1*7c478bd9Sstevel@tonic-gate /*
2*7c478bd9Sstevel@tonic-gate * upap.c - User/Password Authentication Protocol.
3*7c478bd9Sstevel@tonic-gate *
4*7c478bd9Sstevel@tonic-gate * Copyright (c) 2000 by Sun Microsystems, Inc.
5*7c478bd9Sstevel@tonic-gate * All rights reserved.
6*7c478bd9Sstevel@tonic-gate *
7*7c478bd9Sstevel@tonic-gate * Permission to use, copy, modify, and distribute this software and its
8*7c478bd9Sstevel@tonic-gate * documentation is hereby granted, provided that the above copyright
9*7c478bd9Sstevel@tonic-gate * notice appears in all copies.
10*7c478bd9Sstevel@tonic-gate *
11*7c478bd9Sstevel@tonic-gate * SUN MAKES NO REPRESENTATION OR WARRANTIES ABOUT THE SUITABILITY OF
12*7c478bd9Sstevel@tonic-gate * THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
13*7c478bd9Sstevel@tonic-gate * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
14*7c478bd9Sstevel@tonic-gate * PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR
15*7c478bd9Sstevel@tonic-gate * ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR
16*7c478bd9Sstevel@tonic-gate * DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES
17*7c478bd9Sstevel@tonic-gate *
18*7c478bd9Sstevel@tonic-gate * Copyright (c) 1989 Carnegie Mellon University.
19*7c478bd9Sstevel@tonic-gate * All rights reserved.
20*7c478bd9Sstevel@tonic-gate *
21*7c478bd9Sstevel@tonic-gate * Redistribution and use in source and binary forms are permitted
22*7c478bd9Sstevel@tonic-gate * provided that the above copyright notice and this paragraph are
23*7c478bd9Sstevel@tonic-gate * duplicated in all such forms and that any documentation,
24*7c478bd9Sstevel@tonic-gate * advertising materials, and other materials related to such
25*7c478bd9Sstevel@tonic-gate * distribution and use acknowledge that the software was developed
26*7c478bd9Sstevel@tonic-gate * by Carnegie Mellon University. The name of the
27*7c478bd9Sstevel@tonic-gate * University may not be used to endorse or promote products derived
28*7c478bd9Sstevel@tonic-gate * from this software without specific prior written permission.
29*7c478bd9Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
30*7c478bd9Sstevel@tonic-gate * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
31*7c478bd9Sstevel@tonic-gate * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
32*7c478bd9Sstevel@tonic-gate */
33*7c478bd9Sstevel@tonic-gate
34*7c478bd9Sstevel@tonic-gate #include <stdio.h>
35*7c478bd9Sstevel@tonic-gate #include <string.h>
36*7c478bd9Sstevel@tonic-gate
37*7c478bd9Sstevel@tonic-gate #include "pppd.h"
38*7c478bd9Sstevel@tonic-gate #include "upap.h"
39*7c478bd9Sstevel@tonic-gate
40*7c478bd9Sstevel@tonic-gate static bool hide_password = 1;
41*7c478bd9Sstevel@tonic-gate
42*7c478bd9Sstevel@tonic-gate /*
43*7c478bd9Sstevel@tonic-gate * Command-line options.
44*7c478bd9Sstevel@tonic-gate */
45*7c478bd9Sstevel@tonic-gate static option_t pap_option_list[] = {
46*7c478bd9Sstevel@tonic-gate { "hide-password", o_bool, &hide_password,
47*7c478bd9Sstevel@tonic-gate "Don't output passwords to log", 1 },
48*7c478bd9Sstevel@tonic-gate { "show-password", o_bool, &hide_password,
49*7c478bd9Sstevel@tonic-gate "Show password string in debug log messages", 0 },
50*7c478bd9Sstevel@tonic-gate { "pap-restart", o_int, &upap[0].us_timeouttime,
51*7c478bd9Sstevel@tonic-gate "Set retransmit timeout for PAP" },
52*7c478bd9Sstevel@tonic-gate { "pap-max-authreq", o_int, &upap[0].us_maxtransmits,
53*7c478bd9Sstevel@tonic-gate "Max number of PAP Authenticate-Request sent" },
54*7c478bd9Sstevel@tonic-gate { "pap-max-receive", o_int, &upap[0].us_maxreceives,
55*7c478bd9Sstevel@tonic-gate "Max allowable PAP Authenticate-Request received" },
56*7c478bd9Sstevel@tonic-gate { "pap-timeout", o_int, &upap[0].us_reqtimeout,
57*7c478bd9Sstevel@tonic-gate "Set time limit for peer PAP authentication" },
58*7c478bd9Sstevel@tonic-gate { NULL }
59*7c478bd9Sstevel@tonic-gate };
60*7c478bd9Sstevel@tonic-gate
61*7c478bd9Sstevel@tonic-gate /*
62*7c478bd9Sstevel@tonic-gate * Protocol entry points.
