2k	0:e614f7875b60	645
iva2k	0:e614f7875b60	646	/*
iva2k	0:e614f7875b60	647	* We've failed to authenticate ourselves to our peer.
iva2k	0:e614f7875b60	648	* He'll probably take the link down, and there's not much
iva2k	0:e614f7875b60	649	* we can do except wait for that.
iva2k	0:e614f7875b60	650	*/
iva2k	0:e614f7875b60	651	}
iva2k	0:e614f7875b60	652
iva2k	0:e614f7875b60	653	/*
iva2k	0:e614f7875b60	654	* We have successfully authenticated ourselves with the peer using `protocol'.
iva2k	0:e614f7875b60	655	*/
iva2k	0:e614f7875b60	656	void
iva2k	0:e614f7875b60	657	auth_withpeer_success(int unit, u16_t protocol)
iva2k	0:e614f7875b60	658	{
iva2k	0:e614f7875b60	659	int pbit;
iva2k	0:e614f7875b60	660
iva2k	0:e614f7875b60	661	AUTHDEBUG(LOG_INFO, ("auth_withpeer_success: %d proto=%X\n", unit, protocol));
iva2k	0:e614f7875b60	662	switch (protocol) {
iva2k	0:e614f7875b60	663	case PPP_CHAP:
iva2k	0:e614f7875b60	664	pbit = CHAP_WITHPEER;
iva2k	0:e614f7875b60	665	break;
iva2k	0:e614f7875b60	666	case PPP_PAP:
iva2k	0:e614f7875b60	667	if (passwd_from_file) {
iva2k	0:e614f7875b60	668	BZERO(ppp_settings.passwd, MAXSECRETLEN);
iva2k	0:e614f7875b60	669	}
iva2k	0:e614f7875b60	670	pbit = PAP_WITHPEER;
iva2k	0:e614f7875b60	671	break;
iva2k	0:e614f7875b60	672	default:
iva2k	0:e614f7875b60	673	AUTHDEBUG(LOG_WARNING, ("auth_peer_success: unknown protocol %x\n", protocol));
iva2k	0:e614f7875b60	674	pbit = 0;
iva2k	0:e614f7875b60	675	}
iva2k	0:e614f7875b60	676
iva2k	0:e614f7875b60	677	/*
iva2k	0:e614f7875b60	678	* If there is no more authentication still being done,
iva2k	0:e614f7875b60	679	* proceed to the network (or callback) phase.
iva2k	0:e614f7875b60	680	*/
iva2k	0:e614f7875b60	681	if ((auth_pending[unit] &= ~pbit) == 0) {
iva2k	0:e614f7875b60	682	network_phase(unit);
iva2k	0:e614f7875b60	683	}
iva2k	0:e614f7875b60	684	}
iva2k	0:e614f7875b60	685	#endif /* PAP_SUPPORT \|\| CHAP_SUPPORT */
iva2k	0:e614f7875b60	686
iva2k	0:e614f7875b60	687
iva2k	0:e614f7875b60	688	/*
iva2k	0:e614f7875b60	689	* np_up - a network protocol has come up.
iva2k	0:e614f7875b60	690	*/
iva2k	0:e614f7875b60	691	void
iva2k	0:e614f7875b60	692	np_up(int unit, u16_t proto)
iva2k	0:e614f7875b60	693	{
iva2k	0:e614f7875b60	694	LWIP_UNUSED_ARG(unit);
iva2k	0:e614f7875b60	695	LWIP_UNUSED_ARG(proto);
iva2k	0:e614f7875b60	696
iva2k	0:e614f7875b60	697	AUTHDEBUG(LOG_INFO, ("np_up: %d proto=%X\n", unit, proto));
iva2k	0:e614f7875b60	698	if (num_np_up == 0) {
iva2k	0:e614f7875b60	699	AUTHDEBUG(LOG_INFO, ("np_up: maxconnect=%d idle_time_limit=%d\n",ppp_settings.maxconnect,ppp_settings.idle_time_limit));
iva2k	0:e614f7875b60	700	/*
iva2k	0:e614f7875b60	701	* At this point we consider that the link has come up successfully.
iva2k	0:e614f7875b60	702	*/
iva2k	0:e614f7875b60	703	if (ppp_settings.idle_time_limit > 0) {
iva2k	0:e614f7875b60	704	TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit);
iva2k	0:e614f7875b60	705	}
iva2k	0:e614f7875b60	706
iva2k	0:e614f7875b60	707	/*
iva2k	0:e614f7875b60	708	* Set a timeout to close the connection once the maximum
iva2k	0:e614f7875b60	709	* connect time has expired.
iva2k	0:e614f7875b60	710	*/
iva2k	0:e614f7875b60	711	if (ppp_settings.maxconnect > 0) {
iva2k	0:e614f7875b60	712	TIMEOUT(connect_time_expired, 0, ppp_settings.maxconnect);
iva2k	0:e614f7875b60	713	}
iva2k	0:e614f7875b60	714	}
iva2k	0:e614f7875b60	715	++num_np_up;
iva2k	0:e614f7875b60	716	}
iva2k	0:e614f7875b60	717
iva2k	0:e614f7875b60	718	/*
iva2k	0:e614f7875b60	719	* np_down - a network protocol has gone down.
iva2k	0:e614f7875b60	720	*/
iva2k	0:e614f7875b60	721	void
iva2k	0:e614f7875b60	722	np_down(int unit, u16_t proto)
iva2k	0:e614f7875b60	723	{
iva2k	0:e614f7875b60	724	LWIP_UNUSED_ARG(unit);
iva2k	0:e614f7875b60	725	LWIP_UNUSED_ARG(proto);
iva2k	0:e614f7875b60	726
iva2k	0:e614f7875b60	727	AUTHDEBUG(LOG_INFO, ("np_down: %d proto=%X\n", unit, proto));
iva2k	0:e614f7875b60	728	if (--num_np_up == 0 && ppp_settings.idle_time_limit > 0) {
iva2k	0:e614f7875b60	729	UNTIMEOUT(check_idle, NULL);
iva2k	0:e614f7875b60	730	}
iva2k	0:e614f7875b60	731	}
iva2k	0:e614f7875b60	732
iva2k	0:e614f7875b60	733	/*
iva2k	0:e614f7875b60	734	* np_finished - a network protocol has finished using the link.
