1*7c478bd9Sstevel@tonic-gate /*
2*7c478bd9Sstevel@tonic-gate  * upap.c - User/Password Authentication Protocol.
3*7c478bd9Sstevel@tonic-gate  *
4*7c478bd9Sstevel@tonic-gate  * Copyright (c) 2000 by Sun Microsystems, Inc.
5*7c478bd9Sstevel@tonic-gate  * All rights reserved.
6*7c478bd9Sstevel@tonic-gate  *
7*7c478bd9Sstevel@tonic-gate  * Permission to use, copy, modify, and distribute this software and its
8*7c478bd9Sstevel@tonic-gate  * documentation is hereby granted, provided that the above copyright
9*7c478bd9Sstevel@tonic-gate  * notice appears in all copies.
10*7c478bd9Sstevel@tonic-gate  *
11*7c478bd9Sstevel@tonic-gate  * SUN MAKES NO REPRESENTATION OR WARRANTIES ABOUT THE SUITABILITY OF
12*7c478bd9Sstevel@tonic-gate  * THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
13*7c478bd9Sstevel@tonic-gate  * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
14*7c478bd9Sstevel@tonic-gate  * PARTICULAR PURPOSE, OR NON-INFRINGEMENT.  SUN SHALL NOT BE LIABLE FOR
15*7c478bd9Sstevel@tonic-gate  * ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR
16*7c478bd9Sstevel@tonic-gate  * DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES
17*7c478bd9Sstevel@tonic-gate  *
18*7c478bd9Sstevel@tonic-gate  * Copyright (c) 1989 Carnegie Mellon University.
19*7c478bd9Sstevel@tonic-gate  * All rights reserved.
20*7c478bd9Sstevel@tonic-gate  *
21*7c478bd9Sstevel@tonic-gate  * Redistribution and use in source and binary forms are permitted
22*7c478bd9Sstevel@tonic-gate  * provided that the above copyright notice and this paragraph are
23*7c478bd9Sstevel@tonic-gate  * duplicated in all such forms and that any documentation,
24*7c478bd9Sstevel@tonic-gate  * advertising materials, and other materials related to such
25*7c478bd9Sstevel@tonic-gate  * distribution and use acknowledge that the software was developed
26*7c478bd9Sstevel@tonic-gate  * by Carnegie Mellon University.  The name of the
27*7c478bd9Sstevel@tonic-gate  * University may not be used to endorse or promote products derived
28*7c478bd9Sstevel@tonic-gate  * from this software without specific prior written permission.
29*7c478bd9Sstevel@tonic-gate  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
30*7c478bd9Sstevel@tonic-gate  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
31*7c478bd9Sstevel@tonic-gate  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
32*7c478bd9Sstevel@tonic-gate  */
33*7c478bd9Sstevel@tonic-gate 
34*7c478bd9Sstevel@tonic-gate #include <stdio.h>
35*7c478bd9Sstevel@tonic-gate #include <string.h>
36*7c478bd9Sstevel@tonic-gate 
37*7c478bd9Sstevel@tonic-gate #include "pppd.h"
38*7c478bd9Sstevel@tonic-gate #include "upap.h"
39*7c478bd9Sstevel@tonic-gate 
40*7c478bd9Sstevel@tonic-gate static bool hide_password = 1;
41*7c478bd9Sstevel@tonic-gate 
42*7c478bd9Sstevel@tonic-gate /*
43*7c478bd9Sstevel@tonic-gate  * Command-line options.
44*7c478bd9Sstevel@tonic-gate  */
45*7c478bd9Sstevel@tonic-gate static option_t pap_option_list[] = {
46*7c478bd9Sstevel@tonic-gate     { "hide-password", o_bool, &hide_password,
47*7c478bd9Sstevel@tonic-gate       "Don't output passwords to log", 1 },
48*7c478bd9Sstevel@tonic-gate     { "show-password", o_bool, &hide_password,
49*7c478bd9Sstevel@tonic-gate       "Show password string in debug log messages", 0 },
50*7c478bd9Sstevel@tonic-gate     { "pap-restart", o_int, &upap[0].us_timeouttime,
51*7c478bd9Sstevel@tonic-gate       "Set retransmit timeout for PAP" },
52*7c478bd9Sstevel@tonic-gate     { "pap-max-authreq", o_int, &upap[0].us_maxtransmits,
53*7c478bd9Sstevel@tonic-gate       "Max number of PAP Authenticate-Request sent" },
54*7c478bd9Sstevel@tonic-gate     { "pap-max-receive", o_int, &upap[0].us_maxreceives,
55*7c478bd9Sstevel@tonic-gate       "Max allowable PAP Authenticate-Request received" },
56*7c478bd9Sstevel@tonic-gate     { "pap-timeout", o_int, &upap[0].us_reqtimeout,
57*7c478bd9Sstevel@tonic-gate       "Set time limit for peer PAP authentication" },
58*7c478bd9Sstevel@tonic-gate     { NULL }
59*7c478bd9Sstevel@tonic-gate };
60*7c478bd9Sstevel@tonic-gate 
61*7c478bd9Sstevel@tonic-gate /*
62*7c478bd9Sstevel@tonic-gate  * Protocol entry points.
