X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fupap.c;h=0078adfeec17d981f51a16bb3f5cdfada9e292da;hp=6f99daf50d5005e67fb0831d8c562dc4f950b167;hb=5ba9d88b943e9d5a3ababdadf1d2e246581dfdc6;hpb=9c3c5cdb5f30e02e6ff5772b3b01992de191a384 diff --git a/pppd/upap.c b/pppd/upap.c index 6f99daf..0078adf 100644 --- a/pppd/upap.c +++ b/pppd/upap.c @@ -18,7 +18,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: upap.c,v 1.9 1996/05/26 23:57:19 paulus Exp $"; +static char rcsid[] = "$Id: upap.c,v 1.15 1999/03/16 22:54:43 paulus Exp $"; #endif /* @@ -27,23 +27,62 @@ static char rcsid[] = "$Id: upap.c,v 1.9 1996/05/26 23:57:19 paulus Exp $"; #include #include -#include -#include -#include #include "pppd.h" #include "upap.h" +static bool hide_password; + +/* + * Command-line options. + */ +static option_t pap_option_list[] = { + { "hide-password", o_bool, &hide_password, + "Don't output passwords to log" }, + { "pap-restart", o_int, &upap[0].us_timeouttime, + "Set retransmit timeout for PAP" }, + { "pap-max-authreq", o_int, &upap[0].us_maxtransmits, + "Set max number of transmissions for auth-reqs" }, + { "pap-timeout", o_int, &upap[0].us_reqtimeout, + "Set time limit for peer PAP authentication" }, + { NULL } +}; + +/* + * Protocol entry points. + */ +static void upap_init __P((int)); +static void upap_lowerup __P((int)); +static void upap_lowerdown __P((int)); +static void upap_input __P((int, u_char *, int)); +static void upap_protrej __P((int)); +static int upap_printpkt __P((u_char *, int, + void (*) __P((void *, char *, ...)), void *)); + struct protent pap_protent = { - PPP_PAP, upap_init, upap_input, upap_protrej, - upap_lowerup, upap_lowerdown, NULL, NULL, - upap_printpkt, NULL, 1, "PAP", NULL, NULL + PPP_PAP, + upap_init, + upap_input, + upap_protrej, + upap_lowerup, + upap_lowerdown, + NULL, + NULL, + upap_printpkt, + NULL, + 1, + "PAP", + NULL, + pap_option_list, + NULL, + NULL, + NULL }; upap_state upap[NUM_PPP]; /* UPAP state; one for each unit */ -static void upap_timeout __P((caddr_t)); -static void upap_reqtimeout __P((caddr_t)); +static void upap_timeout __P((void *)); +static void upap_reqtimeout __P((void *)); static void upap_rauthreq __P((upap_state *, u_char *, int, int)); static void upap_rauthack __P((upap_state *, u_char *, int, int)); static void upap_rauthnak __P((upap_state *, u_char *, int, int)); @@ -54,7 +93,7 @@ static void upap_sresp __P((upap_state *, int, int, char *, int)); /* * upap_init - Initialize a UPAP unit. */ -void +static void upap_init(unit) int unit; { @@ -124,7 +163,7 @@ upap_authpeer(unit) u->us_serverstate = UPAPSS_LISTEN; if (u->us_reqtimeout > 0) - TIMEOUT(upap_reqtimeout, (caddr_t) u, u->us_reqtimeout); + TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout); } @@ -133,7 +172,7 @@ upap_authpeer(unit) */ static void upap_timeout(arg) - caddr_t arg; + void *arg; { upap_state *u = (upap_state *) arg; @@ -142,7 +181,7 @@ upap_timeout(arg) if (u->us_transmits >= u->us_maxtransmits) { /* give up in disgust */ - syslog(LOG_ERR, "No response to PAP authenticate-requests"); + error("No response to PAP authenticate-requests"); u->us_clientstate = UPAPCS_BADAUTH; auth_withpeer_fail(u->us_unit, PPP_PAP); return; @@ -157,7 +196,7 @@ upap_timeout(arg) */ static void upap_reqtimeout(arg) - caddr_t arg; + void *arg; { upap_state *u = (upap_state *) arg; @@ -174,7 +213,7 @@ upap_reqtimeout(arg) * * Start authenticating if pending. */ -void +static void upap_lowerup(unit) int unit; { @@ -191,7 +230,7 @@ upap_lowerup(unit) else if (u->us_serverstate == UPAPSS_PENDING) { u->us_serverstate = UPAPSS_LISTEN; if (u->us_reqtimeout > 0) - TIMEOUT(upap_reqtimeout, (caddr_t) u, u->us_reqtimeout); + TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout); } } @@ -201,16 +240,16 @@ upap_lowerup(unit) * * Cancel all timeouts. */ -void +static void upap_lowerdown(unit) int unit; { upap_state *u = &upap[unit]; if (u->us_clientstate == UPAPCS_AUTHREQ) /* Timeout pending? */ - UNTIMEOUT(upap_timeout, (caddr_t) u); /* Cancel timeout */ + UNTIMEOUT(upap_timeout, u); /* Cancel timeout */ if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0) - UNTIMEOUT(upap_reqtimeout, (caddr_t) u); + UNTIMEOUT(upap_reqtimeout, u); u->us_clientstate = UPAPCS_INITIAL; u->us_serverstate = UPAPSS_INITIAL; @@ -222,18 +261,18 @@ upap_lowerdown(unit) * * This shouldn't happen. In any case, pretend lower layer went down. */ -void +static void upap_protrej(unit) int unit; { upap_state *u = &upap[unit]; if (u->us_clientstate == UPAPCS_AUTHREQ) { - syslog(LOG_ERR, "PAP authentication failed due to protocol-reject"); + error("PAP authentication failed due to protocol-reject"); auth_withpeer_fail(unit, PPP_PAP); } if (u->us_serverstate == UPAPSS_LISTEN) { - syslog(LOG_ERR, "PAP authentication of peer failed (protocol-reject)"); + error("PAP authentication of peer failed (protocol-reject)"); auth_peer_fail(unit, PPP_PAP); } upap_lowerdown(unit); @@ -243,7 +282,7 @@ upap_protrej(unit) /* * upap_input - Input UPAP packet. */ -void +static void upap_input(unit, inpacket, l) int unit; u_char *inpacket; @@ -260,18 +299,18 @@ upap_input(unit, inpacket, l) */ inp = inpacket; if (l < UPAP_HEADERLEN) { - UPAPDEBUG((LOG_INFO, "pap_input: rcvd short header.")); + UPAPDEBUG(("pap_input: rcvd short header.")); return; } GETCHAR(code, inp); GETCHAR(id, inp); GETSHORT(len, inp); if (len < UPAP_HEADERLEN) { - UPAPDEBUG((LOG_INFO, "pap_input: rcvd illegal length.")); + UPAPDEBUG(("pap_input: rcvd illegal length.")); return; } if (len > l) { - UPAPDEBUG((LOG_INFO, "pap_input: rcvd short packet.")); + UPAPDEBUG(("pap_input: rcvd short packet.")); return; } len -= UPAP_HEADERLEN; @@ -314,8 +353,6 @@ upap_rauthreq(u, inp, id, len) char *msg; int msglen; - UPAPDEBUG((LOG_INFO, "pap_rauth: Rcvd id %d.", id)); - if (u->us_serverstate < UPAPSS_LISTEN) return; @@ -336,20 +373,20 @@ upap_rauthreq(u, inp, id, len) * Parse user/passwd. */ if (len < sizeof (u_char)) { - UPAPDEBUG((LOG_INFO, "pap_rauth: rcvd short packet.")); + UPAPDEBUG(("pap_rauth: rcvd short packet.")); return; } GETCHAR(ruserlen, inp); len -= sizeof (u_char) + ruserlen + sizeof (u_char); if (len < 0) { - UPAPDEBUG((LOG_INFO, "pap_rauth: rcvd short packet.")); + UPAPDEBUG(("pap_rauth: rcvd short packet.")); return; } ruser = (char *) inp; INCPTR(ruserlen, inp); GETCHAR(rpasswdlen, inp); if (len < rpasswdlen) { - UPAPDEBUG((LOG_INFO, "pap_rauth: rcvd short packet.")); + UPAPDEBUG(("pap_rauth: rcvd short packet.")); return; } rpasswd = (char *) inp; @@ -359,19 +396,20 @@ upap_rauthreq(u, inp, id, len) */ retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd, rpasswdlen, &msg, &msglen); + BZERO(rpasswd, rpasswdlen); upap_sresp(u, retcode, id, msg, msglen); if (retcode == UPAP_AUTHACK) { u->us_serverstate = UPAPSS_OPEN; - auth_peer_success(u->us_unit, PPP_PAP); + auth_peer_success(u->us_unit, PPP_PAP, ruser, ruserlen); } else { u->us_serverstate = UPAPSS_BADAUTH; auth_peer_fail(u->us_unit, PPP_PAP); } if (u->us_reqtimeout > 0) - UNTIMEOUT(upap_reqtimeout, (caddr_t) u); + UNTIMEOUT(upap_reqtimeout, u); } @@ -388,7 +426,6 @@ upap_rauthack(u, inp, id, len) u_char msglen; char *msg; - UPAPDEBUG((LOG_INFO, "pap_rauthack: Rcvd id %d.", id)); if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */ return; @@ -396,13 +433,13 @@ upap_rauthack(u, inp, id, len) * Parse message. */ if (len < sizeof (u_char)) { - UPAPDEBUG((LOG_INFO, "pap_rauthack: rcvd short packet.")); + UPAPDEBUG(("pap_rauthack: rcvd short packet.")); return; } GETCHAR(msglen, inp); len -= sizeof (u_char); if (len < msglen) { - UPAPDEBUG((LOG_INFO, "pap_rauthack: rcvd short packet.")); + UPAPDEBUG(("pap_rauthack: rcvd short packet.")); return; } msg = (char *) inp; @@ -427,7 +464,6 @@ upap_rauthnak(u, inp, id, len) u_char msglen; char *msg; - UPAPDEBUG((LOG_INFO, "pap_rauthnak: Rcvd id %d.", id)); if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */ return; @@ -435,13 +471,13 @@ upap_rauthnak(u, inp, id, len) * Parse message. */ if (len < sizeof (u_char)) { - UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet.")); + UPAPDEBUG(("pap_rauthnak: rcvd short packet.")); return; } GETCHAR(msglen, inp); len -= sizeof (u_char); if (len < msglen) { - UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet.")); + UPAPDEBUG(("pap_rauthnak: rcvd short packet.")); return; } msg = (char *) inp; @@ -449,7 +485,7 @@ upap_rauthnak(u, inp, id, len) u->us_clientstate = UPAPCS_BADAUTH; - syslog(LOG_ERR, "PAP authentication failed"); + error("PAP authentication failed"); auth_withpeer_fail(u->us_unit, PPP_PAP); } @@ -481,9 +517,7 @@ upap_sauthreq(u) output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN); - UPAPDEBUG((LOG_INFO, "pap_sauth: Sent id %d.", u->us_id)); - - TIMEOUT(upap_timeout, (caddr_t) u, u->us_timeouttime); + TIMEOUT(upap_timeout, u, u->us_timeouttime); ++u->us_transmits; u->us_clientstate = UPAPCS_AUTHREQ; } @@ -512,18 +546,16 @@ upap_sresp(u, code, id, msg, msglen) PUTCHAR(msglen, outp); BCOPY(msg, outp, msglen); output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN); - - UPAPDEBUG((LOG_INFO, "pap_sresp: Sent code %d, id %d.", code, id)); } /* * upap_printpkt - print the contents of a PAP packet. */ -char *upap_codenames[] = { +static char *upap_codenames[] = { "AuthReq", "AuthAck", "AuthNak" }; -int +static int upap_printpkt(p, plen, printer, arg) u_char *p; int plen; @@ -567,7 +599,10 @@ upap_printpkt(p, plen, printer, arg) printer(arg, " user="); print_string(user, ulen, printer, arg); printer(arg, " password="); - print_string(pwd, wlen, printer, arg); + if (!hide_password) + print_string(pwd, wlen, printer, arg); + else + printer(arg, ""); break; case UPAP_AUTHACK: case UPAP_AUTHNAK: @@ -579,7 +614,7 @@ upap_printpkt(p, plen, printer, arg) msg = (char *) (p + 1); p += mlen + 1; len -= mlen + 1; - printer(arg, "msg="); + printer(arg, " "); print_string(msg, mlen, printer, arg); break; }