iva2k	0:e614f7875b60	735	*/
iva2k	0:e614f7875b60	736	void
iva2k	0:e614f7875b60	737	np_finished(int unit, u16_t proto)
iva2k	0:e614f7875b60	738	{
iva2k	0:e614f7875b60	739	LWIP_UNUSED_ARG(unit);
iva2k	0:e614f7875b60	740	LWIP_UNUSED_ARG(proto);
iva2k	0:e614f7875b60	741
iva2k	0:e614f7875b60	742	AUTHDEBUG(LOG_INFO, ("np_finished: %d proto=%X\n", unit, proto));
iva2k	0:e614f7875b60	743	if (--num_np_open <= 0) {
iva2k	0:e614f7875b60	744	/* no further use for the link: shut up shop. */
iva2k	0:e614f7875b60	745	lcp_close(0, "No network protocols running");
iva2k	0:e614f7875b60	746	}
iva2k	0:e614f7875b60	747	}
iva2k	0:e614f7875b60	748
iva2k	0:e614f7875b60	749	/*
iva2k	0:e614f7875b60	750	* check_idle - check whether the link has been idle for long
iva2k	0:e614f7875b60	751	* enough that we can shut it down.
iva2k	0:e614f7875b60	752	*/
iva2k	0:e614f7875b60	753	static void
iva2k	0:e614f7875b60	754	check_idle(void *arg)
iva2k	0:e614f7875b60	755	{
iva2k	0:e614f7875b60	756	struct ppp_idle idle;
iva2k	0:e614f7875b60	757	u_short itime;
iva2k	0:e614f7875b60	758
iva2k	0:e614f7875b60	759	LWIP_UNUSED_ARG(arg);
iva2k	0:e614f7875b60	760	if (!get_idle_time(0, &idle)) {
iva2k	0:e614f7875b60	761	return;
iva2k	0:e614f7875b60	762	}
iva2k	0:e614f7875b60	763	itime = LWIP_MIN(idle.xmit_idle, idle.recv_idle);
iva2k	0:e614f7875b60	764	if (itime >= ppp_settings.idle_time_limit) {
iva2k	0:e614f7875b60	765	/* link is idle: shut it down. */
iva2k	0:e614f7875b60	766	AUTHDEBUG(LOG_INFO, ("Terminating connection due to lack of activity.\n"));
iva2k	0:e614f7875b60	767	lcp_close(0, "Link inactive");
iva2k	0:e614f7875b60	768	} else {
iva2k	0:e614f7875b60	769	TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit - itime);
iva2k	0:e614f7875b60	770	}
iva2k	0:e614f7875b60	771	}
iva2k	0:e614f7875b60	772
iva2k	0:e614f7875b60	773	/*
iva2k	0:e614f7875b60	774	* connect_time_expired - log a message and close the connection.
iva2k	0:e614f7875b60	775	*/
iva2k	0:e614f7875b60	776	static void
iva2k	0:e614f7875b60	777	connect_time_expired(void *arg)
iva2k	0:e614f7875b60	778	{
iva2k	0:e614f7875b60	779	LWIP_UNUSED_ARG(arg);
iva2k	0:e614f7875b60	780
iva2k	0:e614f7875b60	781	AUTHDEBUG(LOG_INFO, ("Connect time expired\n"));
iva2k	0:e614f7875b60	782	lcp_close(0, "Connect time expired"); /* Close connection */
iva2k	0:e614f7875b60	783	}
iva2k	0:e614f7875b60	784
iva2k	0:e614f7875b60	785	#if 0 /* UNUSED */
iva2k	0:e614f7875b60	786	/*
iva2k	0:e614f7875b60	787	* auth_check_options - called to check authentication options.
iva2k	0:e614f7875b60	788	*/
iva2k	0:e614f7875b60	789	void
iva2k	0:e614f7875b60	790	auth_check_options(void)
iva2k	0:e614f7875b60	791	{
iva2k	0:e614f7875b60	792	lcp_options *wo = &lcp_wantoptions[0];
iva2k	0:e614f7875b60	793	int can_auth;
iva2k	0:e614f7875b60	794	ipcp_options *ipwo = &ipcp_wantoptions[0];
iva2k	0:e614f7875b60	795	u32_t remote;
iva2k	0:e614f7875b60	796
iva2k	0:e614f7875b60	797	/* Default our_name to hostname, and user to our_name */
iva2k	0:e614f7875b60	798	if (ppp_settings.our_name[0] == 0 \|\| ppp_settings.usehostname) {
iva2k	0:e614f7875b60	799	strcpy(ppp_settings.our_name, ppp_settings.hostname);
iva2k	0:e614f7875b60	800	}
iva2k	0:e614f7875b60	801
iva2k	0:e614f7875b60	802	if (ppp_settings.user[0] == 0) {
iva2k	0:e614f7875b60	803	strcpy(ppp_settings.user, ppp_settings.our_name);
iva2k	0:e614f7875b60	804	}
iva2k	0:e614f7875b60	805
iva2k	0:e614f7875b60	806	/* If authentication is required, ask peer for CHAP or PAP. */
iva2k	0:e614f7875b60	807	if (ppp_settings.auth_required && !wo->neg_chap && !wo->neg_upap) {
iva2k	0:e614f7875b60	808	wo->neg_chap = 1;
iva2k	0:e614f7875b60	809	wo->neg_upap = 1;
iva2k	0:e614f7875b60	810	}
iva2k	0:e614f7875b60	811
iva2k	0:e614f7875b60	812	/*
iva2k	0:e614f7875b60	813	* Check whether we have appropriate secrets to use
iva2k	0:e614f7875b60	814	* to authenticate the peer.