63*7c478bd9Sstevel@tonic-gate  */
64*7c478bd9Sstevel@tonic-gate static void upap_init __P((int));
65*7c478bd9Sstevel@tonic-gate static void upap_lowerup __P((int));
66*7c478bd9Sstevel@tonic-gate static void upap_lowerdown __P((int));
67*7c478bd9Sstevel@tonic-gate static void upap_input __P((int, u_char *, int));
68*7c478bd9Sstevel@tonic-gate static void upap_protrej __P((int));
69*7c478bd9Sstevel@tonic-gate static int  upap_printpkt __P((u_char *, int,
70*7c478bd9Sstevel@tonic-gate     void (*) __P((void *, const char *, ...)), void *));
71*7c478bd9Sstevel@tonic-gate 
72*7c478bd9Sstevel@tonic-gate struct protent pap_protent = {
73*7c478bd9Sstevel@tonic-gate     PPP_PAP,
74*7c478bd9Sstevel@tonic-gate     upap_init,
75*7c478bd9Sstevel@tonic-gate     upap_input,
76*7c478bd9Sstevel@tonic-gate     upap_protrej,
77*7c478bd9Sstevel@tonic-gate     upap_lowerup,
78*7c478bd9Sstevel@tonic-gate     upap_lowerdown,
79*7c478bd9Sstevel@tonic-gate     NULL,
80*7c478bd9Sstevel@tonic-gate     NULL,
81*7c478bd9Sstevel@tonic-gate     upap_printpkt,
82*7c478bd9Sstevel@tonic-gate     NULL,
83*7c478bd9Sstevel@tonic-gate     1,
84*7c478bd9Sstevel@tonic-gate     "PAP",
85*7c478bd9Sstevel@tonic-gate     NULL,
86*7c478bd9Sstevel@tonic-gate     pap_option_list,
87*7c478bd9Sstevel@tonic-gate     NULL,
88*7c478bd9Sstevel@tonic-gate     NULL,
89*7c478bd9Sstevel@tonic-gate     NULL
90*7c478bd9Sstevel@tonic-gate };
91*7c478bd9Sstevel@tonic-gate 
92*7c478bd9Sstevel@tonic-gate upap_state upap[NUM_PPP];		/* UPAP state; one for each unit */
93*7c478bd9Sstevel@tonic-gate 
94*7c478bd9Sstevel@tonic-gate static void upap_timeout __P((void *));
95*7c478bd9Sstevel@tonic-gate static void upap_reqtimeout __P((void *));
96*7c478bd9Sstevel@tonic-gate static void upap_rauthreq __P((upap_state *, u_char *, int, int));
97*7c478bd9Sstevel@tonic-gate static void upap_rauthack __P((upap_state *, u_char *, int, int));
98*7c478bd9Sstevel@tonic-gate static void upap_rauthnak __P((upap_state *, u_char *, int, int));
99*7c478bd9Sstevel@tonic-gate static void upap_sauthreq __P((upap_state *));
100*7c478bd9Sstevel@tonic-gate static void upap_sresp __P((upap_state *, int, int, char *, int));
101*7c478bd9Sstevel@tonic-gate 
102*7c478bd9Sstevel@tonic-gate static const char *
pap_cstate(clientstate)103*7c478bd9Sstevel@tonic-gate pap_cstate(clientstate)
104*7c478bd9Sstevel@tonic-gate     int clientstate;
105*7c478bd9Sstevel@tonic-gate {
106*7c478bd9Sstevel@tonic-gate     static const char *cstate[] = { UPAPCS__NAMES };
107*7c478bd9Sstevel@tonic-gate     static char buf[32];
108*7c478bd9Sstevel@tonic-gate 
109*7c478bd9Sstevel@tonic-gate     if (clientstate < 0 || clientstate >= Dim(cstate)) {
110*7c478bd9Sstevel@tonic-gate 	(void) slprintf(buf, sizeof (buf), "Cli#%d", clientstate);
111*7c478bd9Sstevel@tonic-gate 	return ((const char *)buf);
112*7c478bd9Sstevel@tonic-gate     }
113*7c478bd9Sstevel@tonic-gate     return (cstate[clientstate]);
114*7c478bd9Sstevel@tonic-gate }
115*7c478bd9Sstevel@tonic-gate 
116*7c478bd9Sstevel@tonic-gate static const char *
pap_sstate(serverstate)117*7c478bd9Sstevel@tonic-gate pap_sstate(serverstate)
118*7c478bd9Sstevel@tonic-gate     int serverstate;
119*7c478bd9Sstevel@tonic-gate {
120*7c478bd9Sstevel@tonic-gate     static const char *sstate[] = { UPAPSS__NAMES };
121*7c478bd9Sstevel@tonic-gate     static char buf[32];
122*7c478bd9Sstevel@tonic-gate 
123*7c478bd9Sstevel@tonic-gate     if (serverstate < 0 || serverstate >= Dim(sstate)) {
124*7c478bd9Sstevel@tonic-gate 	(void) slprintf(buf, sizeof (buf), "Srv#%d", serverstate);
125*7c478bd9Sstevel@tonic-gate 	return ((const char *)buf);
126*7c478bd9Sstevel@tonic-gate     }
127*7c478bd9Sstevel@tonic-gate     return (sstate[serverstate]);
128*7c478bd9Sstevel@tonic-gate }
129*7c478bd9Sstevel@tonic-gate 
130*7c478bd9Sstevel@tonic-gate /*
131*7c478bd9Sstevel@tonic-gate  * upap_init - Initialize a UPAP unit.
132*7c478bd9Sstevel@tonic-gate  */
133*7c478bd9Sstevel@tonic-gate static void
upap_init(unit)134*7c478bd9Sstevel@tonic-gate upap_init(unit)
135*7c478bd9Sstevel@tonic-gate     int unit;
136*7c478bd9Sstevel@tonic-gate {
137*7c478bd9Sstevel@tonic-gate     upap_state *u = &upap[unit];
138*7c478bd9Sstevel@tonic-gate 
139*7c478bd9Sstevel@tonic-gate     u->us_unit = unit;
140*7c478bd9Sstevel@tonic-gate     u->us_user = NULL;
141*7c478bd9Sstevel@tonic-gate     u->us_userlen = 0;
142*7c478bd9Sstevel@tonic-gate     u->us_passwd = NULL;
143*7c478bd9Sstevel@tonic-gate     u->us_clientstate = UPAPCS_INITIAL;
144*7c478bd9Sstevel@tonic-gate     u->us_serverstate = UPAPSS_INITIAL;
145*7c478bd9Sstevel@tonic-gate     u->us_id = 0;
146*7c478bd9Sstevel@tonic-gate     u->us_timeouttime = UPAP_DEFTIMEOUT;
147*7c478bd9Sstevel@tonic-gate     u->us_maxtransmits = 10;
148*7c478bd9Sstevel@tonic-gate     u->us_reqtimeout = UPAP_DEFREQTIME;
149*7c478bd9Sstevel@tonic-gate     u->us_maxreceives = 3;
150*7c478bd9Sstevel@tonic-gate     u->us_msg = "";
151*7c478bd9Sstevel@tonic-gate     u->us_msglen = 0;
152*7c478bd9Sstevel@tonic-gate }
153*7c478bd9Sstevel@tonic-gate 
154*7c478bd9Sstevel@tonic-gate 
155*7c478bd9Sstevel@tonic-gate /*
156*7c478bd9Sstevel@tonic-gate  * upap_authwithpeer - Authenticate us with our peer (start client).
157*7c478bd9Sstevel@tonic-gate  *
158*7c478bd9Sstevel@tonic-gate  * Set new state and send authenticate's.
159*7c478bd9Sstevel@tonic-gate  */
160*7c478bd9Sstevel@tonic-gate void
upap_authwithpeer(unit,user,password)161*7c478bd9Sstevel@tonic-gate upap_authwithpeer(unit, user, password)
162*7c478bd9Sstevel@tonic-gate     int unit;
163*7c478bd9Sstevel@tonic-gate     char *user, *password;
164*7c478bd9Sstevel@tonic-gate {
165*7c478bd9Sstevel@tonic-gate     upap_state *u = &upap[unit];
166*7c478bd9Sstevel@tonic-gate 
167*7c478bd9Sstevel@tonic-gate     /* Save the username and password we're given */
168*7c478bd9Sstevel@tonic-gate     u->us_user = user;
169*7c478bd9Sstevel@tonic-gate     u->us_userlen = strlen(user);
170*7c478bd9Sstevel@tonic-gate     u->us_passwd = password;
171*7c478bd9Sstevel@tonic-gate     u->us_transmits = 0;
172*7c478bd9Sstevel@tonic-gate 
173*7c478bd9Sstevel@tonic-gate     /* Lower layer up yet? */
174*7c478bd9Sstevel@tonic-gate     if (u->us_clientstate == UPAPCS_INITIAL ||
175*7c478bd9Sstevel@tonic-gate 	u->us_clientstate == UPAPCS_PENDING) {
176*7c478bd9Sstevel@tonic-gate 	u->us_clientstate = UPAPCS_PENDING;
177*7c478bd9Sstevel@tonic-gate 	return;
178*7c478bd9Sstevel@tonic-gate     }
179*7c478bd9Sstevel@tonic-gate 
180*7c478bd9Sstevel@tonic-gate     upap_sauthreq(u);			/* Start protocol */
181*7c478bd9Sstevel@tonic-gate }
182*7c478bd9Sstevel@tonic-gate 
183*7c478bd9Sstevel@tonic-gate 
184*7c478bd9Sstevel@tonic-gate /*
185*7c478bd9Sstevel@tonic-gate  * upap_authpeer - Authenticate our peer (start server).
