2 * upap.h - User/Password Authentication Protocol definitions.
4 * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
18 * 3. The name "Carnegie Mellon University" must not be used to
19 * endorse or promote products derived from this software without
20 * prior written permission. For permission or any legal
21 * details, please contact
22 * Office of Technology Transfer
23 * Carnegie Mellon University
25 * Pittsburgh, PA 15213-3890
26 * (412) 268-4387, fax: (412) 268-7395
27 * tech-transfer@andrew.cmu.edu
29 * 4. Redistributions of any form whatsoever must retain the following
31 * "This product includes software developed by Computing Services
32 * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
34 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
35 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
36 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
37 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
38 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
39 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
40 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
48 * Packet header = Code, id, length.
50 #define UPAP_HEADERLEN 4
56 #define UPAP_AUTHREQ 1 /* Authenticate-Request */
57 #define UPAP_AUTHACK 2 /* Authenticate-Ack */
58 #define UPAP_AUTHNAK 3 /* Authenticate-Nak */
62 * Each interface is described by upap structure.
64 typedef struct upap_state {
65 int us_unit; /* Interface unit number */
66 char *us_user; /* User */
67 int us_userlen; /* User length */
68 char *us_passwd; /* Password */
69 int us_passwdlen; /* Password length */
70 int us_clientstate; /* Client state */
71 int us_serverstate; /* Server state */
72 unsigned char us_id; /* Current id */
73 int us_timeouttime; /* Timeout (seconds) for auth-req retrans. */
74 int us_transmits; /* Number of auth-reqs sent */
75 int us_maxtransmits; /* Maximum number of auth-reqs to send */
76 int us_reqtimeout; /* Time to wait for auth-req from peer */
83 #define UPAPCS_INITIAL 0 /* Connection down */
84 #define UPAPCS_CLOSED 1 /* Connection up, haven't requested auth */
85 #define UPAPCS_PENDING 2 /* Connection down, have requested auth */
86 #define UPAPCS_AUTHREQ 3 /* We've sent an Authenticate-Request */
87 #define UPAPCS_OPEN 4 /* We've received an Ack */
88 #define UPAPCS_BADAUTH 5 /* We've received a Nak */
93 #define UPAPSS_INITIAL 0 /* Connection down */
94 #define UPAPSS_CLOSED 1 /* Connection up, haven't requested auth */
95 #define UPAPSS_PENDING 2 /* Connection down, have requested auth */
96 #define UPAPSS_LISTEN 3 /* Listening for an Authenticate */
97 #define UPAPSS_OPEN 4 /* We've sent an Ack */
98 #define UPAPSS_BADAUTH 5 /* We've sent a Nak */
104 #define UPAP_DEFTIMEOUT 3 /* Timeout (seconds) for retransmitting req */
105 #define UPAP_DEFREQTIME 30 /* Time to wait for auth-req from peer */
107 extern upap_state upap[];
109 void upap_authwithpeer(int, char *, char *);
110 void upap_authpeer(int);
112 extern struct protent pap_protent;
114 typedef int (pap_check_hook_fn)(void);
115 typedef int (pap_auth_hook_fn)(char *user, char *passwd, char **msgp,
116 struct wordlist **paddrs,
117 struct wordlist **popts);
118 typedef void (pap_logout_hook_fn)(void);
119 typedef int (pap_passwd_hook_fn)(char *user, char *passwd);
122 * This function will return a value of 1 to indicate that a plugin intent to
123 * supply a username or a password through the pap_auth_hook callback.
125 * A return value of > 0 will avoid parsing pap-secrets file.
127 extern pap_check_hook_fn *pap_check_hook;
130 * This hook is used to check if a username and password matches against the
133 extern pap_auth_hook_fn *pap_auth_hook;
136 * Hook for plugin to know about PAP user logout.
138 extern pap_logout_hook_fn *pap_logout_hook;
141 * A plugin can chose to supply its own user and password overriding what
142 * previously has been configured. Hook is only valid when pppd is acting
145 extern pap_passwd_hook_fn *pap_passwd_hook;