iva2k	0:e614f7875b60	815	*/
iva2k	0:e614f7875b60	816	can_auth = wo->neg_upap && have_pap_secret();
iva2k	0:e614f7875b60	817	if (!can_auth && wo->neg_chap) {
iva2k	0:e614f7875b60	818	remote = ipwo->accept_remote? 0: ipwo->hisaddr;
iva2k	0:e614f7875b60	819	can_auth = have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote);
iva2k	0:e614f7875b60	820	}
iva2k	0:e614f7875b60	821
iva2k	0:e614f7875b60	822	if (ppp_settings.auth_required && !can_auth) {
iva2k	0:e614f7875b60	823	ppp_panic("No auth secret");
iva2k	0:e614f7875b60	824	}
iva2k	0:e614f7875b60	825	}
iva2k	0:e614f7875b60	826	#endif /* UNUSED */
iva2k	0:e614f7875b60	827
iva2k	0:e614f7875b60	828	/*
iva2k	0:e614f7875b60	829	* auth_reset - called when LCP is starting negotiations to recheck
iva2k	0:e614f7875b60	830	* authentication options, i.e. whether we have appropriate secrets
iva2k	0:e614f7875b60	831	* to use for authenticating ourselves and/or the peer.
iva2k	0:e614f7875b60	832	*/
iva2k	0:e614f7875b60	833	void
iva2k	0:e614f7875b60	834	auth_reset(int unit)
iva2k	0:e614f7875b60	835	{
iva2k	0:e614f7875b60	836	lcp_options *go = &lcp_gotoptions[unit];
iva2k	0:e614f7875b60	837	lcp_options *ao = &lcp_allowoptions[0];
iva2k	0:e614f7875b60	838	ipcp_options *ipwo = &ipcp_wantoptions[0];
iva2k	0:e614f7875b60	839	u32_t remote;
iva2k	0:e614f7875b60	840
iva2k	0:e614f7875b60	841	AUTHDEBUG(LOG_INFO, ("auth_reset: %d\n", unit));
iva2k	0:e614f7875b60	842	ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 \|\| get_pap_passwd(unit, NULL, NULL));
iva2k	0:e614f7875b60	843	ao->neg_chap = !ppp_settings.refuse_chap && ppp_settings.passwd[0] != 0 /have_chap_secret(ppp_settings.user, ppp_settings.remote_name, (u32_t)0)/;
iva2k	0:e614f7875b60	844
iva2k	0:e614f7875b60	845	if (go->neg_upap && !have_pap_secret()) {
iva2k	0:e614f7875b60	846	go->neg_upap = 0;
iva2k	0:e614f7875b60	847	}
iva2k	0:e614f7875b60	848	if (go->neg_chap) {
iva2k	0:e614f7875b60	849	remote = ipwo->accept_remote? 0: ipwo->hisaddr;
iva2k	0:e614f7875b60	850	if (!have_chap_secret(ppp_settings.remote_name, ppp_settings.our_name, remote)) {
iva2k	0:e614f7875b60	851	go->neg_chap = 0;
iva2k	0:e614f7875b60	852	}
iva2k	0:e614f7875b60	853	}
iva2k	0:e614f7875b60	854	}
iva2k	0:e614f7875b60	855
iva2k	0:e614f7875b60	856	#if PAP_SUPPORT
iva2k	0:e614f7875b60	857	/*
iva2k	0:e614f7875b60	858	* check_passwd - Check the user name and passwd against the PAP secrets
iva2k	0:e614f7875b60	859	* file. If requested, also check against the system password database,
iva2k	0:e614f7875b60	860	* and login the user if OK.
iva2k	0:e614f7875b60	861	*
iva2k	0:e614f7875b60	862	* returns:
iva2k	0:e614f7875b60	863	* UPAP_AUTHNAK: Authentication failed.
iva2k	0:e614f7875b60	864	* UPAP_AUTHACK: Authentication succeeded.
iva2k	0:e614f7875b60	865	* In either case, msg points to an appropriate message.
iva2k	0:e614f7875b60	866	*/
iva2k	0:e614f7875b60	867	u_char
iva2k	0:e614f7875b60	868	check_passwd( int unit, char auser, int userlen, char apasswd, int passwdlen, char *msg, int msglen)
iva2k	0:e614f7875b60	869	{
iva2k	0:e614f7875b60	870	#if 1 /* XXX Assume all entries OK. */
iva2k	0:e614f7875b60	871	LWIP_UNUSED_ARG(unit);
iva2k	0:e614f7875b60	872	LWIP_UNUSED_ARG(auser);
iva2k	0:e614f7875b60	873	LWIP_UNUSED_ARG(userlen);
iva2k	0:e614f7875b60	874	LWIP_UNUSED_ARG(apasswd);
iva2k	0:e614f7875b60	875	LWIP_UNUSED_ARG(passwdlen);
iva2k	0:e614f7875b60	876	LWIP_UNUSED_ARG(msglen);
iva2k	0:e614f7875b60	877	msg = (char ) 0;
iva2k	0:e614f7875b60	878	return UPAP_AUTHACK; /* XXX Assume all entries OK. */
iva2k	0:e614f7875b60	879	#else
iva2k	0:e614f7875b60	880	u_char ret = 0;
iva2k	0:e614f7875b60	881	struct wordlist *addrs = NULL;
iva2k	0:e614f7875b60	882	char passwd[256], user[256];
iva2k	0:e614f7875b60	883	char secret[MAXWORDLEN];
iva2k	0:e614f7875b60	884	static u_short attempts = 0;
iva2k	0:e614f7875b60	885
iva2k	0:e614f7875b60	886	/*
iva2k	0:e614f7875b60	887	* Make copies of apasswd and auser, then null-terminate them.
iva2k	0:e614f7875b60	888	*/
iva2k	0:e614f7875b60	889	BCOPY(apasswd, passwd, passwdlen);
iva2k	0:e614f7875b60	890	passwd[passwdlen] = '\0';
iva2k	0:e614f7875b60	891	BCOPY(auser, user, userlen);
iva2k	0:e614f7875b60	892	user[userlen] = '\0';
iva2k	0:e614f7875b60	893	msg = (char ) 0;
iva2k	0:e614f7875b60	894
iva2k	0:e614f7875b60	895	/* XXX Validate user name and password. */
iva2k	0:e614f7875b60	896	ret = UPAP_AUTHACK; /* XXX Assume all entries OK. */
iva2k	0:e614f7875b60	897
iva2k	0:e614f7875b60	898	if (ret == UPAP_AUTHNAK) {
iva2k	0:e614f7875b60	899	if (msg == (char ) 0) {
iva2k	0:e614f7875b60	900	*msg = "Login incorrect";
iva2k	0:e614f7875b60	901	}
iva2k	0:e614f7875b60	902	msglen = strlen(msg);
iva2k	0:e614f7875b60	903	/*
iva2k	0:e614f7875b60	904	* Frustrate passwd stealer programs.
