2 * upap.c - User/Password Authentication Protocol.
4 * Copyright (c) 1989 Carnegie Mellon University.
7 * Redistribution and use in source and binary forms are permitted
8 * provided that the above copyright notice and this paragraph are
9 * duplicated in all such forms and that any documentation,
10 * advertising materials, and other materials related to such
11 * distribution and use acknowledge that the software was developed
12 * by Carnegie Mellon University. The name of the
13 * University may not be used to endorse or promote products derived
14 * from this software without specific prior written permission.
15 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
17 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 static char rcsid[] = "$Id: upap.c,v 1.1 1993/11/11 03:54:25 paulus Exp $";
29 #include <sys/types.h>
38 upap_state upap[NPPP]; /* UPAP state; one for each unit */
41 static void upap_timeout __ARGS((caddr_t));
42 static void upap_rauthreq __ARGS((upap_state *, u_char *, int, int));
43 static void upap_rauthack __ARGS((upap_state *, u_char *, int, int));
44 static void upap_rauthnak __ARGS((upap_state *, u_char *, int, int));
45 static void upap_sauthreq __ARGS((upap_state *));
46 static void upap_sresp __ARGS((upap_state *, int, int, char *, int));
50 * upap_init - Initialize a UPAP unit.
56 upap_state *u = &upap[unit];
63 u->us_clientstate = UPAPCS_INITIAL;
64 u->us_serverstate = UPAPSS_INITIAL;
66 u->us_timeouttime = UPAP_DEFTIMEOUT;
67 u->us_maxtransmits = 10;
72 * upap_authwithpeer - Authenticate us with our peer (start client).
74 * Set new state and send authenticate's.
77 upap_authwithpeer(unit, user, password)
79 char *user, *password;
81 upap_state *u = &upap[unit];
83 /* Save the username and password we're given */
85 u->us_userlen = strlen(user);
86 u->us_passwd = password;
87 u->us_passwdlen = strlen(password);
90 /* Lower layer up yet? */
91 if (u->us_clientstate == UPAPCS_INITIAL ||
92 u->us_clientstate == UPAPCS_PENDING) {
93 u->us_clientstate = UPAPCS_PENDING;
97 upap_sauthreq(u); /* Start protocol */
102 * upap_authpeer - Authenticate our peer (start server).
110 upap_state *u = &upap[unit];
112 /* Lower layer up yet? */
113 if (u->us_serverstate == UPAPSS_INITIAL ||
114 u->us_serverstate == UPAPSS_PENDING) {
115 u->us_serverstate = UPAPSS_PENDING;
119 u->us_serverstate = UPAPSS_LISTEN;
124 * upap_timeout - Timeout expired.
130 upap_state *u = (upap_state *) arg;
132 if (u->us_clientstate != UPAPCS_AUTHREQ)
135 if (u->us_transmits >= u->us_maxtransmits) {
136 /* give up in disgust */
137 syslog(LOG_ERR, "No response to PAP authenticate-requests");
138 u->us_clientstate = UPAPCS_BADAUTH;
139 auth_withpeer_fail(u->us_unit, UPAP);
143 upap_sauthreq(u); /* Send Authenticate-Request */
148 * upap_lowerup - The lower layer is up.
150 * Start authenticating if pending.
156 upap_state *u = &upap[unit];
158 if (u->us_clientstate == UPAPCS_INITIAL)
159 u->us_clientstate = UPAPCS_CLOSED;
160 else if (u->us_clientstate == UPAPCS_PENDING) {
161 upap_sauthreq(u); /* send an auth-request */
164 if (u->us_serverstate == UPAPSS_INITIAL)
165 u->us_serverstate = UPAPSS_CLOSED;
166 else if (u->us_serverstate == UPAPSS_PENDING)
167 u->us_serverstate = UPAPSS_LISTEN;
172 * upap_lowerdown - The lower layer is down.
174 * Cancel all timeouts.
180 upap_state *u = &upap[unit];
182 if (u->us_clientstate == UPAPCS_AUTHREQ) /* Timeout pending? */
183 UNTIMEOUT(upap_timeout, (caddr_t) u); /* Cancel timeout */
185 u->us_clientstate = UPAPCS_INITIAL;
186 u->us_serverstate = UPAPSS_INITIAL;
191 * upap_protrej - Peer doesn't speak this protocol.
193 * This shouldn't happen. In any case, pretend lower layer went down.
199 upap_state *u = &upap[unit];
201 if (u->us_clientstate == UPAPCS_AUTHREQ) {
202 syslog(LOG_ERR, "PAP authentication failed due to protocol-reject");
203 auth_withpeer_fail(unit, UPAP);
205 if (u->us_serverstate == UPAPSS_LISTEN) {
206 syslog(LOG_ERR, "PAP authentication of peer failed (protocol-reject)");
207 auth_peer_fail(unit, UPAP);
209 upap_lowerdown(unit);
214 * upap_input - Input UPAP packet.
217 upap_input(unit, inpacket, l)
222 upap_state *u = &upap[unit];
228 * Parse header (code, id and length).
229 * If packet too short, drop it.
232 if (l < UPAP_HEADERLEN) {
233 UPAPDEBUG((LOG_INFO, "upap_input: rcvd short header."));
239 if (len < UPAP_HEADERLEN) {
240 UPAPDEBUG((LOG_INFO, "upap_input: rcvd illegal length."));
244 UPAPDEBUG((LOG_INFO, "upap_input: rcvd short packet."));
247 len -= UPAP_HEADERLEN;
250 * Action depends on code.
