freebsd-dev/usr.sbin/ppp/auth.h

/*-
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 *
 * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
 *          based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
 *                           Internet Initiative Japan, Inc (IIJ)
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * $FreeBSD$
 */

struct physical;
struct bundle;
struct authinfo;
typedef void (*auth_func)(struct authinfo *);

struct authinfo {
  struct {
    auth_func req;
    auth_func success;
    auth_func failure;
  } fn;
  struct {
    struct fsmheader hdr;
    char name[AUTHLEN];
  } in;
  struct pppTimer authtimer;
  int retry;
  int id;
  struct physical *physical;
  struct {
    struct fsm_retry fsm;	/* How often/frequently to resend requests */
  } cfg;
};

#define auth_Failure(a) (*(a)->fn.failure)(a)
#define auth_Success(a) (*(a)->fn.success)(a)

extern const char *Auth2Nam(u_short, u_char);
extern void auth_Init(struct authinfo *, struct physical *,
                      auth_func, auth_func, auth_func);
extern void auth_StopTimer(struct authinfo *);
extern void auth_StartReq(struct authinfo *);
extern int auth_Validate(struct bundle *, const char *, const char *);
extern char *auth_GetSecret(const char *, size_t);
extern int auth_SetPhoneList(const char *, char *, int);
extern int auth_Select(struct bundle *, const char *);
extern struct mbuf *auth_ReadHeader(struct authinfo *, struct mbuf *);
extern struct mbuf *auth_ReadName(struct authinfo *, struct mbuf *, size_t);
Convert IIJ copyrights to BSD copyrights. Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp> 2001-06-13 21:52:19 +00:00			`/*-`
various: general adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. No functional change intended. 2017-11-27 15:37:16 +00:00			`* SPDX-License-Identifier: BSD-2-Clause-FreeBSD`
			`*`
Convert IIJ copyrights to BSD copyrights. Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp> 2001-06-13 21:52:19 +00:00			`* Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>`
			`* based on work by Toshiharu OHNO <tony-o@iij.ad.jp>`
			`* Internet Initiative Japan, Inc (IIJ)`
			`* All rights reserved.`
Compile error occured by missing auth.h/cdefs.h Reviewed by: amurai@spec.co.jp 1995-02-27 03:18:28 +00:00			`*`
Convert IIJ copyrights to BSD copyrights. Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp> 2001-06-13 21:52:19 +00:00			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions`
			`* are met:`
			`* 1. Redistributions of source code must retain the above copyright`
			`* notice, this list of conditions and the following disclaimer.`
			`* 2. Redistributions in binary form must reproduce the above copyright`
			`* notice, this list of conditions and the following disclaimer in the`
			`* documentation and/or other materials provided with the distribution.`
Compile error occured by missing auth.h/cdefs.h Reviewed by: amurai@spec.co.jp 1995-02-27 03:18:28 +00:00			`*`
Convert IIJ copyrights to BSD copyrights. Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp> 2001-06-13 21:52:19 +00:00			* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
			`* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
			`* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE`
			`* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE`
			`* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
			`* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS`
			`* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
			`* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT`
			`* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY`
			`* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
			`* SUCH DAMAGE.`
Compile error occured by missing auth.h/cdefs.h Reviewed by: amurai@spec.co.jp 1995-02-27 03:18:28 +00:00			`*`
$Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00			`* $FreeBSD$`
Compile error occured by missing auth.h/cdefs.h Reviewed by: amurai@spec.co.jp 1995-02-27 03:18:28 +00:00			`*/`

Create a new MP branch for `multilink protocol'. Do lots of initial shuffling and grouping. Submitted by: Eivind Eklund <perhaps@yes.no> 1998-01-29 00:49:32 +00:00			`struct physical;`
o Move alias function pointers into loadalias.c o Move Var*Version into command.c o Remove struct pppVars (and there was much rejoicing) ! o Forward-decl some structs in .h files to avoid include ordering requirements and remove a few more redundant #includes. 1998-04-07 00:54:26 +00:00			`struct bundle;`
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it looks ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland 1999-02-06 02:54:47 +00:00			`struct authinfo;`
			`typedef void (auth_func)(struct authinfo );`
Compile error occured by missing auth.h/cdefs.h Reviewed by: amurai@spec.co.jp 1995-02-27 03:18:28 +00:00
			`struct authinfo {`
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it looks ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland 1999-02-06 02:54:47 +00:00			`struct {`
			`auth_func req;`
			`auth_func success;`
			`auth_func failure;`
			`} fn;`
			`struct {`
			`struct fsmheader hdr;`
			`char name[AUTHLEN];`
			`} in;`
Compile error occured by missing auth.h/cdefs.h Reviewed by: amurai@spec.co.jp 1995-02-27 03:18:28 +00:00			`struct pppTimer authtimer;`
			`int retry;`
			`int id;`
Create a new MP branch for `multilink protocol'. Do lots of initial shuffling and grouping. Submitted by: Eivind Eklund <perhaps@yes.no> 1998-01-29 00:49:32 +00:00			`struct physical *physical;`
o Move default MRU, MTU, ACCMAP and OPENMODE config values into struct lcp and display them in `show lcp'. o Remove `show mru' and `show mtu' and make the data part of `show lcp'. Also merge `set m[tr]u' and `set openmode' implementations into the SetVariable function. o `set timeout' only accepts the idle timer value as an argument. o Move our lqr period into struct lcp, and create a `set lqrperiod' command. Display it in `show lcp'. o Remove VarRetryTimeout, and implement it at the LCP, PAP, CHAP, CCP and IPCP levels, creating individual `set XXXretry' commands for each. They must be separate because they have different context requirements in multilink mode. o Display default config values in `show ccp'. o Tart the man page up a bit (wrt PPP/TCP, compression and LQR) and explain the new commands. 1998-04-03 19:24:07 +00:00			`struct {`
Allow control over the number of ConfigREQ & TermREQ attempts that are made in each of the FSMs (LCP, CCP & IPCP) and the number of REQs/Challenges for PAP/CHAP by accepting more arguments in the ``set {c,ip,l}cpretry'' and ``set {ch,p}apretry'' commands. Change the non-convergence thresholds to 3 times the number of configured REQ tries (rather than the previous fixed ``10''). We now notice repeated NAKs and REJs rather than just REQs. Don't suggest that CHAP 0x05 isn't supported when it's not configured. Fix some bugs that expose themselves with smaller numbers of retries: o Handle instantaneous disconnects (set device /dev/null) correctly by stopping all fsm timers in fsm2initial. o Don't forget to uu_unlock() devices that are files but are not ttys (set device /dev/zero). Fix a HORRENDOUS bug in RFC1661 (already fixed for an Open event in state ``Closed''): According to the state transition table, a RCR+ or RCR- received in the ``Stopped'' state are supposed to InitRestartCounter, SendConfigReq and SendConfig{Ack,Nak}. However, in ``Stopped'', we haven't yet done a TLS (or the last thing we did is a TLF). We must therefore do the TLS at this point ! This was never noticed before because LCP and CCP used not use LayerStart() for anything interesting, and IPCP tends to go into Stopped then get a Down because of an LCP RTR rather than getting a RCR again. 1999-02-26 21:28:14 +00:00			`struct fsm_retry fsm; /* How often/frequently to resend requests */`
o Move default MRU, MTU, ACCMAP and OPENMODE config values into struct lcp and display them in `show lcp'. o Remove `show mru' and `show mtu' and make the data part of `show lcp'. Also merge `set m[tr]u' and `set openmode' implementations into the SetVariable function. o `set timeout' only accepts the idle timer value as an argument. o Move our lqr period into struct lcp, and create a `set lqrperiod' command. Display it in `show lcp'. o Remove VarRetryTimeout, and implement it at the LCP, PAP, CHAP, CCP and IPCP levels, creating individual `set XXXretry' commands for each. They must be separate because they have different context requirements in multilink mode. o Display default config values in `show ccp'. o Tart the man page up a bit (wrt PPP/TCP, compression and LQR) and explain the new commands. 1998-04-03 19:24:07 +00:00			`} cfg;`
Compile error occured by missing auth.h/cdefs.h Reviewed by: amurai@spec.co.jp 1995-02-27 03:18:28 +00:00			`};`

Add support for MS-CHAP authentication via a RADIUS server. Add support for Reply-Message and MS-CHAP-Error. Sponsored by: Monzoon 2002-05-10 03:11:35 +00:00			`#define auth_Failure(a) (*(a)->fn.failure)(a)`
			`#define auth_Success(a) (*(a)->fn.success)(a)`
Cosmetic: Make our external function names consistent. 1998-05-01 19:26:12 +00:00
Fully support both NT and LANMan CHAP type 0x80 as both authenticator and authenticatee. 1999-02-18 00:52:15 +00:00			`extern const char *Auth2Nam(u_short, u_char);`
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it looks ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland 1999-02-06 02:54:47 +00:00			`extern void auth_Init(struct authinfo , struct physical ,`
			`auth_func, auth_func, auth_func);`
Cosmetic: Make our external function names consistent. 1998-05-01 19:26:12 +00:00			`extern void auth_StopTimer(struct authinfo *);`
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it looks ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland 1999-02-06 02:54:47 +00:00			`extern void auth_StartReq(struct authinfo *);`
Make ppp WARNS=5 clean 2004-09-05 01:46:52 +00:00			`extern int auth_Validate(struct bundle , const char , const char *);`
			`extern char auth_GetSecret(const char , size_t);`
o Support callback types NONE, E.164, AUTH and CBCP. (see the new ``set callback'' and ``set cbcp'' commands) o Add a ``cbcp'' log level and mbuf type. o Don't dump core when \T is given in ``set login'' or ``set hangup''. o Allow ``*'' and blanks as placeholders in ppp.secret and allow a fifth field for specifying auth/cbcp dialback parameters. o Remove a few extraneous #includes o Define the default number of REQs (restart counter) in defs.h rather than hardcoding ``5'' all over the place. o Fix a few man page inconsistencies. 1998-08-07 18:42:51 +00:00			`extern int auth_SetPhoneList(const char , char , int);`
			`extern int auth_Select(struct bundle , const char );`
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it looks ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland 1999-02-06 02:54:47 +00:00			`extern struct mbuf auth_ReadHeader(struct authinfo , struct mbuf *);`
Make ppp WARNS=5 clean 2004-09-05 01:46:52 +00:00			`extern struct mbuf auth_ReadName(struct authinfo , struct mbuf *, size_t);`