63*7c478bd9Sstevel@tonic-gate */
64*7c478bd9Sstevel@tonic-gate static void upap_init __P((int));
65*7c478bd9Sstevel@tonic-gate static void upap_lowerup __P((int));
66*7c478bd9Sstevel@tonic-gate static void upap_lowerdown __P((int));
67*7c478bd9Sstevel@tonic-gate static void upap_input __P((int, u_char *, int));
68*7c478bd9Sstevel@tonic-gate static void upap_protrej __P((int));
69*7c478bd9Sstevel@tonic-gate static int upap_printpkt __P((u_char *, int,
70*7c478bd9Sstevel@tonic-gate void (*) __P((void *, const char *, ...)), void *));
71*7c478bd9Sstevel@tonic-gate
72*7c478bd9Sstevel@tonic-gate struct protent pap_protent = {
73*7c478bd9Sstevel@tonic-gate PPP_PAP,
74*7c478bd9Sstevel@tonic-gate upap_init,
75*7c478bd9Sstevel@tonic-gate upap_input,
76*7c478bd9Sstevel@tonic-gate upap_protrej,
77*7c478bd9Sstevel@tonic-gate upap_lowerup,
78*7c478bd9Sstevel@tonic-gate upap_lowerdown,
79*7c478bd9Sstevel@tonic-gate NULL,
80*7c478bd9Sstevel@tonic-gate NULL,
81*7c478bd9Sstevel@tonic-gate upap_printpkt,
82*7c478bd9Sstevel@tonic-gate NULL,
83*7c478bd9Sstevel@tonic-gate 1,
84*7c478bd9Sstevel@tonic-gate "PAP",
85*7c478bd9Sstevel@tonic-gate NULL,
86*7c478bd9Sstevel@tonic-gate pap_option_list,
87*7c478bd9Sstevel@tonic-gate NULL,
88*7c478bd9Sstevel@tonic-gate NULL,
89*7c478bd9Sstevel@tonic-gate NULL
90*7c478bd9Sstevel@tonic-gate };
91*7c478bd9Sstevel@tonic-gate
92*7c478bd9Sstevel@tonic-gate upap_state upap[NUM_PPP]; /* UPAP state; one for each unit */
93*7c478bd9Sstevel@tonic-gate
94*7c478bd9Sstevel@tonic-gate static void upap_timeout __P((void *));
95*7c478bd9Sstevel@tonic-gate static void upap_reqtimeout __P((void *));
96*7c478bd9Sstevel@tonic-gate static void upap_rauthreq __P((upap_state *, u_char *, int, int));
97*7c478bd9Sstevel@tonic-gate static void upap_rauthack __P((upap_state *, u_char *, int, int));
98*7c478bd9Sstevel@tonic-gate static void upap_rauthnak __P((upap_state *, u_char *, int, int));
99*7c478bd9Sstevel@tonic-gate static void upap_sauthreq __P((upap_state *));
100*7c478bd9Sstevel@tonic-gate static void upap_sresp __P((upap_state *, int, int, char *, int));
101*7c478bd9Sstevel@tonic-gate
102*7c478bd9Sstevel@tonic-gate static const char *
pap_cstate(clientstate)103*7c478bd9Sstevel@tonic-gate pap_cstate(clientstate)
104*7c478bd9Sstevel@tonic-gate int clientstate;
105*7c478bd9Sstevel@tonic-gate {
106*7c478bd9Sstevel@tonic-gate static const char *cstate[] = { UPAPCS__NAMES };
107*7c478bd9Sstevel@tonic-gate static char buf[32];
108*7c478bd9Sstevel@tonic-gate
109*7c478bd9Sstevel@tonic-gate if (clientstate < 0 || clientstate >= Dim(cstate)) {
110*7c478bd9Sstevel@tonic-gate (void) slprintf(buf, sizeof (buf), "Cli#%d", clientstate);
111*7c478bd9Sstevel@tonic-gate return ((const char *)buf);
112*7c478bd9Sstevel@tonic-gate }
113*7c478bd9Sstevel@tonic-gate return (cstate[clientstate]);
114*7c478bd9Sstevel@tonic-gate }
115*7c478bd9Sstevel@tonic-gate
116*7c478bd9Sstevel@tonic-gate static const char *
pap_sstate(serverstate)117*7c478bd9Sstevel@tonic-gate pap_sstate(serverstate)
118*7c478bd9Sstevel@tonic-gate int serverstate;
119*7c478bd9Sstevel@tonic-gate {
120*7c478bd9Sstevel@tonic-gate static const char *sstate[] = { UPAPSS__NAMES };
121*7c478bd9Sstevel@tonic-gate static char buf[32];
122*7c478bd9Sstevel@tonic-gate
123*7c478bd9Sstevel@tonic-gate if (serverstate < 0 || serverstate >= Dim(sstate)) {
124*7c478bd9Sstevel@tonic-gate (void) slprintf(buf, sizeof (buf), "Srv#%d", serverstate);
125*7c478bd9Sstevel@tonic-gate return ((const char *)buf);
126*7c478bd9Sstevel@tonic-gate }
127*7c478bd9Sstevel@tonic-gate return (sstate[serverstate]);
128*7c478bd9Sstevel@tonic-gate }
129*7c478bd9Sstevel@tonic-gate
130*7c478bd9Sstevel@tonic-gate /*
131*7c478bd9Sstevel@tonic-gate * upap_init - Initialize a UPAP unit.
132*7c478bd9Sstevel@tonic-gate */
133*7c478bd9Sstevel@tonic-gate static void
upap_init(unit)134*7c478bd9Sstevel@tonic-gate upap_init(unit)
135*7c478bd9Sstevel@tonic-gate int unit;
136*7c478bd9Sstevel@tonic-gate {
137*7c478bd9Sstevel@tonic-gate upap_state *u = &upap[unit];
138*7c478bd9Sstevel@tonic-gate
139*7c478bd9Sstevel@tonic-gate u->us_unit = unit;
140*7c478bd9Sstevel@tonic-gate u->us_user = NULL;
141*7c478bd9Sstevel@tonic-gate u->us_userlen = 0;
142*7c478bd9Sstevel@tonic-gate u->us_passwd = NULL;
143*7c478bd9Sstevel@tonic-gate u->us_clientstate = UPAPCS_INITIAL;
144*7c478bd9Sstevel@tonic-gate u->us_serverstate = UPAPSS_INITIAL;
145*7c478bd9Sstevel@tonic-gate u->us_id = 0;
146*7c478bd9Sstevel@tonic-gate u->us_timeouttime = UPAP_DEFTIMEOUT;
147*7c478bd9Sstevel@tonic-gate u->us_maxtransmits = 10;
148*7c478bd9Sstevel@tonic-gate u->us_reqtimeout = UPAP_DEFREQTIME;
149*7c478bd9Sstevel@tonic-gate u->us_maxreceives = 3;
150*7c478bd9Sstevel@tonic-gate u->us_msg = "";
151*7c478bd9Sstevel@tonic-gate u->us_msglen = 0;
152*7c478bd9Sstevel@tonic-gate }
153*7c478bd9Sstevel@tonic-gate
154*7c478bd9Sstevel@tonic-gate
155*7c478bd9Sstevel@tonic-gate /*
156*7c478bd9Sstevel@tonic-gate * upap_authwithpeer - Authenticate us with our peer (start client).
157*7c478bd9Sstevel@tonic-gate *
158*7c478bd9Sstevel@tonic-gate * Set new state and send authenticate's.
159*7c478bd9Sstevel@tonic-gate */
160*7c478bd9Sstevel@tonic-gate void
upap_authwithpeer(unit,user,password)161*7c478bd9Sstevel@tonic-gate upap_authwithpeer(unit, user, password)
162*7c478bd9Sstevel@tonic-gate int unit;
163*7c478bd9Sstevel@tonic-gate char *user, *password;
164*7c478bd9Sstevel@tonic-gate {
165*7c478bd9Sstevel@tonic-gate upap_state *u = &upap[unit];
166*7c478bd9Sstevel@tonic-gate
167*7c478bd9Sstevel@tonic-gate /* Save the username and password we're given */
168*7c478bd9Sstevel@tonic-gate u->us_user = user;
169*7c478bd9Sstevel@tonic-gate u->us_userlen = strlen(user);
170*7c478bd9Sstevel@tonic-gate u->us_passwd = password;
171*7c478bd9Sstevel@tonic-gate u->us_transmits = 0;
172*7c478bd9Sstevel@tonic-gate
173*7c478bd9Sstevel@tonic-gate /* Lower layer up yet? */
174*7c478bd9Sstevel@tonic-gate if (u->us_clientstate == UPAPCS_INITIAL ||
175*7c478bd9Sstevel@tonic-gate u->us_clientstate == UPAPCS_PENDING) {
176*7c478bd9Sstevel@tonic-gate u->us_clientstate = UPAPCS_PENDING;
177*7c478bd9Sstevel@tonic-gate return;
178*7c478bd9Sstevel@tonic-gate }
179*7c478bd9Sstevel@tonic-gate
180*7c478bd9Sstevel@tonic-gate upap_sauthreq(u); /* Start protocol */
181*7c478bd9Sstevel@tonic-gate }
182*7c478bd9Sstevel@tonic-gate
183*7c478bd9Sstevel@tonic-gate
184*7c478bd9Sstevel@tonic-gate /*
185*7c478bd9Sstevel@tonic-gate * upap_authpeer - Authenticate our peer (start server).