186*7c478bd9Sstevel@tonic-gate  *
187*7c478bd9Sstevel@tonic-gate  * Set new state.
188*7c478bd9Sstevel@tonic-gate  */
189*7c478bd9Sstevel@tonic-gate void
upap_authpeer(unit)190*7c478bd9Sstevel@tonic-gate upap_authpeer(unit)
191*7c478bd9Sstevel@tonic-gate     int unit;
192*7c478bd9Sstevel@tonic-gate {
193*7c478bd9Sstevel@tonic-gate     upap_state *u = &upap[unit];
194*7c478bd9Sstevel@tonic-gate 
195*7c478bd9Sstevel@tonic-gate     /* Lower layer up yet? */
196*7c478bd9Sstevel@tonic-gate     if (u->us_serverstate == UPAPSS_INITIAL ||
197*7c478bd9Sstevel@tonic-gate 	u->us_serverstate == UPAPSS_PENDING) {
198*7c478bd9Sstevel@tonic-gate 	u->us_serverstate = UPAPSS_PENDING;
199*7c478bd9Sstevel@tonic-gate 	return;
200*7c478bd9Sstevel@tonic-gate     }
201*7c478bd9Sstevel@tonic-gate 
202*7c478bd9Sstevel@tonic-gate     u->us_serverstate = UPAPSS_LISTEN;
203*7c478bd9Sstevel@tonic-gate     u->us_receives = 0;
204*7c478bd9Sstevel@tonic-gate     if (u->us_reqtimeout > 0)
205*7c478bd9Sstevel@tonic-gate 	TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
206*7c478bd9Sstevel@tonic-gate }
207*7c478bd9Sstevel@tonic-gate 
208*7c478bd9Sstevel@tonic-gate 
209*7c478bd9Sstevel@tonic-gate /*
210*7c478bd9Sstevel@tonic-gate  * upap_timeout - Retransmission timer for sending auth-reqs expired.
211*7c478bd9Sstevel@tonic-gate  */
212*7c478bd9Sstevel@tonic-gate static void
upap_timeout(arg)213*7c478bd9Sstevel@tonic-gate upap_timeout(arg)
214*7c478bd9Sstevel@tonic-gate     void *arg;
215*7c478bd9Sstevel@tonic-gate {
216*7c478bd9Sstevel@tonic-gate     upap_state *u = (upap_state *) arg;
217*7c478bd9Sstevel@tonic-gate 
218*7c478bd9Sstevel@tonic-gate     if (u->us_clientstate != UPAPCS_AUTHREQ)
219*7c478bd9Sstevel@tonic-gate 	return;
220*7c478bd9Sstevel@tonic-gate 
221*7c478bd9Sstevel@tonic-gate     if (u->us_transmits >= u->us_maxtransmits) {
222*7c478bd9Sstevel@tonic-gate 	/* give up in disgust */
223*7c478bd9Sstevel@tonic-gate 	error("No response to %d PAP Authenticate-Requests", u->us_transmits);
224*7c478bd9Sstevel@tonic-gate 	u->us_clientstate = UPAPCS_BADAUTH;
225*7c478bd9Sstevel@tonic-gate 	auth_withpeer_fail(u->us_unit, PPP_PAP);
226*7c478bd9Sstevel@tonic-gate 	return;
227*7c478bd9Sstevel@tonic-gate     }
228*7c478bd9Sstevel@tonic-gate 
229*7c478bd9Sstevel@tonic-gate     upap_sauthreq(u);		/* Send Authenticate-Request */
230*7c478bd9Sstevel@tonic-gate }
231*7c478bd9Sstevel@tonic-gate 
232*7c478bd9Sstevel@tonic-gate 
233*7c478bd9Sstevel@tonic-gate /*
234*7c478bd9Sstevel@tonic-gate  * upap_reqtimeout - Give up waiting for the peer to send a valid auth-req.
235*7c478bd9Sstevel@tonic-gate  */
236*7c478bd9Sstevel@tonic-gate static void
upap_reqtimeout(arg)237*7c478bd9Sstevel@tonic-gate upap_reqtimeout(arg)
238*7c478bd9Sstevel@tonic-gate     void *arg;
239*7c478bd9Sstevel@tonic-gate {
240*7c478bd9Sstevel@tonic-gate     upap_state *u = (upap_state *) arg;
241*7c478bd9Sstevel@tonic-gate 
242*7c478bd9Sstevel@tonic-gate     if (u->us_serverstate != UPAPSS_LISTEN)
243*7c478bd9Sstevel@tonic-gate 	return;			/* huh?? */
244*7c478bd9Sstevel@tonic-gate 
245*7c478bd9Sstevel@tonic-gate     auth_peer_fail(u->us_unit, PPP_PAP);
246*7c478bd9Sstevel@tonic-gate     u->us_serverstate = UPAPSS_BADAUTH;
247*7c478bd9Sstevel@tonic-gate }
248*7c478bd9Sstevel@tonic-gate 
249*7c478bd9Sstevel@tonic-gate 
250*7c478bd9Sstevel@tonic-gate /*
251*7c478bd9Sstevel@tonic-gate  * upap_lowerup - The lower layer is up.
252*7c478bd9Sstevel@tonic-gate  *
253*7c478bd9Sstevel@tonic-gate  * Start authenticating if pending.
254*7c478bd9Sstevel@tonic-gate  */
255*7c478bd9Sstevel@tonic-gate static void
upap_lowerup(unit)256*7c478bd9Sstevel@tonic-gate upap_lowerup(unit)
257*7c478bd9Sstevel@tonic-gate     int unit;
258*7c478bd9Sstevel@tonic-gate {
259*7c478bd9Sstevel@tonic-gate     upap_state *u = &upap[unit];
260*7c478bd9Sstevel@tonic-gate 
261*7c478bd9Sstevel@tonic-gate     if (u->us_clientstate == UPAPCS_INITIAL)
262*7c478bd9Sstevel@tonic-gate 	u->us_clientstate = UPAPCS_CLOSED;
263*7c478bd9Sstevel@tonic-gate     else if (u->us_clientstate == UPAPCS_PENDING) {
264*7c478bd9Sstevel@tonic-gate 	upap_sauthreq(u);	/* send an auth-request */
265*7c478bd9Sstevel@tonic-gate     }
266*7c478bd9Sstevel@tonic-gate 
267*7c478bd9Sstevel@tonic-gate     if (u->us_serverstate == UPAPSS_INITIAL)
268*7c478bd9Sstevel@tonic-gate 	u->us_serverstate = UPAPSS_CLOSED;
269*7c478bd9Sstevel@tonic-gate     else if (u->us_serverstate == UPAPSS_PENDING) {
270*7c478bd9Sstevel@tonic-gate 	u->us_serverstate = UPAPSS_LISTEN;
271*7c478bd9Sstevel@tonic-gate 	if (u->us_reqtimeout > 0)
272*7c478bd9Sstevel@tonic-gate 	    TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
273*7c478bd9Sstevel@tonic-gate     }
274*7c478bd9Sstevel@tonic-gate }
275*7c478bd9Sstevel@tonic-gate 
276*7c478bd9Sstevel@tonic-gate 
277*7c478bd9Sstevel@tonic-gate /*
278*7c478bd9Sstevel@tonic-gate  * upap_lowerdown - The lower layer is down.
