talexander
/
freebsd_amp_hwpstate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd_amp_hwpstate/usr.sbin/ppp/auth.c

213 lines
4.9 KiB
C
Raw Normal View History

1995-01-31 06:29:58 +00:00
/*
* PPP Secret Key Module
*
* Written by Toshiharu OHNO (tony-o@iij.ad.jp)
*
* Copyright (C) 1994, Internet Initiative Japan, Inc. All rights reserverd.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by the Internet Initiative Japan, Inc. The name of the
* IIJ may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Remove trailing whitespace.
1995-05-30 03:57:47 +00:00
*
Correct ppp authentication defaults in interactive mode. We don't want to be forced to type a password here :-( Pointed out by: mouth@ibm.net (John Kelly) While I'm there, don't allow a "set server" in interactive mode.
1997-09-09 21:51:39 +00:00
* $Id: auth.c,v 1.16 1997/09/04 00:38:17 brian Exp $
Remove trailing whitespace.
1995-05-30 03:57:47 +00:00
*
1995-01-31 06:29:58 +00:00
* TODO:
1. Do not log the password itself to ppp.log ( Mr. Rich Murphey ) 2. Add ability to execute shell commands and suspend back into invoking shell (Mr. J Wunsch) Reviewed by: amurai@spec.co.jp Submitted by: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) Rich Murphey <rich@lamprey.utmb.edu>
1995-09-02 17:20:54 +00:00
* o Implement check against with registered IP addresses.
1995-01-31 06:29:58 +00:00
*/
#include "fsm.h"
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
#include "lcpproto.h"
1995-01-31 06:29:58 +00:00
#include "ipcp.h"
De-couple ppp from libalias. If libalias isn't there, the alias commands simply won't work. Only root may specify the location of the alias lib (otherwise, it's hard-coded). Make logprintf silently fail if LogOpen hasn't been called. Suggested by: eivind
1997-05-26 00:44:10 +00:00
#include "loadalias.h"
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
#include "vars.h"
Final cleanup for now. -Wall is now silent. A couple of bogons found.
1996-01-11 17:48:59 +00:00
#include "filter.h"
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
#include "auth.h"
Final cleanup for now. -Wall is now silent. A couple of bogons found.
1996-01-11 17:48:59 +00:00
#include "chat.h"
1995-01-31 06:29:58 +00:00
extern FILE *OpenSecret();
extern void CloseSecret();
Install as group ``network'' Insist that uid == 0 for client ppp Disallow client sockets if no password is specified Don't exit on failure to open client socket for listening Allow specification of null local password Use reasonable size (smaller) ``vector''s in auth.c Fix "passwd ..." usage message Insist on "all" as arg to "quit" (if any) Drop client socket connection before Cleanup() when "quit all"
1997-09-04 00:38:22 +00:00
void
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
LocalAuthInit()
Final cleanup for now. -Wall is now silent. A couple of bogons found.
1996-01-11 17:48:59 +00:00
{
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
char *p;
Fixing minor bug and allow help(Not for all command) and quit but not close line connection by "quit all" command if not authorized. Reviewed by: amurai@spec.co.jp Submitted by: tony-o@iij.ad.jp amurai@spec.co.jp
1995-02-27 10:57:54 +00:00
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
if (gethostname(VarShortHost, sizeof(VarShortHost))) {
Install as group ``network'' Insist that uid == 0 for client ppp Disallow client sockets if no password is specified Don't exit on failure to open client socket for listening Allow specification of null local password Use reasonable size (smaller) ``vector''s in auth.c Fix "passwd ..." usage message Insist on "all" as arg to "quit" (if any) Drop client socket connection before Cleanup() when "quit all"
1997-09-04 00:38:22 +00:00
VarLocalAuth = LOCAL_DENY;
return;
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
}
Install as group ``network'' Insist that uid == 0 for client ppp Disallow client sockets if no password is specified Don't exit on failure to open client socket for listening Allow specification of null local password Use reasonable size (smaller) ``vector''s in auth.c Fix "passwd ..." usage message Insist on "all" as arg to "quit" (if any) Drop client socket connection before Cleanup() when "quit all"
1997-09-04 00:38:22 +00:00
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
p = strchr(VarShortHost, '.');
if (p)
*p = '\0';
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
Correct ppp authentication defaults in interactive mode. We don't want to be forced to type a password here :-( Pointed out by: mouth@ibm.net (John Kelly) While I'm there, don't allow a "set server" in interactive mode.