186*7c478bd9Sstevel@tonic-gate *
187*7c478bd9Sstevel@tonic-gate * Set new state.
188*7c478bd9Sstevel@tonic-gate */
189*7c478bd9Sstevel@tonic-gate void
upap_authpeer(unit)190*7c478bd9Sstevel@tonic-gate upap_authpeer(unit)
191*7c478bd9Sstevel@tonic-gate int unit;
192*7c478bd9Sstevel@tonic-gate {
193*7c478bd9Sstevel@tonic-gate upap_state *u = &upap[unit];
194*7c478bd9Sstevel@tonic-gate
195*7c478bd9Sstevel@tonic-gate /* Lower layer up yet? */
196*7c478bd9Sstevel@tonic-gate if (u->us_serverstate == UPAPSS_INITIAL ||
197*7c478bd9Sstevel@tonic-gate u->us_serverstate == UPAPSS_PENDING) {
198*7c478bd9Sstevel@tonic-gate u->us_serverstate = UPAPSS_PENDING;
199*7c478bd9Sstevel@tonic-gate return;
200*7c478bd9Sstevel@tonic-gate }
201*7c478bd9Sstevel@tonic-gate
202*7c478bd9Sstevel@tonic-gate u->us_serverstate = UPAPSS_LISTEN;
203*7c478bd9Sstevel@tonic-gate u->us_receives = 0;
204*7c478bd9Sstevel@tonic-gate if (u->us_reqtimeout > 0)
205*7c478bd9Sstevel@tonic-gate TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
206*7c478bd9Sstevel@tonic-gate }
207*7c478bd9Sstevel@tonic-gate
208*7c478bd9Sstevel@tonic-gate
209*7c478bd9Sstevel@tonic-gate /*
210*7c478bd9Sstevel@tonic-gate * upap_timeout - Retransmission timer for sending auth-reqs expired.
211*7c478bd9Sstevel@tonic-gate */
212*7c478bd9Sstevel@tonic-gate static void
upap_timeout(arg)213*7c478bd9Sstevel@tonic-gate upap_timeout(arg)
214*7c478bd9Sstevel@tonic-gate void *arg;
215*7c478bd9Sstevel@tonic-gate {
216*7c478bd9Sstevel@tonic-gate upap_state *u = (upap_state *) arg;
217*7c478bd9Sstevel@tonic-gate
218*7c478bd9Sstevel@tonic-gate if (u->us_clientstate != UPAPCS_AUTHREQ)
219*7c478bd9Sstevel@tonic-gate return;
220*7c478bd9Sstevel@tonic-gate
221*7c478bd9Sstevel@tonic-gate if (u->us_transmits >= u->us_maxtransmits) {
222*7c478bd9Sstevel@tonic-gate /* give up in disgust */
223*7c478bd9Sstevel@tonic-gate error("No response to %d PAP Authenticate-Requests", u->us_transmits);
224*7c478bd9Sstevel@tonic-gate u->us_clientstate = UPAPCS_BADAUTH;
225*7c478bd9Sstevel@tonic-gate auth_withpeer_fail(u->us_unit, PPP_PAP);
226*7c478bd9Sstevel@tonic-gate return;
227*7c478bd9Sstevel@tonic-gate }
228*7c478bd9Sstevel@tonic-gate
229*7c478bd9Sstevel@tonic-gate upap_sauthreq(u); /* Send Authenticate-Request */
230*7c478bd9Sstevel@tonic-gate }
231*7c478bd9Sstevel@tonic-gate
232*7c478bd9Sstevel@tonic-gate
233*7c478bd9Sstevel@tonic-gate /*
234*7c478bd9Sstevel@tonic-gate * upap_reqtimeout - Give up waiting for the peer to send a valid auth-req.
235*7c478bd9Sstevel@tonic-gate */
236*7c478bd9Sstevel@tonic-gate static void
upap_reqtimeout(arg)237*7c478bd9Sstevel@tonic-gate upap_reqtimeout(arg)
238*7c478bd9Sstevel@tonic-gate void *arg;
239*7c478bd9Sstevel@tonic-gate {
240*7c478bd9Sstevel@tonic-gate upap_state *u = (upap_state *) arg;
241*7c478bd9Sstevel@tonic-gate
242*7c478bd9Sstevel@tonic-gate if (u->us_serverstate != UPAPSS_LISTEN)
243*7c478bd9Sstevel@tonic-gate return; /* huh?? */
244*7c478bd9Sstevel@tonic-gate
245*7c478bd9Sstevel@tonic-gate auth_peer_fail(u->us_unit, PPP_PAP);
246*7c478bd9Sstevel@tonic-gate u->us_serverstate = UPAPSS_BADAUTH;
247*7c478bd9Sstevel@tonic-gate }
248*7c478bd9Sstevel@tonic-gate
249*7c478bd9Sstevel@tonic-gate
250*7c478bd9Sstevel@tonic-gate /*
251*7c478bd9Sstevel@tonic-gate * upap_lowerup - The lower layer is up.
252*7c478bd9Sstevel@tonic-gate *
253*7c478bd9Sstevel@tonic-gate * Start authenticating if pending.
254*7c478bd9Sstevel@tonic-gate */
255*7c478bd9Sstevel@tonic-gate static void
upap_lowerup(unit)256*7c478bd9Sstevel@tonic-gate upap_lowerup(unit)
257*7c478bd9Sstevel@tonic-gate int unit;
258*7c478bd9Sstevel@tonic-gate {
259*7c478bd9Sstevel@tonic-gate upap_state *u = &upap[unit];
260*7c478bd9Sstevel@tonic-gate
261*7c478bd9Sstevel@tonic-gate if (u->us_clientstate == UPAPCS_INITIAL)
262*7c478bd9Sstevel@tonic-gate u->us_clientstate = UPAPCS_CLOSED;
263*7c478bd9Sstevel@tonic-gate else if (u->us_clientstate == UPAPCS_PENDING) {
264*7c478bd9Sstevel@tonic-gate upap_sauthreq(u); /* send an auth-request */
265*7c478bd9Sstevel@tonic-gate }
266*7c478bd9Sstevel@tonic-gate
267*7c478bd9Sstevel@tonic-gate if (u->us_serverstate == UPAPSS_INITIAL)
268*7c478bd9Sstevel@tonic-gate u->us_serverstate = UPAPSS_CLOSED;
269*7c478bd9Sstevel@tonic-gate else if (u->us_serverstate == UPAPSS_PENDING) {
270*7c478bd9Sstevel@tonic-gate u->us_serverstate = UPAPSS_LISTEN;
271*7c478bd9Sstevel@tonic-gate if (u->us_reqtimeout > 0)
272*7c478bd9Sstevel@tonic-gate TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
273*7c478bd9Sstevel@tonic-gate }
274*7c478bd9Sstevel@tonic-gate }
275*7c478bd9Sstevel@tonic-gate
276*7c478bd9Sstevel@tonic-gate
277*7c478bd9Sstevel@tonic-gate /*
278*7c478bd9Sstevel@tonic-gate * upap_lowerdown - The lower layer is down.