279*7c478bd9Sstevel@tonic-gate  *
280*7c478bd9Sstevel@tonic-gate  * Cancel all timeouts.
281*7c478bd9Sstevel@tonic-gate  */
282*7c478bd9Sstevel@tonic-gate static void
upap_lowerdown(unit)283*7c478bd9Sstevel@tonic-gate upap_lowerdown(unit)
284*7c478bd9Sstevel@tonic-gate     int unit;
285*7c478bd9Sstevel@tonic-gate {
286*7c478bd9Sstevel@tonic-gate     upap_state *u = &upap[unit];
287*7c478bd9Sstevel@tonic-gate 
288*7c478bd9Sstevel@tonic-gate     /* Cancel timeouts */
289*7c478bd9Sstevel@tonic-gate     if (u->us_clientstate == UPAPCS_AUTHREQ && u->us_timeouttime > 0)
290*7c478bd9Sstevel@tonic-gate 	UNTIMEOUT(upap_timeout, u);
291*7c478bd9Sstevel@tonic-gate     if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0)
292*7c478bd9Sstevel@tonic-gate 	UNTIMEOUT(upap_reqtimeout, u);
293*7c478bd9Sstevel@tonic-gate 
294*7c478bd9Sstevel@tonic-gate     u->us_clientstate = UPAPCS_INITIAL;
295*7c478bd9Sstevel@tonic-gate     u->us_serverstate = UPAPSS_INITIAL;
296*7c478bd9Sstevel@tonic-gate }
297*7c478bd9Sstevel@tonic-gate 
298*7c478bd9Sstevel@tonic-gate 
299*7c478bd9Sstevel@tonic-gate /*
300*7c478bd9Sstevel@tonic-gate  * upap_protrej - Peer doesn't speak this protocol.
301*7c478bd9Sstevel@tonic-gate  *
302*7c478bd9Sstevel@tonic-gate  * This shouldn't happen.  In any case, pretend lower layer went down.
303*7c478bd9Sstevel@tonic-gate  */
304*7c478bd9Sstevel@tonic-gate static void
upap_protrej(unit)305*7c478bd9Sstevel@tonic-gate upap_protrej(unit)
306*7c478bd9Sstevel@tonic-gate     int unit;
307*7c478bd9Sstevel@tonic-gate {
308*7c478bd9Sstevel@tonic-gate     upap_state *u = &upap[unit];
309*7c478bd9Sstevel@tonic-gate 
310*7c478bd9Sstevel@tonic-gate     if (u->us_clientstate == UPAPCS_AUTHREQ) {
311*7c478bd9Sstevel@tonic-gate 	error("PAP authentication failed due to protocol-reject");
312*7c478bd9Sstevel@tonic-gate 	auth_withpeer_fail(unit, PPP_PAP);
313*7c478bd9Sstevel@tonic-gate     }
314*7c478bd9Sstevel@tonic-gate     if (u->us_serverstate == UPAPSS_LISTEN) {
315*7c478bd9Sstevel@tonic-gate 	error("PAP authentication of peer failed (protocol-reject)");
316*7c478bd9Sstevel@tonic-gate 	auth_peer_fail(unit, PPP_PAP);
317*7c478bd9Sstevel@tonic-gate     }
318*7c478bd9Sstevel@tonic-gate     upap_lowerdown(unit);
319*7c478bd9Sstevel@tonic-gate }
320*7c478bd9Sstevel@tonic-gate 
321*7c478bd9Sstevel@tonic-gate 
322*7c478bd9Sstevel@tonic-gate /*
323*7c478bd9Sstevel@tonic-gate  * upap_input - Input UPAP packet.
324*7c478bd9Sstevel@tonic-gate  */
325*7c478bd9Sstevel@tonic-gate static void
upap_input(unit,inpacket,l)326*7c478bd9Sstevel@tonic-gate upap_input(unit, inpacket, l)
327*7c478bd9Sstevel@tonic-gate     int unit;
328*7c478bd9Sstevel@tonic-gate     u_char *inpacket;
329*7c478bd9Sstevel@tonic-gate     int l;
330*7c478bd9Sstevel@tonic-gate {
331*7c478bd9Sstevel@tonic-gate     upap_state *u = &upap[unit];
332*7c478bd9Sstevel@tonic-gate     u_char *inp;
333*7c478bd9Sstevel@tonic-gate     u_char code, id;
334*7c478bd9Sstevel@tonic-gate     int len;
335*7c478bd9Sstevel@tonic-gate 
336*7c478bd9Sstevel@tonic-gate     /*
337*7c478bd9Sstevel@tonic-gate      * Parse header (code, id and length).
338*7c478bd9Sstevel@tonic-gate      * If packet too short, drop it.
339*7c478bd9Sstevel@tonic-gate      */
340*7c478bd9Sstevel@tonic-gate     inp = inpacket;
341*7c478bd9Sstevel@tonic-gate     if (l < UPAP_HEADERLEN) {
342*7c478bd9Sstevel@tonic-gate 	error("PAP: packet is too small (%d < %d)", l, UPAP_HEADERLEN);
343*7c478bd9Sstevel@tonic-gate 	return;
344*7c478bd9Sstevel@tonic-gate     }
345*7c478bd9Sstevel@tonic-gate     GETCHAR(code, inp);
346*7c478bd9Sstevel@tonic-gate     GETCHAR(id, inp);
347*7c478bd9Sstevel@tonic-gate     GETSHORT(len, inp);
348*7c478bd9Sstevel@tonic-gate     if ((len < UPAP_HEADERLEN) || (len > l)) {
349*7c478bd9Sstevel@tonic-gate 	error("PAP: packet has illegal length %d (%d..%d)", len,
350*7c478bd9Sstevel@tonic-gate 	    UPAP_HEADERLEN, l);
351*7c478bd9Sstevel@tonic-gate 	return;
352*7c478bd9Sstevel@tonic-gate     }
353*7c478bd9Sstevel@tonic-gate     len -= UPAP_HEADERLEN;
354*7c478bd9Sstevel@tonic-gate 
355*7c478bd9Sstevel@tonic-gate     /*
356*7c478bd9Sstevel@tonic-gate      * Action depends on code.