1997-09-09 21:51:39 +00:00
if (!(mode&(MODE_AUTO|MODE_DEDICATED|MODE_DIRECT)))
/* We're allowed in interactive and direct */
VarLocalAuth = LOCAL_AUTH;
else
VarLocalAuth = LocalAuthValidate(SECRETFILE, VarShortHost, "")
== NOT_FOUND ? LOCAL_DENY : LOCAL_NO_AUTH;
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
}
LOCAL_AUTH_VALID
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
LocalAuthValidate(char *fname, char *system, char *key)
{
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
FILE *fp;
int n;
Install as group ``network'' Insist that uid == 0 for client ppp Disallow client sockets if no password is specified Don't exit on failure to open client socket for listening Allow specification of null local password Use reasonable size (smaller) ``vector''s in auth.c Fix "passwd ..." usage message Insist on "all" as arg to "quit" (if any) Drop client socket connection before Cleanup() when "quit all"
1997-09-04 00:38:22 +00:00
char *vector[3];
char buff[200];
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
LOCAL_AUTH_VALID rc;
rc = NOT_FOUND; /* No system entry */
fp = OpenSecret(fname);
if (fp == NULL)
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
return (rc);
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
while (fgets(buff, sizeof(buff), fp)) {
if (buff[0] == '#')
continue;
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
buff[strlen(buff) - 1] = 0;
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
bzero(vector, sizeof(vector));
Allow up to 40 args in the chat script (was 20). Ignore subsequent args rather than scribbling. PR: 1952 Submitted by: Mikael Hybsch <micke@free.dynas.se>
1997-05-07 23:01:25 +00:00
n = MakeArgs(buff, vector, VECSIZE(vector));
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
if (n < 1)
continue;
if (strcmp(vector[0], system) == 0) {
Install as group ``network'' Insist that uid == 0 for client ppp Disallow client sockets if no password is specified Don't exit on failure to open client socket for listening Allow specification of null local password Use reasonable size (smaller) ``vector''s in auth.c Fix "passwd ..." usage message Insist on "all" as arg to "quit" (if any) Drop client socket connection before Cleanup() when "quit all"
1997-09-04 00:38:22 +00:00
if ((vector[1] == (char *) NULL && (key == NULL || *key == '\0')) ||
(vector[1] != (char *) NULL && strcmp(vector[1], key) == 0)) {
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
rc = VALID; /* Valid */
} else {
rc = INVALID; /* Invalid */
}
break;
}
}
CloseSecret(fp);
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
return (rc);
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
}
1995-01-31 06:29:58 +00:00
int
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
AuthValidate(char *fname, char *system, char *key)
1995-01-31 06:29:58 +00:00
{
FILE *fp;
int n;
Install as group ``network'' Insist that uid == 0 for client ppp Disallow client sockets if no password is specified Don't exit on failure to open client socket for listening Allow specification of null local password Use reasonable size (smaller) ``vector''s in auth.c Fix "passwd ..." usage message Insist on "all" as arg to "quit" (if any) Drop client socket connection before Cleanup() when "quit all"
1997-09-04 00:38:22 +00:00
char *vector[4];
1995-01-31 06:29:58 +00:00
char buff[200];
char passwd[100];
fp = OpenSecret(fname);
if (fp == NULL)
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
return (0);
1995-01-31 06:29:58 +00:00
while (fgets(buff, sizeof(buff), fp)) {
if (buff[0] == '#')
continue;
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
buff[strlen(buff) - 1] = 0;
1995-01-31 06:29:58 +00:00
bzero(vector, sizeof(vector));
Allow up to 40 args in the chat script (was 20). Ignore subsequent args rather than scribbling. PR: 1952 Submitted by: Mikael Hybsch <micke@free.dynas.se>
1997-05-07 23:01:25 +00:00
n = MakeArgs(buff, vector, VECSIZE(vector));
1995-01-31 06:29:58 +00:00
if (n < 2)
continue;
if (strcmp(vector[0], system) == 0) {
Fix many buffer overruns in the code. Specifically, disallow ExpandString to be used to expand things beyond the size of the buffer passed in. Also do a general cleanup of sprintf -> snprintf as well as strcpy and strncat safety. Also expand some buffers to allow for the largest possible data that might be used. This is a 2.2 candidate. However, it needs to be vetted on -current since little testing has been done on this due to my lack of PPP on this machine. Reviewed by: Jordan Hubbard, Peter Wemm, Guido van Rooij
1997-01-10 07:53:28 +00:00
ExpandString(vector[1], passwd, sizeof(passwd), 0);
1995-01-31 06:29:58 +00:00
if (strcmp(passwd, key) == 0) {
CloseSecret(fp);
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
bzero(&DefHisAddress, sizeof(DefHisAddress));
n -= 2;
if (n > 0) {
Tidy up the code - bounds checking, return value checking etc. Submitted by: eivind
1997-05-10 01:22:19 +00:00
if (ParseAddr(n--, &vector[2],
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
&DefHisAddress.ipaddr,
&DefHisAddress.mask,
&DefHisAddress.width) == 0) {
return (0); /* Invalid */
Tidy up the code - bounds checking, return value checking etc. Submitted by: eivind
1997-05-10 01:22:19 +00:00
}