iva2k	0:e614f7875b60	905	* Allow 10 tries, but start backing off after 3 (stolen from login).
iva2k	0:e614f7875b60	906	* On 10'th, drop the connection.
iva2k	0:e614f7875b60	907	*/
iva2k	0:e614f7875b60	908	if (attempts++ >= 10) {
iva2k	0:e614f7875b60	909	AUTHDEBUG(LOG_WARNING, ("%d LOGIN FAILURES BY %s\n", attempts, user));
iva2k	0:e614f7875b60	910	/ppp_panic("Excess Bad Logins");/
iva2k	0:e614f7875b60	911	}
iva2k	0:e614f7875b60	912	if (attempts > 3) {
iva2k	0:e614f7875b60	913	/* @todo: this was sleep(), i.e. seconds, not milliseconds
iva2k	0:e614f7875b60	914	* I don't think we really need this in lwIP - we would block tcpip_thread!
iva2k	0:e614f7875b60	915	*/
iva2k	0:e614f7875b60	916	/sys_msleep((attempts - 3) 5);*/
iva2k	0:e614f7875b60	917	}
iva2k	0:e614f7875b60	918	if (addrs != NULL) {
iva2k	0:e614f7875b60	919	free_wordlist(addrs);
iva2k	0:e614f7875b60	920	}
iva2k	0:e614f7875b60	921	} else {
iva2k	0:e614f7875b60	922	attempts = 0; /* Reset count */
iva2k	0:e614f7875b60	923	if (msg == (char ) 0) {
iva2k	0:e614f7875b60	924	*msg = "Login ok";
iva2k	0:e614f7875b60	925	}
iva2k	0:e614f7875b60	926	msglen = strlen(msg);
iva2k	0:e614f7875b60	927	set_allowed_addrs(unit, addrs);
iva2k	0:e614f7875b60	928	}
iva2k	0:e614f7875b60	929
iva2k	0:e614f7875b60	930	BZERO(passwd, sizeof(passwd));
iva2k	0:e614f7875b60	931	BZERO(secret, sizeof(secret));
iva2k	0:e614f7875b60	932
iva2k	0:e614f7875b60	933	return ret;
iva2k	0:e614f7875b60	934	#endif
iva2k	0:e614f7875b60	935	}
iva2k	0:e614f7875b60	936	#endif /* PAP_SUPPORT */
iva2k	0:e614f7875b60	937
iva2k	0:e614f7875b60	938	#if 0 /* UNUSED */
iva2k	0:e614f7875b60	939	/*
iva2k	0:e614f7875b60	940	* This function is needed for PAM.
iva2k	0:e614f7875b60	941	*/
iva2k	0:e614f7875b60	942
iva2k	0:e614f7875b60	943	#ifdef USE_PAM
iva2k	0:e614f7875b60	944
iva2k	0:e614f7875b60	945	/* lwip does not support PAM*/
iva2k	0:e614f7875b60	946
iva2k	0:e614f7875b60	947	#endif /* USE_PAM */
iva2k	0:e614f7875b60	948
iva2k	0:e614f7875b60	949	#endif /* UNUSED */
iva2k	0:e614f7875b60	950
iva2k	0:e614f7875b60	951
iva2k	0:e614f7875b60	952	#if 0 /* UNUSED */
iva2k	0:e614f7875b60	953	/*
iva2k	0:e614f7875b60	954	* plogin - Check the user name and password against the system
iva2k	0:e614f7875b60	955	* password database, and login the user if OK.
iva2k	0:e614f7875b60	956	*
iva2k	0:e614f7875b60	957	* returns:
iva2k	0:e614f7875b60	958	* UPAP_AUTHNAK: Login failed.
iva2k	0:e614f7875b60	959	* UPAP_AUTHACK: Login succeeded.
iva2k	0:e614f7875b60	960	* In either case, msg points to an appropriate message.
iva2k	0:e614f7875b60	961	*/
iva2k	0:e614f7875b60	962	static int
iva2k	0:e614f7875b60	963	plogin(char user, char passwd, char *msg, int msglen)
iva2k	0:e614f7875b60	964	{
iva2k	0:e614f7875b60	965
iva2k	0:e614f7875b60	966	LWIP_UNUSED_ARG(user);
iva2k	0:e614f7875b60	967	LWIP_UNUSED_ARG(passwd);
iva2k	0:e614f7875b60	968	LWIP_UNUSED_ARG(msg);
iva2k	0:e614f7875b60	969	LWIP_UNUSED_ARG(msglen);
iva2k	0:e614f7875b60	970
iva2k	0:e614f7875b60	971
iva2k	0:e614f7875b60	972	/* The new lines are here align the file when
iva2k	0:e614f7875b60	973	* compared against the pppd 2.3.11 code */
iva2k	0:e614f7875b60	974
iva2k	0:e614f7875b60	975
iva2k	0:e614f7875b60	976
iva2k	0:e614f7875b60	977
iva2k	0:e614f7875b60	978
iva2k	0:e614f7875b60	979
iva2k	0:e614f7875b60	980
iva2k	0:e614f7875b60	981
iva2k	0:e614f7875b60	982
iva2k	0:e614f7875b60	983
iva2k	0:e614f7875b60	984
iva2k	0:e614f7875b60	985
iva2k	0:e614f7875b60	986
iva2k	0:e614f7875b60	987
iva2k	0:e614f7875b60	988
iva2k	0:e614f7875b60	989
iva2k	0:e614f7875b60	990	/* XXX Fail until we decide that we want to support logins. */
iva2k	0:e614f7875b60	991	return (UPAP_AUTHNAK);
iva2k	0:e614f7875b60	992	}
iva2k	0:e614f7875b60	993	#endif
iva2k	0:e614f7875b60	994
iva2k	0:e614f7875b60	995
iva2k	0:e614f7875b60	996
iva2k	0:e614f7875b60	997	/*
iva2k	0:e614f7875b60	998	* plogout - Logout the user.