357*7c478bd9Sstevel@tonic-gate      */
358*7c478bd9Sstevel@tonic-gate     switch (code) {
359*7c478bd9Sstevel@tonic-gate     case UPAP_AUTHREQ:
360*7c478bd9Sstevel@tonic-gate 	upap_rauthreq(u, inp, id, len);
361*7c478bd9Sstevel@tonic-gate 	break;
362*7c478bd9Sstevel@tonic-gate 
363*7c478bd9Sstevel@tonic-gate     case UPAP_AUTHACK:
364*7c478bd9Sstevel@tonic-gate 	upap_rauthack(u, inp, id, len);
365*7c478bd9Sstevel@tonic-gate 	break;
366*7c478bd9Sstevel@tonic-gate 
367*7c478bd9Sstevel@tonic-gate     case UPAP_AUTHNAK:
368*7c478bd9Sstevel@tonic-gate 	upap_rauthnak(u, inp, id, len);
369*7c478bd9Sstevel@tonic-gate 	break;
370*7c478bd9Sstevel@tonic-gate 
371*7c478bd9Sstevel@tonic-gate     default:
372*7c478bd9Sstevel@tonic-gate 	warn("Unknown PAP code (%d) received.", code);
373*7c478bd9Sstevel@tonic-gate 	break;
374*7c478bd9Sstevel@tonic-gate     }
375*7c478bd9Sstevel@tonic-gate }
376*7c478bd9Sstevel@tonic-gate 
377*7c478bd9Sstevel@tonic-gate 
378*7c478bd9Sstevel@tonic-gate /*
379*7c478bd9Sstevel@tonic-gate  * upap_rauth - Receive Authenticate.
380*7c478bd9Sstevel@tonic-gate  */
381*7c478bd9Sstevel@tonic-gate static void
upap_rauthreq(u,inp,id,len)382*7c478bd9Sstevel@tonic-gate upap_rauthreq(u, inp, id, len)
383*7c478bd9Sstevel@tonic-gate     upap_state *u;
384*7c478bd9Sstevel@tonic-gate     u_char *inp;
385*7c478bd9Sstevel@tonic-gate     int id;
386*7c478bd9Sstevel@tonic-gate     int len;
387*7c478bd9Sstevel@tonic-gate {
388*7c478bd9Sstevel@tonic-gate     u_char ruserlen, rpasswdlen;
389*7c478bd9Sstevel@tonic-gate     char *ruser, *rpasswd;
390*7c478bd9Sstevel@tonic-gate     int retcode;
391*7c478bd9Sstevel@tonic-gate     char *msg;
392*7c478bd9Sstevel@tonic-gate     int msglen;
393*7c478bd9Sstevel@tonic-gate 
394*7c478bd9Sstevel@tonic-gate     if (u->us_serverstate < UPAPSS_LISTEN) {
395*7c478bd9Sstevel@tonic-gate 	info("PAP: discarded Authenticate-Request in state %s",
396*7c478bd9Sstevel@tonic-gate 	    pap_sstate(u->us_serverstate));
397*7c478bd9Sstevel@tonic-gate 	return;
398*7c478bd9Sstevel@tonic-gate     }
399*7c478bd9Sstevel@tonic-gate 
400*7c478bd9Sstevel@tonic-gate     /*
401*7c478bd9Sstevel@tonic-gate      * If we receive a duplicate authenticate-request, we are
402*7c478bd9Sstevel@tonic-gate      * supposed to return the same status as for the first request.
403*7c478bd9Sstevel@tonic-gate      */
404*7c478bd9Sstevel@tonic-gate     if (u->us_serverstate == UPAPSS_OPEN) {
405*7c478bd9Sstevel@tonic-gate 	/* return auth-ack */
406*7c478bd9Sstevel@tonic-gate 	upap_sresp(u, UPAP_AUTHACK, id, u->us_msg, u->us_msglen);
407*7c478bd9Sstevel@tonic-gate 	return;
408*7c478bd9Sstevel@tonic-gate     }
409*7c478bd9Sstevel@tonic-gate     if (u->us_serverstate == UPAPSS_BADAUTH) {
410*7c478bd9Sstevel@tonic-gate 	/* return auth-nak */
411*7c478bd9Sstevel@tonic-gate 	upap_sresp(u, UPAP_AUTHNAK, id, u->us_msg, u->us_msglen);
412*7c478bd9Sstevel@tonic-gate 	return;
413*7c478bd9Sstevel@tonic-gate     }
414*7c478bd9Sstevel@tonic-gate 
415*7c478bd9Sstevel@tonic-gate     /*
416*7c478bd9Sstevel@tonic-gate      * Parse user/passwd.
417*7c478bd9Sstevel@tonic-gate      */
418*7c478bd9Sstevel@tonic-gate     if (len < 1) {
419*7c478bd9Sstevel@tonic-gate 	error("PAP: rcvd short packet; no data");
420*7c478bd9Sstevel@tonic-gate 	return;
421*7c478bd9Sstevel@tonic-gate     }
422*7c478bd9Sstevel@tonic-gate     GETCHAR(ruserlen, inp);
423*7c478bd9Sstevel@tonic-gate     len -= sizeof (u_char) + ruserlen + sizeof (u_char);
424*7c478bd9Sstevel@tonic-gate     if (len < 0) {
425*7c478bd9Sstevel@tonic-gate 	error("PAP: rcvd short packet; peer name missing");
426*7c478bd9Sstevel@tonic-gate 	return;
427*7c478bd9Sstevel@tonic-gate     }
428*7c478bd9Sstevel@tonic-gate     ruser = (char *) inp;
429*7c478bd9Sstevel@tonic-gate     INCPTR(ruserlen, inp);
430*7c478bd9Sstevel@tonic-gate     GETCHAR(rpasswdlen, inp);
431*7c478bd9Sstevel@tonic-gate     if (len < rpasswdlen) {
432*7c478bd9Sstevel@tonic-gate 	error("PAP: rcvd short packet; pass len %d < %d", len, rpasswdlen);
433*7c478bd9Sstevel@tonic-gate 	return;
434*7c478bd9Sstevel@tonic-gate     }
435*7c478bd9Sstevel@tonic-gate     rpasswd = (char *) inp;
436*7c478bd9Sstevel@tonic-gate 
437*7c478bd9Sstevel@tonic-gate     /*
438*7c478bd9Sstevel@tonic-gate      * Check the username and password given.