254 upap_rauthreq(u, inp, id, len);
258 upap_rauthack(u, inp, id, len);
262 upap_rauthnak(u, inp, id, len);
265 default: /* XXX Need code reject */
272 * upap_rauth - Receive Authenticate.
275 upap_rauthreq(u, inp, id, len)
281 u_char ruserlen, rpasswdlen;
282 char *ruser, *rpasswd;
287 UPAPDEBUG((LOG_INFO, "upap_rauth: Rcvd id %d.", id));
289 if (u->us_serverstate < UPAPSS_LISTEN)
293 * If we receive a duplicate authenticate-request, we are
294 * supposed to return the same status as for the first request.
296 if (u->us_serverstate == UPAPSS_OPEN) {
297 upap_sresp(u, UPAP_AUTHACK, id, "", 0); /* return auth-ack */
300 if (u->us_serverstate == UPAPSS_BADAUTH) {
301 upap_sresp(u, UPAP_AUTHNAK, id, "", 0); /* return auth-nak */
308 if (len < sizeof (u_char)) {
309 UPAPDEBUG((LOG_INFO, "upap_rauth: rcvd short packet."));
312 GETCHAR(ruserlen, inp);
313 len -= sizeof (u_char) + ruserlen + sizeof (u_char);;
315 UPAPDEBUG((LOG_INFO, "upap_rauth: rcvd short packet."));
318 ruser = (char *) inp;
319 INCPTR(ruserlen, inp);
320 GETCHAR(rpasswdlen, inp);
321 if (len < rpasswdlen) {
322 UPAPDEBUG((LOG_INFO, "upap_rauth: rcvd short packet."));
325 rpasswd = (char *) inp;
328 * Check the username and password given.
330 retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd,
331 rpasswdlen, &msg, &msglen);
333 upap_sresp(u, retcode, id, msg, msglen);
335 if (retcode == UPAP_AUTHACK) {
336 u->us_serverstate = UPAPSS_OPEN;
337 auth_peer_success(u->us_unit, UPAP);
339 u->us_serverstate = UPAPSS_BADAUTH;
340 auth_peer_fail(u->us_unit, UPAP);
346 * upap_rauthack - Receive Authenticate-Ack.
349 upap_rauthack(u, inp, id, len)
358 UPAPDEBUG((LOG_INFO, "upap_rauthack: Rcvd id %d.", id));
359 if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */
365 if (len < sizeof (u_char)) {
366 UPAPDEBUG((LOG_INFO, "upap_rauthack: rcvd short packet."));
369 GETCHAR(msglen, inp);
370 len -= sizeof (u_char);
372 UPAPDEBUG((LOG_INFO, "upap_rauthack: rcvd short packet."));
376 PRINTMSG(msg, msglen);
378 u->us_clientstate = UPAPCS_OPEN;
380 auth_withpeer_success(u->us_unit, UPAP);
385 * upap_rauthnak - Receive Authenticate-Nakk.
388 upap_rauthnak(u, inp, id, len)
397 UPAPDEBUG((LOG_INFO, "upap_rauthnak: Rcvd id %d.", id));
398 if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */
404 if (len < sizeof (u_char)) {
405 UPAPDEBUG((LOG_INFO, "upap_rauthnak: rcvd short packet."));
408 GETCHAR(msglen, inp);
409 len -= sizeof (u_char);
411 UPAPDEBUG((LOG_INFO, "upap_rauthnak: rcvd short packet."));
415 PRINTMSG(msg, msglen);
417 u->us_clientstate = UPAPCS_BADAUTH;
419 syslog(LOG_ERR, "PAP authentication failed");
420 auth_withpeer_fail(u->us_unit, UPAP);
425 * upap_sauthreq - Send an Authenticate-Request.
434 outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) +
435 u->us_userlen + u->us_passwdlen;
436 outp = outpacket_buf;
438 MAKEHEADER(outp, UPAP);
440 PUTCHAR(UPAP_AUTHREQ, outp);
441 PUTCHAR(++u->us_id, outp);
442 PUTSHORT(outlen, outp);
443 PUTCHAR(u->us_userlen, outp);
444 BCOPY(u->us_user, outp, u->us_userlen);
445 INCPTR(u->us_userlen, outp);
446 PUTCHAR(u->us_passwdlen, outp);
447 BCOPY(u->us_passwd, outp, u->us_passwdlen);
449 output(u->us_unit, outpacket_buf, outlen + DLLHEADERLEN);
451 UPAPDEBUG((LOG_INFO, "upap_sauth: Sent id %d.", u->us_id));
453 TIMEOUT(upap_timeout, (caddr_t) u, u->us_timeouttime);
455 u->us_clientstate = UPAPCS_AUTHREQ;
460 * upap_sresp - Send a response (ack or nak).
463 upap_sresp(u, code, id, msg, msglen)
472 outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
473 outp = outpacket_buf;
474 MAKEHEADER(outp, UPAP);
478 PUTSHORT(outlen, outp);
479 PUTCHAR(msglen, outp);
480 BCOPY(msg, outp, msglen);
481 output(u->us_unit, outpacket_buf, outlen + DLLHEADERLEN);
483 UPAPDEBUG((LOG_INFO, "upap_sresp: Sent code %d, id %d.", code, id));