iva2k	0:e614f7875b60	999	*/
iva2k	0:e614f7875b60	1000	static void
iva2k	0:e614f7875b60	1001	plogout(void)
iva2k	0:e614f7875b60	1002	{
iva2k	0:e614f7875b60	1003	logged_in = 0;
iva2k	0:e614f7875b60	1004	}
iva2k	0:e614f7875b60	1005
iva2k	0:e614f7875b60	1006	/*
iva2k	0:e614f7875b60	1007	* null_login - Check if a username of "" and a password of "" are
iva2k	0:e614f7875b60	1008	* acceptable, and iff so, set the list of acceptable IP addresses
iva2k	0:e614f7875b60	1009	* and return 1.
iva2k	0:e614f7875b60	1010	*/
iva2k	0:e614f7875b60	1011	static int
iva2k	0:e614f7875b60	1012	null_login(int unit)
iva2k	0:e614f7875b60	1013	{
iva2k	0:e614f7875b60	1014	LWIP_UNUSED_ARG(unit);
iva2k	0:e614f7875b60	1015	/* XXX Fail until we decide that we want to support logins. */
iva2k	0:e614f7875b60	1016	return 0;
iva2k	0:e614f7875b60	1017	}
iva2k	0:e614f7875b60	1018
iva2k	0:e614f7875b60	1019
iva2k	0:e614f7875b60	1020	/*
iva2k	0:e614f7875b60	1021	* get_pap_passwd - get a password for authenticating ourselves with
iva2k	0:e614f7875b60	1022	* our peer using PAP. Returns 1 on success, 0 if no suitable password
iva2k	0:e614f7875b60	1023	* could be found.
iva2k	0:e614f7875b60	1024	*/
iva2k	0:e614f7875b60	1025	static int
iva2k	0:e614f7875b60	1026	get_pap_passwd(int unit, char user, char passwd)
iva2k	0:e614f7875b60	1027	{
iva2k	0:e614f7875b60	1028	LWIP_UNUSED_ARG(unit);
iva2k	0:e614f7875b60	1029	/* normally we would reject PAP if no password is provided,
iva2k	0:e614f7875b60	1030	but this causes problems with some providers (like CHT in Taiwan)
iva2k	0:e614f7875b60	1031	who incorrectly request PAP and expect a bogus/empty password, so
iva2k	0:e614f7875b60	1032	always provide a default user/passwd of "none"/"none"
iva2k	0:e614f7875b60	1033
iva2k	0:e614f7875b60	1034	@todo: This should be configured by the user, instead of being hardcoded here!
iva2k	0:e614f7875b60	1035	*/
iva2k	0:e614f7875b60	1036	if(user) {
iva2k	0:e614f7875b60	1037	strcpy(user, "none");
iva2k	0:e614f7875b60	1038	}
iva2k	0:e614f7875b60	1039	if(passwd) {
iva2k	0:e614f7875b60	1040	strcpy(passwd, "none");
iva2k	0:e614f7875b60	1041	}
iva2k	0:e614f7875b60	1042	return 1;
iva2k	0:e614f7875b60	1043	}
iva2k	0:e614f7875b60	1044
iva2k	0:e614f7875b60	1045	/*
iva2k	0:e614f7875b60	1046	* have_pap_secret - check whether we have a PAP file with any
iva2k	0:e614f7875b60	1047	* secrets that we could possibly use for authenticating the peer.
iva2k	0:e614f7875b60	1048	*/
iva2k	0:e614f7875b60	1049	static int
iva2k	0:e614f7875b60	1050	have_pap_secret(void)
iva2k	0:e614f7875b60	1051	{
iva2k	0:e614f7875b60	1052	/* XXX Fail until we set up our passwords. */
iva2k	0:e614f7875b60	1053	return 0;
iva2k	0:e614f7875b60	1054	}
iva2k	0:e614f7875b60	1055
iva2k	0:e614f7875b60	1056	/*
iva2k	0:e614f7875b60	1057	* have_chap_secret - check whether we have a CHAP file with a
iva2k	0:e614f7875b60	1058	* secret that we could possibly use for authenticating `client'
iva2k	0:e614f7875b60	1059	* on `server'. Either can be the null string, meaning we don't
iva2k	0:e614f7875b60	1060	* know the identity yet.
iva2k	0:e614f7875b60	1061	*/
iva2k	0:e614f7875b60	1062	static int
iva2k	0:e614f7875b60	1063	have_chap_secret(char client, char server, u32_t remote)
iva2k	0:e614f7875b60	1064	{
iva2k	0:e614f7875b60	1065	LWIP_UNUSED_ARG(client);
iva2k	0:e614f7875b60	1066	LWIP_UNUSED_ARG(server);
iva2k	0:e614f7875b60	1067	LWIP_UNUSED_ARG(remote);
iva2k	0:e614f7875b60	1068
iva2k	0:e614f7875b60	1069	/* XXX Fail until we set up our passwords. */
iva2k	0:e614f7875b60	1070	return 0;
iva2k	0:e614f7875b60	1071	}
iva2k	0:e614f7875b60	1072	#if CHAP_SUPPORT
iva2k	0:e614f7875b60	1073
iva2k	0:e614f7875b60	1074	/*
iva2k	0:e614f7875b60	1075	* get_secret - open the CHAP secret file and return the secret
iva2k	0:e614f7875b60	1076	* for authenticating the given client on the given server.
iva2k	0:e614f7875b60	1077	* (We could be either client or server).