1995-01-31 06:29:58 +00:00
}
IpcpInit();
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
return (1); /* Valid */
1995-01-31 06:29:58 +00:00
}
}
}
CloseSecret(fp);
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
return (0); /* Invalid */
1995-01-31 06:29:58 +00:00
}
char *
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
AuthGetSecret(char *fname, char *system, int len, int setaddr)
1995-01-31 06:29:58 +00:00
{
FILE *fp;
int n;
Install as group ``network'' Insist that uid == 0 for client ppp Disallow client sockets if no password is specified Don't exit on failure to open client socket for listening Allow specification of null local password Use reasonable size (smaller) ``vector''s in auth.c Fix "passwd ..." usage message Insist on "all" as arg to "quit" (if any) Drop client socket connection before Cleanup() when "quit all"
1997-09-04 00:38:22 +00:00
char *vector[4];
1995-01-31 06:29:58 +00:00
char buff[200];
static char passwd[100];
fp = OpenSecret(fname);
if (fp == NULL)
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
return (NULL);
1995-01-31 06:29:58 +00:00
while (fgets(buff, sizeof(buff), fp)) {
if (buff[0] == '#')
continue;
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
buff[strlen(buff) - 1] = 0;
1995-01-31 06:29:58 +00:00
bzero(vector, sizeof(vector));
Allow up to 40 args in the chat script (was 20). Ignore subsequent args rather than scribbling. PR: 1952 Submitted by: Mikael Hybsch <micke@free.dynas.se>
1997-05-07 23:01:25 +00:00
n = MakeArgs(buff, vector, VECSIZE(vector));
1995-01-31 06:29:58 +00:00
if (n < 2)
continue;
if (strlen(vector[0]) == len && strncmp(vector[0], system, len) == 0) {
Fix many buffer overruns in the code. Specifically, disallow ExpandString to be used to expand things beyond the size of the buffer passed in. Also do a general cleanup of sprintf -> snprintf as well as strcpy and strncat safety. Also expand some buffers to allow for the largest possible data that might be used. This is a 2.2 candidate. However, it needs to be vetted on -current since little testing has been done on this due to my lack of PPP on this machine. Reviewed by: Jordan Hubbard, Peter Wemm, Guido van Rooij
1997-01-10 07:53:28 +00:00
ExpandString(vector[1], passwd, sizeof(passwd), 0);
1995-01-31 06:29:58 +00:00
if (setaddr) {
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
bzero(&DefHisAddress, sizeof(DefHisAddress));
1995-01-31 06:29:58 +00:00
}
n -= 2;
if (n > 0 && setaddr) {
Overhaul ppp: o Use syslog o Remove references to stdout/stderr (incl perror()) o Introduce VarTerm - the interactive terminal or zero o Allow "set timeout" to affect current session o Change "set debug" to "set log" o Allow "set log [+|-]flag" o Make MSEXT and PASSWDAUTH stuff the default o Move all #ifdef DEBUG stuff into the code - this shouldn't be too much overhead. It's now controlled with "set log +debug" o Add "set log command, debug, tun, warn, error, alert" o Remove cdefs.h, and assume an ansi compiler. o Improve all diagnostic output o Don't trap SIGSEGV o SIGHUP now terminates again (log files are controlled by syslog) o Call CloseModem() when changing devices o Fix parsing of third arg of "delete" I think this fixes the "magic is same" problems that some people have been experiencing. The man page is being rewritten. It'll follow soon.
1997-06-09 03:27:43 +00:00
LogPrintf(LogDEBUG, "AuthGetSecret: n = %d, %s\n", n, vector[2]);
Tidy up the code - bounds checking, return value checking etc. Submitted by: eivind
1997-05-10 01:22:19 +00:00
if (ParseAddr(n--, &vector[2],
&DefHisAddress.ipaddr,
&DefHisAddress.mask,
&DefHisAddress.width) != 0)
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
IpcpInit();
1995-01-31 06:29:58 +00:00
}
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
return (passwd);
1995-01-31 06:29:58 +00:00
}
}
CloseSecret(fp);
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
return (NULL); /* Invalid */
1995-01-31 06:29:58 +00:00
}
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
static void
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
AuthTimeout(struct authinfo * authp)
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
{
struct pppTimer *tp;
tp = &authp->authtimer;
StopTimer(tp);
if (--authp->retry > 0) {
StartTimer(tp);
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
(authp->ChallengeFunc) (++authp->id);
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
}
}
void
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
StartAuthChallenge(struct authinfo * authp)
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
{
struct pppTimer *tp;
tp = &authp->authtimer;
StopTimer(tp);
tp->func = AuthTimeout;
tp->load = VarRetryTimeout * SECTICKS;
tp->state = TIMER_STOPPED;
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
tp->arg = (void *) authp;
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
StartTimer(tp);
authp->retry = 3;
authp->id = 1;
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
(authp->ChallengeFunc) (authp->id);
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
}
void
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
StopAuthTimer(struct authinfo * authp)
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
{
StopTimer(&authp->authtimer);
}