279*7c478bd9Sstevel@tonic-gate *
280*7c478bd9Sstevel@tonic-gate * Cancel all timeouts.
281*7c478bd9Sstevel@tonic-gate */
282*7c478bd9Sstevel@tonic-gate static void
upap_lowerdown(unit)283*7c478bd9Sstevel@tonic-gate upap_lowerdown(unit)
284*7c478bd9Sstevel@tonic-gate int unit;
285*7c478bd9Sstevel@tonic-gate {
286*7c478bd9Sstevel@tonic-gate upap_state *u = &upap[unit];
287*7c478bd9Sstevel@tonic-gate
288*7c478bd9Sstevel@tonic-gate /* Cancel timeouts */
289*7c478bd9Sstevel@tonic-gate if (u->us_clientstate == UPAPCS_AUTHREQ && u->us_timeouttime > 0)
290*7c478bd9Sstevel@tonic-gate UNTIMEOUT(upap_timeout, u);
291*7c478bd9Sstevel@tonic-gate if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0)
292*7c478bd9Sstevel@tonic-gate UNTIMEOUT(upap_reqtimeout, u);
293*7c478bd9Sstevel@tonic-gate
294*7c478bd9Sstevel@tonic-gate u->us_clientstate = UPAPCS_INITIAL;
295*7c478bd9Sstevel@tonic-gate u->us_serverstate = UPAPSS_INITIAL;
296*7c478bd9Sstevel@tonic-gate }
297*7c478bd9Sstevel@tonic-gate
298*7c478bd9Sstevel@tonic-gate
299*7c478bd9Sstevel@tonic-gate /*
300*7c478bd9Sstevel@tonic-gate * upap_protrej - Peer doesn't speak this protocol.
301*7c478bd9Sstevel@tonic-gate *
302*7c478bd9Sstevel@tonic-gate * This shouldn't happen. In any case, pretend lower layer went down.
303*7c478bd9Sstevel@tonic-gate */
304*7c478bd9Sstevel@tonic-gate static void
upap_protrej(unit)305*7c478bd9Sstevel@tonic-gate upap_protrej(unit)
306*7c478bd9Sstevel@tonic-gate int unit;
307*7c478bd9Sstevel@tonic-gate {
308*7c478bd9Sstevel@tonic-gate upap_state *u = &upap[unit];
309*7c478bd9Sstevel@tonic-gate
310*7c478bd9Sstevel@tonic-gate if (u->us_clientstate == UPAPCS_AUTHREQ) {
311*7c478bd9Sstevel@tonic-gate error("PAP authentication failed due to protocol-reject");
312*7c478bd9Sstevel@tonic-gate auth_withpeer_fail(unit, PPP_PAP);
313*7c478bd9Sstevel@tonic-gate }
314*7c478bd9Sstevel@tonic-gate if (u->us_serverstate == UPAPSS_LISTEN) {
315*7c478bd9Sstevel@tonic-gate error("PAP authentication of peer failed (protocol-reject)");
316*7c478bd9Sstevel@tonic-gate auth_peer_fail(unit, PPP_PAP);
317*7c478bd9Sstevel@tonic-gate }
318*7c478bd9Sstevel@tonic-gate upap_lowerdown(unit);
319*7c478bd9Sstevel@tonic-gate }
320*7c478bd9Sstevel@tonic-gate
321*7c478bd9Sstevel@tonic-gate
322*7c478bd9Sstevel@tonic-gate /*
323*7c478bd9Sstevel@tonic-gate * upap_input - Input UPAP packet.
324*7c478bd9Sstevel@tonic-gate */
325*7c478bd9Sstevel@tonic-gate static void
upap_input(unit,inpacket,l)326*7c478bd9Sstevel@tonic-gate upap_input(unit, inpacket, l)
327*7c478bd9Sstevel@tonic-gate int unit;
328*7c478bd9Sstevel@tonic-gate u_char *inpacket;
329*7c478bd9Sstevel@tonic-gate int l;
330*7c478bd9Sstevel@tonic-gate {
331*7c478bd9Sstevel@tonic-gate upap_state *u = &upap[unit];
332*7c478bd9Sstevel@tonic-gate u_char *inp;
333*7c478bd9Sstevel@tonic-gate u_char code, id;
334*7c478bd9Sstevel@tonic-gate int len;
335*7c478bd9Sstevel@tonic-gate
336*7c478bd9Sstevel@tonic-gate /*
337*7c478bd9Sstevel@tonic-gate * Parse header (code, id and length).
338*7c478bd9Sstevel@tonic-gate * If packet too short, drop it.
339*7c478bd9Sstevel@tonic-gate */
340*7c478bd9Sstevel@tonic-gate inp = inpacket;
341*7c478bd9Sstevel@tonic-gate if (l < UPAP_HEADERLEN) {
342*7c478bd9Sstevel@tonic-gate error("PAP: packet is too small (%d < %d)", l, UPAP_HEADERLEN);
343*7c478bd9Sstevel@tonic-gate return;
344*7c478bd9Sstevel@tonic-gate }
345*7c478bd9Sstevel@tonic-gate GETCHAR(code, inp);
346*7c478bd9Sstevel@tonic-gate GETCHAR(id, inp);
347*7c478bd9Sstevel@tonic-gate GETSHORT(len, inp);
348*7c478bd9Sstevel@tonic-gate if ((len < UPAP_HEADERLEN) || (len > l)) {
349*7c478bd9Sstevel@tonic-gate error("PAP: packet has illegal length %d (%d..%d)", len,
350*7c478bd9Sstevel@tonic-gate UPAP_HEADERLEN, l);
351*7c478bd9Sstevel@tonic-gate return;
352*7c478bd9Sstevel@tonic-gate }
353*7c478bd9Sstevel@tonic-gate len -= UPAP_HEADERLEN;
354*7c478bd9Sstevel@tonic-gate
355*7c478bd9Sstevel@tonic-gate /*
356*7c478bd9Sstevel@tonic-gate * Action depends on code.
357*7c478bd9Sstevel@tonic-gate */
358*7c478bd9Sstevel@tonic-gate switch (code) {
359*7c478bd9Sstevel@tonic-gate case UPAP_AUTHREQ:
360*7c478bd9Sstevel@tonic-gate upap_rauthreq(u, inp, id, len);
361*7c478bd9Sstevel@tonic-gate break;
362*7c478bd9Sstevel@tonic-gate
363*7c478bd9Sstevel@tonic-gate case UPAP_AUTHACK:
364*7c478bd9Sstevel@tonic-gate upap_rauthack(u, inp, id, len);
365*7c478bd9Sstevel@tonic-gate break;
366*7c478bd9Sstevel@tonic-gate
367*7c478bd9Sstevel@tonic-gate case UPAP_AUTHNAK:
368*7c478bd9Sstevel@tonic-gate upap_rauthnak(u, inp, id, len);
369*7c478bd9Sstevel@tonic-gate break;
370*7c478bd9Sstevel@tonic-gate
371*7c478bd9Sstevel@tonic-gate default:
372*7c478bd9Sstevel@tonic-gate warn("Unknown PAP code (%d) received.", code);
373*7c478bd9Sstevel@tonic-gate break;
374*7c478bd9Sstevel@tonic-gate }
375*7c478bd9Sstevel@tonic-gate }
376*7c478bd9Sstevel@tonic-gate
377*7c478bd9Sstevel@tonic-gate
378*7c478bd9Sstevel@tonic-gate /*
379*7c478bd9Sstevel@tonic-gate * upap_rauth - Receive Authenticate.
380*7c478bd9Sstevel@tonic-gate */
381*7c478bd9Sstevel@tonic-gate static void
upap_rauthreq(u,inp,id,len)382*7c478bd9Sstevel@tonic-gate upap_rauthreq(u, inp, id, len)
383*7c478bd9Sstevel@tonic-gate upap_state *u;
384*7c478bd9Sstevel@tonic-gate u_char *inp;
385*7c478bd9Sstevel@tonic-gate int id;
386*7c478bd9Sstevel@tonic-gate int len;
387*7c478bd9Sstevel@tonic-gate {
388*7c478bd9Sstevel@tonic-gate u_char ruserlen, rpasswdlen;
389*7c478bd9Sstevel@tonic-gate char *ruser, *rpasswd;
390*7c478bd9Sstevel@tonic-gate int retcode;
391*7c478bd9Sstevel@tonic-gate char *msg;
392*7c478bd9Sstevel@tonic-gate int msglen;
393*7c478bd9Sstevel@tonic-gate
394*7c478bd9Sstevel@tonic-gate if (u->us_serverstate < UPAPSS_LISTEN) {
395*7c478bd9Sstevel@tonic-gate info("PAP: discarded Authenticate-Request in state %s",
396*7c478bd9Sstevel@tonic-gate pap_sstate(u->us_serverstate));
397*7c478bd9Sstevel@tonic-gate return;
398*7c478bd9Sstevel@tonic-gate }
399*7c478bd9Sstevel@tonic-gate
400*7c478bd9Sstevel@tonic-gate /*
401*7c478bd9Sstevel@tonic-gate * If we receive a duplicate authenticate-request, we are
402*7c478bd9Sstevel@tonic-gate * supposed to return the same status as for the first request.
403*7c478bd9Sstevel@tonic-gate */
404*7c478bd9Sstevel@tonic-gate if (u->us_serverstate == UPAPSS_OPEN) {
405*7c478bd9Sstevel@tonic-gate /* return auth-ack */
406*7c478bd9Sstevel@tonic-gate upap_sresp(u, UPAP_AUTHACK, id, u->us_msg, u->us_msglen);
407*7c478bd9Sstevel@tonic-gate return;
408*7c478bd9Sstevel@tonic-gate }
409*7c478bd9Sstevel@tonic-gate if (u->us_serverstate == UPAPSS_BADAUTH) {
410*7c478bd9Sstevel@tonic-gate /* return auth-nak */
411*7c478bd9Sstevel@tonic-gate upap_sresp(u, UPAP_AUTHNAK, id, u->us_msg, u->us_msglen);
412*7c478bd9Sstevel@tonic-gate return;
413*7c478bd9Sstevel@tonic-gate }
414*7c478bd9Sstevel@tonic-gate
415*7c478bd9Sstevel@tonic-gate /*
416*7c478bd9Sstevel@tonic-gate * Parse user/passwd.
417*7c478bd9Sstevel@tonic-gate */
418*7c478bd9Sstevel@tonic-gate if (len < 1) {
419*7c478bd9Sstevel@tonic-gate error("PAP: rcvd short packet; no data");
420*7c478bd9Sstevel@tonic-gate return;
421*7c478bd9Sstevel@tonic-gate }
422*7c478bd9Sstevel@tonic-gate GETCHAR(ruserlen, inp);
423*7c478bd9Sstevel@tonic-gate len -= sizeof (u_char) + ruserlen + sizeof (u_char);
424*7c478bd9Sstevel@tonic-gate if (len < 0) {
425*7c478bd9Sstevel@tonic-gate error("PAP: rcvd short packet; peer name missing");
426*7c478bd9Sstevel@tonic-gate return;
427*7c478bd9Sstevel@tonic-gate }
428*7c478bd9Sstevel@tonic-gate ruser = (char *) inp;
429*7c478bd9Sstevel@tonic-gate INCPTR(ruserlen, inp);
430*7c478bd9Sstevel@tonic-gate GETCHAR(rpasswdlen, inp);
431*7c478bd9Sstevel@tonic-gate if (len < rpasswdlen) {
432*7c478bd9Sstevel@tonic-gate error("PAP: rcvd short packet; pass len %d < %d", len, rpasswdlen);
433*7c478bd9Sstevel@tonic-gate return;
434*7c478bd9Sstevel@tonic-gate }
435*7c478bd9Sstevel@tonic-gate rpasswd = (char *) inp;
436*7c478bd9Sstevel@tonic-gate
437*7c478bd9Sstevel@tonic-gate /*
438*7c478bd9Sstevel@tonic-gate * Check the username and password given.
439*7c478bd9Sstevel@tonic-gate */
440*7c478bd9Sstevel@tonic-gate retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd,
441*7c478bd9Sstevel@tonic-gate rpasswdlen, &msg);
442*7c478bd9Sstevel@tonic-gate BZERO(rpasswd, rpasswdlen);
443*7c478bd9Sstevel@tonic-gate msglen = strlen(msg);
444*7c478bd9Sstevel@tonic-gate if (msglen > 255)
445*7c478bd9Sstevel@tonic-gate msglen = 255;
446*7c478bd9Sstevel@tonic-gate
447*7c478bd9Sstevel@tonic-gate u->us_msg = msg;
448*7c478bd9Sstevel@tonic-gate u->us_msglen = msglen;
449*7c478bd9Sstevel@tonic-gate upap_sresp(u, retcode, id, u->us_msg, u->us_msglen);
450*7c478bd9Sstevel@tonic-gate
451*7c478bd9Sstevel@tonic-gate if (retcode == UPAP_AUTHACK) {
452*7c478bd9Sstevel@tonic-gate u->us_serverstate = UPAPSS_OPEN;
453*7c478bd9Sstevel@tonic-gate auth_peer_success(u->us_unit, PPP_PAP, ruser, ruserlen);
454*7c478bd9Sstevel@tonic-gate } else if (++u->us_receives >= u->us_maxreceives) {
455*7c478bd9Sstevel@tonic-gate u->us_serverstate = UPAPSS_BADAUTH;
456*7c478bd9Sstevel@tonic-gate auth_peer_fail(u->us_unit, PPP_PAP);
457*7c478bd9Sstevel@tonic-gate } else {
458*7c478bd9Sstevel@tonic-gate /* Just wait for a good one to arrive, or for time-out. */
459*7c478bd9Sstevel@tonic-gate return;
460*7c478bd9Sstevel@tonic-gate }
461*7c478bd9Sstevel@tonic-gate
462*7c478bd9Sstevel@tonic-gate if (u->us_reqtimeout > 0)
463*7c478bd9Sstevel@tonic-gate UNTIMEOUT(upap_reqtimeout, u);
464*7c478bd9Sstevel@tonic-gate }
465*7c478bd9Sstevel@tonic-gate
466*7c478bd9Sstevel@tonic-gate
467*7c478bd9Sstevel@tonic-gate /*
468*7c478bd9Sstevel@tonic-gate * upap_rauthack - Receive Authenticate-Ack.
469*7c478bd9Sstevel@tonic-gate */
470*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/
471*7c478bd9Sstevel@tonic-gate static void
upap_rauthack(u,inp,id,len)472*7c478bd9Sstevel@tonic-gate upap_rauthack(u, inp, id, len)
473*7c478bd9Sstevel@tonic-gate upap_state *u;
474*7c478bd9Sstevel@tonic-gate u_char *inp;
475*7c478bd9Sstevel@tonic-gate int id;
476*7c478bd9Sstevel@tonic-gate int len;
477*7c478bd9Sstevel@tonic-gate {
478*7c478bd9Sstevel@tonic-gate u_char msglen;
479*7c478bd9Sstevel@tonic-gate char *msg;
480*7c478bd9Sstevel@tonic-gate
481*7c478bd9Sstevel@tonic-gate if (u->us_clientstate != UPAPCS_AUTHREQ) {
482*7c478bd9Sstevel@tonic-gate info("PAP: discarded Authenticate-Ack in state %s",
483*7c478bd9Sstevel@tonic-gate pap_cstate(u->us_clientstate));
484*7c478bd9Sstevel@tonic-gate return;
485*7c478bd9Sstevel@tonic-gate }
486*7c478bd9Sstevel@tonic-gate
487*7c478bd9Sstevel@tonic-gate if (id != u->us_id) {
488*7c478bd9Sstevel@tonic-gate dbglog("PAP: discard Authenticate-Ack; ID %d != %d",
489*7c478bd9Sstevel@tonic-gate id, u->us_id);
490*7c478bd9Sstevel@tonic-gate return;
491*7c478bd9Sstevel@tonic-gate }
492*7c478bd9Sstevel@tonic-gate
493*7c478bd9Sstevel@tonic-gate if (u->us_timeouttime > 0)
494*7c478bd9Sstevel@tonic-gate UNTIMEOUT(upap_timeout, u);
495*7c478bd9Sstevel@tonic-gate
496*7c478bd9Sstevel@tonic-gate /*
497*7c478bd9Sstevel@tonic-gate * Parse message.
498*7c478bd9Sstevel@tonic-gate */
499*7c478bd9Sstevel@tonic-gate if (len < 1) {
500*7c478bd9Sstevel@tonic-gate info("PAP: Ignoring missing ack msg-length octet");
501*7c478bd9Sstevel@tonic-gate } else {
502*7c478bd9Sstevel@tonic-gate GETCHAR(msglen, inp);
503*7c478bd9Sstevel@tonic-gate if (msglen > 0) {
504*7c478bd9Sstevel@tonic-gate len -= sizeof (u_char);
505*7c478bd9Sstevel@tonic-gate if (len < msglen) {
506*7c478bd9Sstevel@tonic-gate error("PAP: Discarding short packet (%d < %d)", len, msglen);
507*7c478bd9Sstevel@tonic-gate return;
508*7c478bd9Sstevel@tonic-gate }
509*7c478bd9Sstevel@tonic-gate msg = (char *) inp;
510*7c478bd9Sstevel@tonic-gate PRINTMSG(msg, msglen);
511*7c478bd9Sstevel@tonic-gate }
512*7c478bd9Sstevel@tonic-gate }
513*7c478bd9Sstevel@tonic-gate
514*7c478bd9Sstevel@tonic-gate u->us_clientstate = UPAPCS_OPEN;
515*7c478bd9Sstevel@tonic-gate
516*7c478bd9Sstevel@tonic-gate auth_withpeer_success(u->us_unit, PPP_PAP);
517*7c478bd9Sstevel@tonic-gate }
518*7c478bd9Sstevel@tonic-gate
519*7c478bd9Sstevel@tonic-gate
520*7c478bd9Sstevel@tonic-gate /*
521*7c478bd9Sstevel@tonic-gate * upap_rauthnak - Receive Authenticate-Nakk.
522*7c478bd9Sstevel@tonic-gate */
523*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/
524*7c478bd9Sstevel@tonic-gate static void
upap_rauthnak(u,inp,id,len)525*7c478bd9Sstevel@tonic-gate upap_rauthnak(u, inp, id, len)
526*7c478bd9Sstevel@tonic-gate upap_state *u;
527*7c478bd9Sstevel@tonic-gate u_char *inp;
528*7c478bd9Sstevel@tonic-gate int id;
529*7c478bd9Sstevel@tonic-gate int len;
530*7c478bd9Sstevel@tonic-gate {
531*7c478bd9Sstevel@tonic-gate u_char msglen;
532*7c478bd9Sstevel@tonic-gate char *msg;
533*7c478bd9Sstevel@tonic-gate
534*7c478bd9Sstevel@tonic-gate if (u->us_clientstate != UPAPCS_AUTHREQ) {
535*7c478bd9Sstevel@tonic-gate info("PAP: discarded Authenticate-Nak in state %s",
536*7c478bd9Sstevel@tonic-gate pap_cstate(u->us_clientstate));
537*7c478bd9Sstevel@tonic-gate return;
538*7c478bd9Sstevel@tonic-gate }
539*7c478bd9Sstevel@tonic-gate
540*7c478bd9Sstevel@tonic-gate if (id != u->us_id) {
541*7c478bd9Sstevel@tonic-gate dbglog("PAP: discard Authenticate-Ack; ID %d != %d",
542*7c478bd9Sstevel@tonic-gate id, u->us_id);
543*7c478bd9Sstevel@tonic-gate return;
544*7c478bd9Sstevel@tonic-gate }
545*7c478bd9Sstevel@tonic-gate
546*7c478bd9Sstevel@tonic-gate if (u->us_timeouttime > 0)
547*7c478bd9Sstevel@tonic-gate UNTIMEOUT(upap_timeout, u);
548*7c478bd9Sstevel@tonic-gate
549*7c478bd9Sstevel@tonic-gate /*
550*7c478bd9Sstevel@tonic-gate * Parse message.
551*7c478bd9Sstevel@tonic-gate */
552*7c478bd9Sstevel@tonic-gate if (len < 1) {
553*7c478bd9Sstevel@tonic-gate error("PAP: ignoring missing nak msg-length octet");
554*7c478bd9Sstevel@tonic-gate } else {
555*7c478bd9Sstevel@tonic-gate GETCHAR(msglen, inp);
556*7c478bd9Sstevel@tonic-gate if (msglen > 0) {
557*7c478bd9Sstevel@tonic-gate len -= sizeof (u_char);
558*7c478bd9Sstevel@tonic-gate if (len < msglen) {
559*7c478bd9Sstevel@tonic-gate error("PAP: Discarding short packet (%d < %d)", len, msglen);
560*7c478bd9Sstevel@tonic-gate return;
561*7c478bd9Sstevel@tonic-gate }
562*7c478bd9Sstevel@tonic-gate msg = (char *) inp;
563*7c478bd9Sstevel@tonic-gate PRINTMSG(msg, msglen);
564*7c478bd9Sstevel@tonic-gate }
565*7c478bd9Sstevel@tonic-gate }
566*7c478bd9Sstevel@tonic-gate
567*7c478bd9Sstevel@tonic-gate /* Try to get a new password from the plugin. */
568*7c478bd9Sstevel@tonic-gate if (pap_passwd_hook != NULL) {
569*7c478bd9Sstevel@tonic-gate if (u->us_transmits < u->us_maxtransmits) {
570*7c478bd9Sstevel@tonic-gate if ((*pap_passwd_hook)(user, passwd) >= 0) {
571*7c478bd9Sstevel@tonic-gate upap_sauthreq(u);
572*7c478bd9Sstevel@tonic-gate return;
573*7c478bd9Sstevel@tonic-gate }
574*7c478bd9Sstevel@tonic-gate } else {
575*7c478bd9Sstevel@tonic-gate /* Tell plug-in that we're giving up. */
576*7c478bd9Sstevel@tonic-gate (void) (*pap_passwd_hook)(NULL, NULL);
577*7c478bd9Sstevel@tonic-gate }
578*7c478bd9Sstevel@tonic-gate }
579*7c478bd9Sstevel@tonic-gate
580*7c478bd9Sstevel@tonic-gate u->us_clientstate = UPAPCS_BADAUTH;
581*7c478bd9Sstevel@tonic-gate
582*7c478bd9Sstevel@tonic-gate error("PAP authentication failed");
583*7c478bd9Sstevel@tonic-gate auth_withpeer_fail(u->us_unit, PPP_PAP);
584*7c478bd9Sstevel@tonic-gate }
585*7c478bd9Sstevel@tonic-gate
586*7c478bd9Sstevel@tonic-gate
587*7c478bd9Sstevel@tonic-gate /*
588*7c478bd9Sstevel@tonic-gate * upap_sauthreq - Send an Authenticate-Request.
589*7c478bd9Sstevel@tonic-gate */
590*7c478bd9Sstevel@tonic-gate static void
upap_sauthreq(u)591*7c478bd9Sstevel@tonic-gate upap_sauthreq(u)
592*7c478bd9Sstevel@tonic-gate upap_state *u;
593*7c478bd9Sstevel@tonic-gate {
594*7c478bd9Sstevel@tonic-gate u_char *outp;
595*7c478bd9Sstevel@tonic-gate int pwlen;
596*7c478bd9Sstevel@tonic-gate int outlen;
597*7c478bd9Sstevel@tonic-gate
598*7c478bd9Sstevel@tonic-gate pwlen = strllen(passwd, MAXSECRETLEN);
599*7c478bd9Sstevel@tonic-gate if (pwlen > 0xFF)
600*7c478bd9Sstevel@tonic-gate pwlen = 0xFF;
601*7c478bd9Sstevel@tonic-gate outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) + u->us_userlen + pwlen;
602*7c478bd9Sstevel@tonic-gate outp = outpacket_buf;
603*7c478bd9Sstevel@tonic-gate
604*7c478bd9Sstevel@tonic-gate MAKEHEADER(outp, PPP_PAP);
605*7c478bd9Sstevel@tonic-gate
606*7c478bd9Sstevel@tonic-gate PUTCHAR(UPAP_AUTHREQ, outp);
607*7c478bd9Sstevel@tonic-gate PUTCHAR(++u->us_id, outp);
608*7c478bd9Sstevel@tonic-gate PUTSHORT(outlen, outp);
609*7c478bd9Sstevel@tonic-gate PUTCHAR(u->us_userlen, outp);
610*7c478bd9Sstevel@tonic-gate BCOPY(u->us_user, outp, u->us_userlen);
611*7c478bd9Sstevel@tonic-gate INCPTR(u->us_userlen, outp);
612*7c478bd9Sstevel@tonic-gate PUTCHAR(pwlen, outp);
613*7c478bd9Sstevel@tonic-gate BCOPY(u->us_passwd, outp, pwlen);
614*7c478bd9Sstevel@tonic-gate
615*7c478bd9Sstevel@tonic-gate output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
616*7c478bd9Sstevel@tonic-gate
617*7c478bd9Sstevel@tonic-gate if (u->us_timeouttime > 0)
618*7c478bd9Sstevel@tonic-gate TIMEOUT(upap_timeout, u, u->us_timeouttime);
619*7c478bd9Sstevel@tonic-gate ++u->us_transmits;
620*7c478bd9Sstevel@tonic-gate u->us_clientstate = UPAPCS_AUTHREQ;
621*7c478bd9Sstevel@tonic-gate }
622*7c478bd9Sstevel@tonic-gate
623*7c478bd9Sstevel@tonic-gate
624*7c478bd9Sstevel@tonic-gate /*
625*7c478bd9Sstevel@tonic-gate * upap_sresp - Send a response (ack or nak).