iva2k	0:e614f7875b60	1078	*/
iva2k	0:e614f7875b60	1079	int
iva2k	0:e614f7875b60	1080	get_secret(int unit, char client, char server, char secret, int secret_len, int save_addrs)
iva2k	0:e614f7875b60	1081	{
iva2k	0:e614f7875b60	1082	#if 1
iva2k	0:e614f7875b60	1083	int len;
iva2k	0:e614f7875b60	1084	struct wordlist *addrs;
iva2k	0:e614f7875b60	1085
iva2k	0:e614f7875b60	1086	LWIP_UNUSED_ARG(unit);
iva2k	0:e614f7875b60	1087	LWIP_UNUSED_ARG(server);
iva2k	0:e614f7875b60	1088	LWIP_UNUSED_ARG(save_addrs);
iva2k	0:e614f7875b60	1089
iva2k	0:e614f7875b60	1090	addrs = NULL;
iva2k	0:e614f7875b60	1091
iva2k	0:e614f7875b60	1092	if(!client \|\| !client[0] \|\| strcmp(client, ppp_settings.user)) {
iva2k	0:e614f7875b60	1093	return 0;
iva2k	0:e614f7875b60	1094	}
iva2k	0:e614f7875b60	1095
iva2k	0:e614f7875b60	1096	len = (int)strlen(ppp_settings.passwd);
iva2k	0:e614f7875b60	1097	if (len > MAXSECRETLEN) {
iva2k	0:e614f7875b60	1098	AUTHDEBUG(LOG_ERR, ("Secret for %s on %s is too long\n", client, server));
iva2k	0:e614f7875b60	1099	len = MAXSECRETLEN;
iva2k	0:e614f7875b60	1100	}
iva2k	0:e614f7875b60	1101
iva2k	0:e614f7875b60	1102	BCOPY(ppp_settings.passwd, secret, len);
iva2k	0:e614f7875b60	1103	*secret_len = len;
iva2k	0:e614f7875b60	1104
iva2k	0:e614f7875b60	1105	return 1;
iva2k	0:e614f7875b60	1106	#else
iva2k	0:e614f7875b60	1107	int ret = 0, len;
iva2k	0:e614f7875b60	1108	struct wordlist *addrs;
iva2k	0:e614f7875b60	1109	char secbuf[MAXWORDLEN];
iva2k	0:e614f7875b60	1110
iva2k	0:e614f7875b60	1111	addrs = NULL;
iva2k	0:e614f7875b60	1112	secbuf[0] = 0;
iva2k	0:e614f7875b60	1113
iva2k	0:e614f7875b60	1114	/* XXX Find secret. */
iva2k	0:e614f7875b60	1115	if (ret < 0) {
iva2k	0:e614f7875b60	1116	return 0;
iva2k	0:e614f7875b60	1117	}
iva2k	0:e614f7875b60	1118
iva2k	0:e614f7875b60	1119	if (save_addrs) {
iva2k	0:e614f7875b60	1120	set_allowed_addrs(unit, addrs);
iva2k	0:e614f7875b60	1121	}
iva2k	0:e614f7875b60	1122
iva2k	0:e614f7875b60	1123	len = strlen(secbuf);
iva2k	0:e614f7875b60	1124	if (len > MAXSECRETLEN) {
iva2k	0:e614f7875b60	1125	AUTHDEBUG(LOG_ERR, ("Secret for %s on %s is too long\n", client, server));
iva2k	0:e614f7875b60	1126	len = MAXSECRETLEN;
iva2k	0:e614f7875b60	1127	}
iva2k	0:e614f7875b60	1128
iva2k	0:e614f7875b60	1129	BCOPY(secbuf, secret, len);
iva2k	0:e614f7875b60	1130	BZERO(secbuf, sizeof(secbuf));
iva2k	0:e614f7875b60	1131	*secret_len = len;
iva2k	0:e614f7875b60	1132
iva2k	0:e614f7875b60	1133	return 1;
iva2k	0:e614f7875b60	1134	#endif
iva2k	0:e614f7875b60	1135	}
iva2k	0:e614f7875b60	1136	#endif /* CHAP_SUPPORT */
iva2k	0:e614f7875b60	1137
iva2k	0:e614f7875b60	1138
iva2k	0:e614f7875b60	1139	#if 0 /* PAP_SUPPORT \|\| CHAP_SUPPORT */
iva2k	0:e614f7875b60	1140	/*
iva2k	0:e614f7875b60	1141	* set_allowed_addrs() - set the list of allowed addresses.
iva2k	0:e614f7875b60	1142	*/
iva2k	0:e614f7875b60	1143	static void
iva2k	0:e614f7875b60	1144	set_allowed_addrs(int unit, struct wordlist *addrs)
iva2k	0:e614f7875b60	1145	{
iva2k	0:e614f7875b60	1146	if (addresses[unit] != NULL) {
iva2k	0:e614f7875b60	1147	free_wordlist(addresses[unit]);
iva2k	0:e614f7875b60	1148	}
iva2k	0:e614f7875b60	1149	addresses[unit] = addrs;
iva2k	0:e614f7875b60	1150
iva2k	0:e614f7875b60	1151	#if 0
iva2k	0:e614f7875b60	1152	/*
iva2k	0:e614f7875b60	1153	* If there's only one authorized address we might as well
iva2k	0:e614f7875b60	1154	* ask our peer for that one right away
iva2k	0:e614f7875b60	1155	*/
iva2k	0:e614f7875b60	1156	if (addrs != NULL && addrs->next == NULL) {
iva2k	0:e614f7875b60	1157	char *p = addrs->word;
iva2k	0:e614f7875b60	1158	struct ipcp_options *wo = &ipcp_wantoptions[unit];
iva2k	0:e614f7875b60	1159	u32_t a;
iva2k	0:e614f7875b60	1160	struct hostent *hp;
iva2k	0:e614f7875b60	1161
iva2k	0:e614f7875b60	1162	if (wo->hisaddr == 0 && p != '!' && p != '-' && strchr(p, '/') == NULL) {
iva2k	0:e614f7875b60	1163	hp = gethostbyname(p);
iva2k	0:e614f7875b60	1164	if (hp != NULL && hp->h_addrtype == AF_INET) {
iva2k	0:e614f7875b60	1165	a = (u32_t )hp->h_addr;
iva2k	0:e614f7875b60	1166	} else {
iva2k	0:e614f7875b60	1167	a = inet_addr(p);
iva2k	0:e614f7875b60	1168	}
iva2k	0:e614f7875b60	1169	if (a != (u32_t) -1) {
iva2k	0:e614f7875b60	1170	wo->hisaddr = a;
iva2k	0:e614f7875b60	1171	}
iva2k	0:e614f7875b60	1172	}
iva2k	0:e614f7875b60	1173	}
iva2k	0:e614f7875b60	1174	#endif
iva2k	0:e614f7875b60	1175	}
iva2k	0:e614f7875b60	1176	#endif /* 0 / / PAP_SUPPORT \|\| CHAP_SUPPORT */
iva2k	0:e614f7875b60	1177
iva2k	0:e614f7875b60	1178	/*
iva2k	0:e614f7875b60	1179	* auth_ip_addr - check whether the peer is authorized to use
iva2k	0:e614f7875b60	1180	* a given IP address. Returns 1 if authorized, 0 otherwise.