439*7c478bd9Sstevel@tonic-gate      */
440*7c478bd9Sstevel@tonic-gate     retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd,
441*7c478bd9Sstevel@tonic-gate 			   rpasswdlen, &msg);
442*7c478bd9Sstevel@tonic-gate     BZERO(rpasswd, rpasswdlen);
443*7c478bd9Sstevel@tonic-gate     msglen = strlen(msg);
444*7c478bd9Sstevel@tonic-gate     if (msglen > 255)
445*7c478bd9Sstevel@tonic-gate 	msglen = 255;
446*7c478bd9Sstevel@tonic-gate 
447*7c478bd9Sstevel@tonic-gate     u->us_msg = msg;
448*7c478bd9Sstevel@tonic-gate     u->us_msglen = msglen;
449*7c478bd9Sstevel@tonic-gate     upap_sresp(u, retcode, id, u->us_msg, u->us_msglen);
450*7c478bd9Sstevel@tonic-gate 
451*7c478bd9Sstevel@tonic-gate     if (retcode == UPAP_AUTHACK) {
452*7c478bd9Sstevel@tonic-gate 	u->us_serverstate = UPAPSS_OPEN;
453*7c478bd9Sstevel@tonic-gate 	auth_peer_success(u->us_unit, PPP_PAP, ruser, ruserlen);
454*7c478bd9Sstevel@tonic-gate     } else if (++u->us_receives >= u->us_maxreceives) {
455*7c478bd9Sstevel@tonic-gate 	u->us_serverstate = UPAPSS_BADAUTH;
456*7c478bd9Sstevel@tonic-gate 	auth_peer_fail(u->us_unit, PPP_PAP);
457*7c478bd9Sstevel@tonic-gate     } else {
458*7c478bd9Sstevel@tonic-gate 	/* Just wait for a good one to arrive, or for time-out. */
459*7c478bd9Sstevel@tonic-gate 	return;
460*7c478bd9Sstevel@tonic-gate     }
461*7c478bd9Sstevel@tonic-gate 
462*7c478bd9Sstevel@tonic-gate     if (u->us_reqtimeout > 0)
463*7c478bd9Sstevel@tonic-gate 	UNTIMEOUT(upap_reqtimeout, u);
464*7c478bd9Sstevel@tonic-gate }
465*7c478bd9Sstevel@tonic-gate 
466*7c478bd9Sstevel@tonic-gate 
467*7c478bd9Sstevel@tonic-gate /*
468*7c478bd9Sstevel@tonic-gate  * upap_rauthack - Receive Authenticate-Ack.
469*7c478bd9Sstevel@tonic-gate  */
470*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/
471*7c478bd9Sstevel@tonic-gate static void
upap_rauthack(u,inp,id,len)472*7c478bd9Sstevel@tonic-gate upap_rauthack(u, inp, id, len)
473*7c478bd9Sstevel@tonic-gate     upap_state *u;
474*7c478bd9Sstevel@tonic-gate     u_char *inp;
475*7c478bd9Sstevel@tonic-gate     int id;
476*7c478bd9Sstevel@tonic-gate     int len;
477*7c478bd9Sstevel@tonic-gate {
478*7c478bd9Sstevel@tonic-gate     u_char msglen;
479*7c478bd9Sstevel@tonic-gate     char *msg;
480*7c478bd9Sstevel@tonic-gate 
481*7c478bd9Sstevel@tonic-gate     if (u->us_clientstate != UPAPCS_AUTHREQ) {
482*7c478bd9Sstevel@tonic-gate 	info("PAP: discarded Authenticate-Ack in state %s",
483*7c478bd9Sstevel@tonic-gate 	    pap_cstate(u->us_clientstate));
484*7c478bd9Sstevel@tonic-gate 	return;
485*7c478bd9Sstevel@tonic-gate     }
486*7c478bd9Sstevel@tonic-gate 
487*7c478bd9Sstevel@tonic-gate     if (id != u->us_id) {
488*7c478bd9Sstevel@tonic-gate 	dbglog("PAP: discard Authenticate-Ack; ID %d != %d",
489*7c478bd9Sstevel@tonic-gate 	    id, u->us_id);
490*7c478bd9Sstevel@tonic-gate 	return;
491*7c478bd9Sstevel@tonic-gate     }
492*7c478bd9Sstevel@tonic-gate 
493*7c478bd9Sstevel@tonic-gate     if (u->us_timeouttime > 0)
494*7c478bd9Sstevel@tonic-gate 	UNTIMEOUT(upap_timeout, u);
495*7c478bd9Sstevel@tonic-gate 
496*7c478bd9Sstevel@tonic-gate     /*
497*7c478bd9Sstevel@tonic-gate      * Parse message.
498*7c478bd9Sstevel@tonic-gate      */
499*7c478bd9Sstevel@tonic-gate     if (len < 1) {
500*7c478bd9Sstevel@tonic-gate 	info("PAP:  Ignoring missing ack msg-length octet");
501*7c478bd9Sstevel@tonic-gate     } else {
502*7c478bd9Sstevel@tonic-gate 	GETCHAR(msglen, inp);
503*7c478bd9Sstevel@tonic-gate 	if (msglen > 0) {
504*7c478bd9Sstevel@tonic-gate 	    len -= sizeof (u_char);
505*7c478bd9Sstevel@tonic-gate 	    if (len < msglen) {
506*7c478bd9Sstevel@tonic-gate 		error("PAP:  Discarding short packet (%d < %d)", len, msglen);
507*7c478bd9Sstevel@tonic-gate 		return;
508*7c478bd9Sstevel@tonic-gate 	    }
509*7c478bd9Sstevel@tonic-gate 	    msg = (char *) inp;
510*7c478bd9Sstevel@tonic-gate 	    PRINTMSG(msg, msglen);
511*7c478bd9Sstevel@tonic-gate 	}
512*7c478bd9Sstevel@tonic-gate     }
513*7c478bd9Sstevel@tonic-gate 
514*7c478bd9Sstevel@tonic-gate     u->us_clientstate = UPAPCS_OPEN;
515*7c478bd9Sstevel@tonic-gate 
516*7c478bd9Sstevel@tonic-gate     auth_withpeer_success(u->us_unit, PPP_PAP);
517*7c478bd9Sstevel@tonic-gate }
518*7c478bd9Sstevel@tonic-gate 
519*7c478bd9Sstevel@tonic-gate 
520*7c478bd9Sstevel@tonic-gate /*
521*7c478bd9Sstevel@tonic-gate  * upap_rauthnak - Receive Authenticate-Nakk.
522*7c478bd9Sstevel@tonic-gate  */
523*7c478bd9Sstevel@tonic-gate /*ARGSUSED*/
524*7c478bd9Sstevel@tonic-gate static void
upap_rauthnak(u,inp,id,len)525*7c478bd9Sstevel@tonic-gate upap_rauthnak(u, inp, id, len)
526*7c478bd9Sstevel@tonic-gate     upap_state *u;
527*7c478bd9Sstevel@tonic-gate     u_char *inp;
528*7c478bd9Sstevel@tonic-gate     int id;
529*7c478bd9Sstevel@tonic-gate     int len;
530*7c478bd9Sstevel@tonic-gate {
531*7c478bd9Sstevel@tonic-gate     u_char msglen;
532*7c478bd9Sstevel@tonic-gate     char *msg;
533*7c478bd9Sstevel@tonic-gate 
534*7c478bd9Sstevel@tonic-gate     if (u->us_clientstate != UPAPCS_AUTHREQ) {
535*7c478bd9Sstevel@tonic-gate 	info("PAP: discarded Authenticate-Nak in state %s",
536*7c478bd9Sstevel@tonic-gate 	    pap_cstate(u->us_clientstate));
537*7c478bd9Sstevel@tonic-gate 	return;
538*7c478bd9Sstevel@tonic-gate     }
539*7c478bd9Sstevel@tonic-gate 
540*7c478bd9Sstevel@tonic-gate     if (id != u->us_id) {
541*7c478bd9Sstevel@tonic-gate 	dbglog("PAP: discard Authenticate-Ack; ID %d != %d",
542*7c478bd9Sstevel@tonic-gate 	    id, u->us_id);
543*7c478bd9Sstevel@tonic-gate 	return;
544*7c478bd9Sstevel@tonic-gate     }
545*7c478bd9Sstevel@tonic-gate 
546*7c478bd9Sstevel@tonic-gate     if (u->us_timeouttime > 0)
547*7c478bd9Sstevel@tonic-gate 	UNTIMEOUT(upap_timeout, u);
548*7c478bd9Sstevel@tonic-gate 
549*7c478bd9Sstevel@tonic-gate     /*
550*7c478bd9Sstevel@tonic-gate      * Parse message.
551*7c478bd9Sstevel@tonic-gate      */
552*7c478bd9Sstevel@tonic-gate     if (len < 1) {
553*7c478bd9Sstevel@tonic-gate 	error("PAP: ignoring missing nak msg-length octet");
554*7c478bd9Sstevel@tonic-gate     } else {
555*7c478bd9Sstevel@tonic-gate 	GETCHAR(msglen, inp);
556*7c478bd9Sstevel@tonic-gate 	if (msglen > 0) {
557*7c478bd9Sstevel@tonic-gate 	    len -= sizeof (u_char);
558*7c478bd9Sstevel@tonic-gate 	    if (len < msglen) {
559*7c478bd9Sstevel@tonic-gate 		error("PAP: Discarding short packet (%d < %d)", len, msglen);
560*7c478bd9Sstevel@tonic-gate 		return;
561*7c478bd9Sstevel@tonic-gate 	    }
562*7c478bd9Sstevel@tonic-gate 	    msg = (char *) inp;
563*7c478bd9Sstevel@tonic-gate 	    PRINTMSG(msg, msglen);
564*7c478bd9Sstevel@tonic-gate 	}
565*7c478bd9Sstevel@tonic-gate     }
566*7c478bd9Sstevel@tonic-gate 
567*7c478bd9Sstevel@tonic-gate     /* Try to get a new password from the plugin. */
568*7c478bd9Sstevel@tonic-gate     if (pap_passwd_hook != NULL) {
569*7c478bd9Sstevel@tonic-gate 	if (u->us_transmits < u->us_maxtransmits) {
570*7c478bd9Sstevel@tonic-gate 	    if ((*pap_passwd_hook)(user, passwd) >= 0) {
571*7c478bd9Sstevel@tonic-gate 		upap_sauthreq(u);
572*7c478bd9Sstevel@tonic-gate 		return;
573*7c478bd9Sstevel@tonic-gate 	    }
574*7c478bd9Sstevel@tonic-gate 	} else {
575*7c478bd9Sstevel@tonic-gate 	    /* Tell plug-in that we're giving up. */
576*7c478bd9Sstevel@tonic-gate 	    (void) (*pap_passwd_hook)(NULL, NULL);
577*7c478bd9Sstevel@tonic-gate 	}
578*7c478bd9Sstevel@tonic-gate     }
579*7c478bd9Sstevel@tonic-gate 
580*7c478bd9Sstevel@tonic-gate     u->us_clientstate = UPAPCS_BADAUTH;
581*7c478bd9Sstevel@tonic-gate 
582*7c478bd9Sstevel@tonic-gate     error("PAP authentication failed");
583*7c478bd9Sstevel@tonic-gate     auth_withpeer_fail(u->us_unit, PPP_PAP);
584*7c478bd9Sstevel@tonic-gate }
585*7c478bd9Sstevel@tonic-gate 
586*7c478bd9Sstevel@tonic-gate 
587*7c478bd9Sstevel@tonic-gate /*
588*7c478bd9Sstevel@tonic-gate  * upap_sauthreq - Send an Authenticate-Request.
589*7c478bd9Sstevel@tonic-gate  */
590*7c478bd9Sstevel@tonic-gate static void
upap_sauthreq(u)591*7c478bd9Sstevel@tonic-gate upap_sauthreq(u)
592*7c478bd9Sstevel@tonic-gate     upap_state *u;
593*7c478bd9Sstevel@tonic-gate {
594*7c478bd9Sstevel@tonic-gate     u_char *outp;
595*7c478bd9Sstevel@tonic-gate     int pwlen;
596*7c478bd9Sstevel@tonic-gate     int outlen;
597*7c478bd9Sstevel@tonic-gate 
598*7c478bd9Sstevel@tonic-gate     pwlen = strllen(passwd, MAXSECRETLEN);
599*7c478bd9Sstevel@tonic-gate     if (pwlen > 0xFF)
600*7c478bd9Sstevel@tonic-gate 	pwlen = 0xFF;
601*7c478bd9Sstevel@tonic-gate     outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) + u->us_userlen + pwlen;
602*7c478bd9Sstevel@tonic-gate     outp = outpacket_buf;
603*7c478bd9Sstevel@tonic-gate 
604*7c478bd9Sstevel@tonic-gate     MAKEHEADER(outp, PPP_PAP);
605*7c478bd9Sstevel@tonic-gate 
606*7c478bd9Sstevel@tonic-gate     PUTCHAR(UPAP_AUTHREQ, outp);
607*7c478bd9Sstevel@tonic-gate     PUTCHAR(++u->us_id, outp);
608*7c478bd9Sstevel@tonic-gate     PUTSHORT(outlen, outp);
609*7c478bd9Sstevel@tonic-gate     PUTCHAR(u->us_userlen, outp);
610*7c478bd9Sstevel@tonic-gate     BCOPY(u->us_user, outp, u->us_userlen);
611*7c478bd9Sstevel@tonic-gate     INCPTR(u->us_userlen, outp);
612*7c478bd9Sstevel@tonic-gate     PUTCHAR(pwlen, outp);
613*7c478bd9Sstevel@tonic-gate     BCOPY(u->us_passwd, outp, pwlen);
614*7c478bd9Sstevel@tonic-gate 
615*7c478bd9Sstevel@tonic-gate     output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
616*7c478bd9Sstevel@tonic-gate 
617*7c478bd9Sstevel@tonic-gate     if (u->us_timeouttime > 0)
618*7c478bd9Sstevel@tonic-gate 	TIMEOUT(upap_timeout, u, u->us_timeouttime);
619*7c478bd9Sstevel@tonic-gate     ++u->us_transmits;
620*7c478bd9Sstevel@tonic-gate     u->us_clientstate = UPAPCS_AUTHREQ;
621*7c478bd9Sstevel@tonic-gate }
622*7c478bd9Sstevel@tonic-gate 
623*7c478bd9Sstevel@tonic-gate 
624*7c478bd9Sstevel@tonic-gate /*
625*7c478bd9Sstevel@tonic-gate  * upap_sresp - Send a response (ack or nak).
626*7c478bd9Sstevel@tonic-gate  */
627*7c478bd9Sstevel@tonic-gate static void
upap_sresp(u,code,id,msg,msglen)628*7c478bd9Sstevel@tonic-gate upap_sresp(u, code, id, msg, msglen)
629*7c478bd9Sstevel@tonic-gate     upap_state *u;
630*7c478bd9Sstevel@tonic-gate     u_char code, id;
631*7c478bd9Sstevel@tonic-gate     char *msg;
632*7c478bd9Sstevel@tonic-gate     int msglen;
633*7c478bd9Sstevel@tonic-gate {
634*7c478bd9Sstevel@tonic-gate     u_char *outp;
635*7c478bd9Sstevel@tonic-gate     int outlen;
636*7c478bd9Sstevel@tonic-gate 
637*7c478bd9Sstevel@tonic-gate     outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
638*7c478bd9Sstevel@tonic-gate     outp = outpacket_buf;
639*7c478bd9Sstevel@tonic-gate     MAKEHEADER(outp, PPP_PAP);
640*7c478bd9Sstevel@tonic-gate 
641*7c478bd9Sstevel@tonic-gate     PUTCHAR(code, outp);
642*7c478bd9Sstevel@tonic-gate     PUTCHAR(id, outp);
643*7c478bd9Sstevel@tonic-gate     PUTSHORT(outlen, outp);
644*7c478bd9Sstevel@tonic-gate     PUTCHAR(msglen, outp);
645*7c478bd9Sstevel@tonic-gate     BCOPY(msg, outp, msglen);
646*7c478bd9Sstevel@tonic-gate     output(u->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
647*7c478bd9Sstevel@tonic-gate }
648*7c478bd9Sstevel@tonic-gate 
649*7c478bd9Sstevel@tonic-gate /*
650*7c478bd9Sstevel@tonic-gate  * upap_printpkt - print the contents of a PAP packet.
651*7c478bd9Sstevel@tonic-gate  */
652*7c478bd9Sstevel@tonic-gate static char *upap_codenames[] = {
653*7c478bd9Sstevel@tonic-gate     "AuthReq", "AuthAck", "AuthNak"
654*7c478bd9Sstevel@tonic-gate };
655*7c478bd9Sstevel@tonic-gate 
656*7c478bd9Sstevel@tonic-gate static int
upap_printpkt(p,plen,printer,arg)657*7c478bd9Sstevel@tonic-gate upap_printpkt(p, plen, printer, arg)
658*7c478bd9Sstevel@tonic-gate     u_char *p;
659*7c478bd9Sstevel@tonic-gate     int plen;
660*7c478bd9Sstevel@tonic-gate     void (*printer) __P((void *, const char *, ...));
661*7c478bd9Sstevel@tonic-gate     void *arg;
662*7c478bd9Sstevel@tonic-gate {
663*7c478bd9Sstevel@tonic-gate     int code, id, len;
664*7c478bd9Sstevel@tonic-gate     int mlen, ulen, wlen;
665*7c478bd9Sstevel@tonic-gate     char *user, *pwd, *msg;
666*7c478bd9Sstevel@tonic-gate     u_char *pstart;
667*7c478bd9Sstevel@tonic-gate 
668*7c478bd9Sstevel@tonic-gate     if (plen < UPAP_HEADERLEN)
669*7c478bd9Sstevel@tonic-gate 	return (0);
670*7c478bd9Sstevel@tonic-gate     pstart = p;
671*7c478bd9Sstevel@tonic-gate     GETCHAR(code, p);
672*7c478bd9Sstevel@tonic-gate     GETCHAR(id, p);
673*7c478bd9Sstevel@tonic-gate     GETSHORT(len, p);
674*7c478bd9Sstevel@tonic-gate     if (len < UPAP_HEADERLEN || len > plen)
675*7c478bd9Sstevel@tonic-gate 	return (0);
676*7c478bd9Sstevel@tonic-gate 
677*7c478bd9Sstevel@tonic-gate     if (code >= 1 && code <= Dim(upap_codenames))
678*7c478bd9Sstevel@tonic-gate 	printer(arg, " %s", upap_codenames[code-1]);
679*7c478bd9Sstevel@tonic-gate     else
680*7c478bd9Sstevel@tonic-gate 	printer(arg, " code=0x%x", code);
681*7c478bd9Sstevel@tonic-gate     printer(arg, " id=0x%x", id);
682*7c478bd9Sstevel@tonic-gate     len -= UPAP_HEADERLEN;
683*7c478bd9Sstevel@tonic-gate     switch (code) {
684*7c478bd9Sstevel@tonic-gate     case UPAP_AUTHREQ:
685*7c478bd9Sstevel@tonic-gate 	if (len < 1)
686*7c478bd9Sstevel@tonic-gate 	    break;
687*7c478bd9Sstevel@tonic-gate 	ulen = p[0];
688*7c478bd9Sstevel@tonic-gate 	if (len < ulen + 2)
689*7c478bd9Sstevel@tonic-gate 	    break;
690*7c478bd9Sstevel@tonic-gate 	wlen = p[ulen + 1];
691*7c478bd9Sstevel@tonic-gate 	if (len < ulen + wlen + 2)
692*7c478bd9Sstevel@tonic-gate 	    break;
693*7c478bd9Sstevel@tonic-gate 	user = (char *) (p + 1);
694*7c478bd9Sstevel@tonic-gate 	pwd = (char *) (p + ulen + 2);
695*7c478bd9Sstevel@tonic-gate 	p += ulen + wlen + 2;
696*7c478bd9Sstevel@tonic-gate 	len -= ulen + wlen + 2;
697*7c478bd9Sstevel@tonic-gate 	printer(arg, " user=");
698*7c478bd9Sstevel@tonic-gate 	print_string(user, ulen, printer, arg);
699*7c478bd9Sstevel@tonic-gate 	printer(arg, " password=");
700*7c478bd9Sstevel@tonic-gate 	if (!hide_password)
701*7c478bd9Sstevel@tonic-gate 	    print_string(pwd, wlen, printer, arg);
702*7c478bd9Sstevel@tonic-gate 	else
703*7c478bd9Sstevel@tonic-gate 	    printer(arg, "<hidden>");
704*7c478bd9Sstevel@tonic-gate 	break;
705*7c478bd9Sstevel@tonic-gate     case UPAP_AUTHACK:
706*7c478bd9Sstevel@tonic-gate     case UPAP_AUTHNAK:
707*7c478bd9Sstevel@tonic-gate 	if (len < 1)
708*7c478bd9Sstevel@tonic-gate 	    break;
709*7c478bd9Sstevel@tonic-gate 	mlen = p[0];
710*7c478bd9Sstevel@tonic-gate 	if (len < mlen + 1)
711*7c478bd9Sstevel@tonic-gate 	    break;
712*7c478bd9Sstevel@tonic-gate 	msg = (char *) (p + 1);
713*7c478bd9Sstevel@tonic-gate 	p += mlen + 1;
714*7c478bd9Sstevel@tonic-gate 	len -= mlen + 1;
715*7c478bd9Sstevel@tonic-gate 	printer(arg, " ");
716*7c478bd9Sstevel@tonic-gate 	print_string(msg, mlen, printer, arg);
717*7c478bd9Sstevel@tonic-gate 	break;
718*7c478bd9Sstevel@tonic-gate     }
719*7c478bd9Sstevel@tonic-gate 
720*7c478bd9Sstevel@tonic-gate     /* print the rest of the bytes in the packet */
721*7c478bd9Sstevel@tonic-gate     for (; len > 0; --len) {
722*7c478bd9Sstevel@tonic-gate 	GETCHAR(code, p);
723*7c478bd9Sstevel@tonic-gate 	printer(arg, " %.2x", code);
724*7c478bd9Sstevel@tonic-gate     }
725*7c478bd9Sstevel@tonic-gate 
726*7c478bd9Sstevel@tonic-gate     return (p - pstart);
727*7c478bd9Sstevel@tonic-gate }
728