626*7c478bd9Sstevel@tonic-gate */
627*7c478bd9Sstevel@tonic-gate static void
upap_sresp(u,code,id,msg,msglen)628*7c478bd9Sstevel@tonic-gate upap_sresp(u, code, id, msg, msglen)
629*7c478bd9Sstevel@tonic-gate upap_state *u;
630*7c478bd9Sstevel@tonic-gate u_char code, id;
631*7c478bd9Sstevel@tonic-gate char *msg;
632*7c478bd9Sstevel@tonic-gate int msglen;
633*7c478bd9Sstevel@tonic-gate {
634*7c478bd9Sstevel@tonic-gate u_char *outp;
635*7c478bd9Sstevel@tonic-gate int outlen;
636*7c478bd9Sstevel@tonic-gate
637*7c478bd9Sstevel@tonic-gate outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
638*7c478bd9Sstevel@tonic-gate outp = outpacket_buf;
639*7c478bd9Sstevel@tonic-gate MAKEHEADER(outp, PPP_PAP);
640*7c478bd9Sstevel@tonic-gate
641*7c478bd9Sstevel@tonic-gate PUTCHAR(code, outp);
642*7c478bd9Sstevel@tonic-gate PUTCHAR(id, outp);
643*7c478bd9Sstevel@tonic-gate PUTSHORT(outlen, outp);
644*7c478bd9Sstevel@tonic-gate PUTCHAR(msglen, outp);
645*7c478bd9Sstevel@tonic-gate BCOPY(msg, outp, msglen);
646*7c478bd9Sstevel@tonic-gate output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
647*7c478bd9Sstevel@tonic-gate }
648*7c478bd9Sstevel@tonic-gate
649*7c478bd9Sstevel@tonic-gate /*
650*7c478bd9Sstevel@tonic-gate * upap_printpkt - print the contents of a PAP packet.
651*7c478bd9Sstevel@tonic-gate */
652*7c478bd9Sstevel@tonic-gate static char *upap_codenames[] = {
653*7c478bd9Sstevel@tonic-gate "AuthReq", "AuthAck", "AuthNak"
654*7c478bd9Sstevel@tonic-gate };
655*7c478bd9Sstevel@tonic-gate
656*7c478bd9Sstevel@tonic-gate static int
upap_printpkt(p,plen,printer,arg)657*7c478bd9Sstevel@tonic-gate upap_printpkt(p, plen, printer, arg)
658*7c478bd9Sstevel@tonic-gate u_char *p;
659*7c478bd9Sstevel@tonic-gate int plen;
660*7c478bd9Sstevel@tonic-gate void (*printer) __P((void *, const char *, ...));
661*7c478bd9Sstevel@tonic-gate void *arg;
662*7c478bd9Sstevel@tonic-gate {
663*7c478bd9Sstevel@tonic-gate int code, id, len;
664*7c478bd9Sstevel@tonic-gate int mlen, ulen, wlen;
665*7c478bd9Sstevel@tonic-gate char *user, *pwd, *msg;
666*7c478bd9Sstevel@tonic-gate u_char *pstart;
667*7c478bd9Sstevel@tonic-gate
668*7c478bd9Sstevel@tonic-gate if (plen < UPAP_HEADERLEN)
669*7c478bd9Sstevel@tonic-gate return (0);
670*7c478bd9Sstevel@tonic-gate pstart = p;
671*7c478bd9Sstevel@tonic-gate GETCHAR(code, p);
672*7c478bd9Sstevel@tonic-gate GETCHAR(id, p);
673*7c478bd9Sstevel@tonic-gate GETSHORT(len, p);
674*7c478bd9Sstevel@tonic-gate if (len < UPAP_HEADERLEN || len > plen)
675*7c478bd9Sstevel@tonic-gate return (0);
676*7c478bd9Sstevel@tonic-gate
677*7c478bd9Sstevel@tonic-gate if (code >= 1 && code <= Dim(upap_codenames))
678*7c478bd9Sstevel@tonic-gate printer(arg, " %s", upap_codenames[code-1]);
679*7c478bd9Sstevel@tonic-gate else
680*7c478bd9Sstevel@tonic-gate printer(arg, " code=0x%x", code);
681*7c478bd9Sstevel@tonic-gate printer(arg, " id=0x%x", id);
682*7c478bd9Sstevel@tonic-gate len -= UPAP_HEADERLEN;
683*7c478bd9Sstevel@tonic-gate switch (code) {
684*7c478bd9Sstevel@tonic-gate case UPAP_AUTHREQ:
685*7c478bd9Sstevel@tonic-gate if (len < 1)
686*7c478bd9Sstevel@tonic-gate break;
687*7c478bd9Sstevel@tonic-gate ulen = p[0];
688*7c478bd9Sstevel@tonic-gate if (len < ulen + 2)
689*7c478bd9Sstevel@tonic-gate break;
690*7c478bd9Sstevel@tonic-gate wlen = p[ulen + 1];
691*7c478bd9Sstevel@tonic-gate if (len < ulen + wlen + 2)
692*7c478bd9Sstevel@tonic-gate break;
693*7c478bd9Sstevel@tonic-gate user = (char *) (p + 1);
694*7c478bd9Sstevel@tonic-gate pwd = (char *) (p + ulen + 2);
695*7c478bd9Sstevel@tonic-gate p += ulen + wlen + 2;
696*7c478bd9Sstevel@tonic-gate len -= ulen + wlen + 2;
697*7c478bd9Sstevel@tonic-gate printer(arg, " user=");
698*7c478bd9Sstevel@tonic-gate print_string(user, ulen, printer, arg);
699*7c478bd9Sstevel@tonic-gate printer(arg, " password=");
700*7c478bd9Sstevel@tonic-gate if (!hide_password)
701*7c478bd9Sstevel@tonic-gate print_string(pwd, wlen, printer, arg);
702*7c478bd9Sstevel@tonic-gate else
703*7c478bd9Sstevel@tonic-gate printer(arg, "<hidden>");
704*7c478bd9Sstevel@tonic-gate break;
705*7c478bd9Sstevel@tonic-gate case UPAP_AUTHACK:
706*7c478bd9Sstevel@tonic-gate case UPAP_AUTHNAK:
707*7c478bd9Sstevel@tonic-gate if (len < 1)
708*7c478bd9Sstevel@tonic-gate break;
709*7c478bd9Sstevel@tonic-gate mlen = p[0];
710*7c478bd9Sstevel@tonic-gate if (len < mlen + 1)
711*7c478bd9Sstevel@tonic-gate break;
712*7c478bd9Sstevel@tonic-gate msg = (char *) (p + 1);
713*7c478bd9Sstevel@tonic-gate p += mlen + 1;
714*7c478bd9Sstevel@tonic-gate len -= mlen + 1;
715*7c478bd9Sstevel@tonic-gate printer(arg, " ");
716*7c478bd9Sstevel@tonic-gate print_string(msg, mlen, printer, arg);
717*7c478bd9Sstevel@tonic-gate break;
718*7c478bd9Sstevel@tonic-gate }
719*7c478bd9Sstevel@tonic-gate
720*7c478bd9Sstevel@tonic-gate /* print the rest of the bytes in the packet */
721*7c478bd9Sstevel@tonic-gate for (; len > 0; --len) {
722*7c478bd9Sstevel@tonic-gate GETCHAR(code, p);
723*7c478bd9Sstevel@tonic-gate printer(arg, " %.2x", code);
724*7c478bd9Sstevel@tonic-gate }
725*7c478bd9Sstevel@tonic-gate
726*7c478bd9Sstevel@tonic-gate return (p - pstart);
727*7c478bd9Sstevel@tonic-gate }
728