iva2k	0:e614f7875b60	1181	*/
iva2k	0:e614f7875b60	1182	int
iva2k	0:e614f7875b60	1183	auth_ip_addr(int unit, u32_t addr)
iva2k	0:e614f7875b60	1184	{
iva2k	0:e614f7875b60	1185	return ip_addr_check(addr, addresses[unit]);
iva2k	0:e614f7875b60	1186	}
iva2k	0:e614f7875b60	1187
iva2k	0:e614f7875b60	1188	static int /* @todo: integrate this funtion into auth_ip_addr()*/
iva2k	0:e614f7875b60	1189	ip_addr_check(u32_t addr, struct wordlist *addrs)
iva2k	0:e614f7875b60	1190	{
iva2k	0:e614f7875b60	1191	/* don't allow loopback or multicast address */
iva2k	0:e614f7875b60	1192	if (bad_ip_adrs(addr)) {
iva2k	0:e614f7875b60	1193	return 0;
iva2k	0:e614f7875b60	1194	}
iva2k	0:e614f7875b60	1195
iva2k	0:e614f7875b60	1196	if (addrs == NULL) {
iva2k	0:e614f7875b60	1197	return !ppp_settings.auth_required; /* no addresses authorized */
iva2k	0:e614f7875b60	1198	}
iva2k	0:e614f7875b60	1199
iva2k	0:e614f7875b60	1200	/* XXX All other addresses allowed. */
iva2k	0:e614f7875b60	1201	return 1;
iva2k	0:e614f7875b60	1202	}
iva2k	0:e614f7875b60	1203
iva2k	0:e614f7875b60	1204	/*
iva2k	0:e614f7875b60	1205	* bad_ip_adrs - return 1 if the IP address is one we don't want
iva2k	0:e614f7875b60	1206	* to use, such as an address in the loopback net or a multicast address.
iva2k	0:e614f7875b60	1207	* addr is in network byte order.
iva2k	0:e614f7875b60	1208	*/
iva2k	0:e614f7875b60	1209	int
iva2k	0:e614f7875b60	1210	bad_ip_adrs(u32_t addr)
iva2k	0:e614f7875b60	1211	{
iva2k	0:e614f7875b60	1212	addr = ntohl(addr);
iva2k	0:e614f7875b60	1213	return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
iva2k	0:e614f7875b60	1214	\|\| IN_MULTICAST(addr) \|\| IN_BADCLASS(addr);
iva2k	0:e614f7875b60	1215	}
iva2k	0:e614f7875b60	1216
iva2k	0:e614f7875b60	1217	#if 0 /* UNUSED / / PAP_SUPPORT \|\| CHAP_SUPPORT */
iva2k	0:e614f7875b60	1218	/*
iva2k	0:e614f7875b60	1219	* some_ip_ok - check a wordlist to see if it authorizes any
iva2k	0:e614f7875b60	1220	* IP address(es).
iva2k	0:e614f7875b60	1221	*/
iva2k	0:e614f7875b60	1222	static int
iva2k	0:e614f7875b60	1223	some_ip_ok(struct wordlist *addrs)
iva2k	0:e614f7875b60	1224	{
iva2k	0:e614f7875b60	1225	for (; addrs != 0; addrs = addrs->next) {
iva2k	0:e614f7875b60	1226	if (addrs->word[0] == '-')
iva2k	0:e614f7875b60	1227	break;
iva2k	0:e614f7875b60	1228	if (addrs->word[0] != '!')
iva2k	0:e614f7875b60	1229	return 1; /* some IP address is allowed */
iva2k	0:e614f7875b60	1230	}
iva2k	0:e614f7875b60	1231	return 0;
iva2k	0:e614f7875b60	1232	}
iva2k	0:e614f7875b60	1233
iva2k	0:e614f7875b60	1234	/*
iva2k	0:e614f7875b60	1235	* check_access - complain if a secret file has too-liberal permissions.
iva2k	0:e614f7875b60	1236	*/
iva2k	0:e614f7875b60	1237	static void
iva2k	0:e614f7875b60	1238	check_access(FILE f, char filename)
iva2k	0:e614f7875b60	1239	{
iva2k	0:e614f7875b60	1240	struct stat sbuf;
iva2k	0:e614f7875b60	1241
iva2k	0:e614f7875b60	1242	if (fstat(fileno(f), &sbuf) < 0) {
iva2k	0:e614f7875b60	1243	warn("cannot stat secret file %s: %m", filename);
iva2k	0:e614f7875b60	1244	} else if ((sbuf.st_mode & (S_IRWXG \| S_IRWXO)) != 0) {
iva2k	0:e614f7875b60	1245	warn("Warning - secret file %s has world and/or group access",
iva2k	0:e614f7875b60	1246	filename);
iva2k	0:e614f7875b60	1247	}
iva2k	0:e614f7875b60	1248	}
iva2k	0:e614f7875b60	1249
iva2k	0:e614f7875b60	1250
iva2k	0:e614f7875b60	1251	/*
iva2k	0:e614f7875b60	1252	* scan_authfile - Scan an authorization file for a secret suitable
iva2k	0:e614f7875b60	1253	* for authenticating `client' on `server'. The return value is -1
iva2k	0:e614f7875b60	1254	* if no secret is found, otherwise >= 0. The return value has
iva2k	0:e614f7875b60	1255	* NONWILD_CLIENT set if the secret didn't have "*" for the client, and
iva2k	0:e614f7875b60	1256	* NONWILD_SERVER set if the secret didn't have "*" for the server.
iva2k	0:e614f7875b60	1257	* Any following words on the line up to a "--" (i.e. address authorization
iva2k	0:e614f7875b60	1258	* info) are placed in a wordlist and returned in *addrs. Any
iva2k	0:e614f7875b60	1259	* following words (extra options) are placed in a wordlist and
iva2k	0:e614f7875b60	1260	* returned in *opts.
iva2k	0:e614f7875b60	1261	* We assume secret is NULL or points to MAXWORDLEN bytes of space.
iva2k	0:e614f7875b60	1262	*/
iva2k	0:e614f7875b60	1263	static int
iva2k	0:e614f7875b60	1264	scan_authfile(FILE f, char client, char server, char secret, struct wordlist addrs, struct wordlist opts, char *filename)
iva2k	0:e614f7875b60	1265	{
iva2k	0:e614f7875b60	1266	/* We do not (currently) need this in lwip */
iva2k	0:e614f7875b60	1267	return 0; /* dummy */
iva2k	0:e614f7875b60	1268	}
iva2k	0:e614f7875b60	1269	/*
iva2k	0:e614f7875b60	1270	* free_wordlist - release memory allocated for a wordlist.
iva2k	0:e614f7875b60	1271	*/
iva2k	0:e614f7875b60	1272	static void
iva2k	0:e614f7875b60	1273	free_wordlist(struct wordlist *wp)
iva2k	0:e614f7875b60	1274	{
iva2k	0:e614f7875b60	1275	struct wordlist *next;
iva2k	0:e614f7875b60	1276
iva2k	0:e614f7875b60	1277	while (wp != NULL) {
iva2k	0:e614f7875b60	1278	next = wp->next;
iva2k	0:e614f7875b60	1279	free(wp);
iva2k	0:e614f7875b60	1280	wp = next;
iva2k	0:e614f7875b60	1281	}
iva2k	0:e614f7875b60	1282	}
iva2k	0:e614f7875b60	1283
iva2k	0:e614f7875b60	1284	/*
iva2k	0:e614f7875b60	1285	* auth_script_done - called when the auth-up or auth-down script
iva2k	0:e614f7875b60	1286	* has finished.
iva2k	0:e614f7875b60	1287	*/
iva2k	0:e614f7875b60	1288	static void
iva2k	0:e614f7875b60	1289	auth_script_done(void *arg)
iva2k	0:e614f7875b60	1290	{
iva2k	0:e614f7875b60	1291	auth_script_pid = 0;
iva2k	0:e614f7875b60	1292	switch (auth_script_state) {
iva2k	0:e614f7875b60	1293	case s_up:
iva2k	0:e614f7875b60	1294	if (auth_state == s_down) {
iva2k	0:e614f7875b60	1295	auth_script_state = s_down;
iva2k	0:e614f7875b60	1296	auth_script(_PATH_AUTHDOWN);
iva2k	0:e614f7875b60	1297	}
iva2k	0:e614f7875b60	1298	break;
iva2k	0:e614f7875b60	1299	case s_down:
iva2k	0:e614f7875b60	1300	if (auth_state == s_up) {
iva2k	0:e614f7875b60	1301	auth_script_state = s_up;
iva2k	0:e614f7875b60	1302	auth_script(_PATH_AUTHUP);
iva2k	0:e614f7875b60	1303	}
iva2k	0:e614f7875b60	1304	break;
iva2k	0:e614f7875b60	1305	}
iva2k	0:e614f7875b60	1306	}
iva2k	0:e614f7875b60	1307
iva2k	0:e614f7875b60	1308	/*
iva2k	0:e614f7875b60	1309	* auth_script - execute a script with arguments
iva2k	0:e614f7875b60	1310	* interface-name peer-name real-user tty speed
iva2k	0:e614f7875b60	1311	*/
iva2k	0:e614f7875b60	1312	static void
iva2k	0:e614f7875b60	1313	auth_script(char *script)
iva2k	0:e614f7875b60	1314	{
iva2k	0:e614f7875b60	1315	char strspeed[32];
iva2k	0:e614f7875b60	1316	struct passwd *pw;
iva2k	0:e614f7875b60	1317	char struid[32];
iva2k	0:e614f7875b60	1318	char *user_name;
iva2k	0:e614f7875b60	1319	char *argv[8];
iva2k	0:e614f7875b60	1320
iva2k	0:e614f7875b60	1321	if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL)
iva2k	0:e614f7875b60	1322	user_name = pw->pw_name;
iva2k	0:e614f7875b60	1323	else {
iva2k	0:e614f7875b60	1324	slprintf(struid, sizeof(struid), "%d", getuid());
iva2k	0:e614f7875b60	1325	user_name = struid;
iva2k	0:e614f7875b60	1326	}
iva2k	0:e614f7875b60	1327	slprintf(strspeed, sizeof(strspeed), "%d", baud_rate);
iva2k	0:e614f7875b60	1328
iva2k	0:e614f7875b60	1329	argv[0] = script;
iva2k	0:e614f7875b60	1330	argv[1] = ifname;
iva2k	0:e614f7875b60	1331	argv[2] = peer_authname;
iva2k	0:e614f7875b60	1332	argv[3] = user_name;
iva2k	0:e614f7875b60	1333	argv[4] = devnam;
iva2k	0:e614f7875b60	1334	argv[5] = strspeed;
iva2k	0:e614f7875b60	1335	argv[6] = NULL;
iva2k	0:e614f7875b60	1336
iva2k	0:e614f7875b60	1337	auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL);
iva2k	0:e614f7875b60	1338	}
iva2k	0:e614f7875b60	1339	#endif /* 0 / / PAP_SUPPORT \|\| CHAP_SUPPORT */
iva2k	0:e614f7875b60	1340	#endif /* PPP_SUPPORT */

Repository toolbox

Export to desktop IDE

Build repository

Repository details

Type:	Program
Mbed OS support:	Mbed 2 deprecated
Created:	12 Jun 2010
Imports:	78
Forks:	0
Commits:	2
Dependents:	0
Dependencies:	1
Followers:	1

lwip/netif/ppp/auth.c@0:e614f7875b60, 2010-06-12 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning