Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net implement auth protocols on the state-machine of con...
details: https://anonhg.NetBSD.org/src/rev/657c238d2077
branches: trunk
changeset: 957351:657c238d2077
user: yamaguchi <yamaguchi%NetBSD.org@localhost>
date: Wed Nov 25 09:46:05 2020 +0000
description:
implement auth protocols on the state-machine of control protocols
reviewed by knakahara@n.o.
diffstat:
sys/net/if_spppsubr.c | 1144 +++++++++++++++++++++++++++---------------------
sys/net/if_spppvar.h | 19 +-
2 files changed, 658 insertions(+), 505 deletions(-)
diffs (truncated from 1775 to 300 lines):
diff -r 728ff44a23b0 -r 657c238d2077 sys/net/if_spppsubr.c
--- a/sys/net/if_spppsubr.c Wed Nov 25 09:41:20 2020 +0000
+++ b/sys/net/if_spppsubr.c Wed Nov 25 09:46:05 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_spppsubr.c,v 1.200 2020/11/25 09:41:20 yamaguchi Exp $ */
+/* $NetBSD: if_spppsubr.c,v 1.201 2020/11/25 09:46:05 yamaguchi Exp $ */
/*
* Synchronous PPP/Cisco link level subroutines.
@@ -41,7 +41,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.200 2020/11/25 09:41:20 yamaguchi Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.201 2020/11/25 09:46:05 yamaguchi Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -102,6 +102,9 @@
#define DEFAULT_NORECV_TIME 15 /* before we get worried */
#define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */
+#define FAILMSG "Failed..."
+#define SUCCMSG "Welcome!"
+
/*
* Interface flags that can be set in an ifconfig command.
*
@@ -254,6 +257,12 @@
void (*scan)(const struct cp *, struct sppp *);
};
+enum auth_role {
+ SPPP_AUTH_NOROLE = 0,
+ SPPP_AUTH_SERV = __BIT(0),
+ SPPP_AUTH_PEER = __BIT(1),
+};
+
static struct sppp *spppq;
static kmutex_t *spppq_lock = NULL;
static callout_t keepalive_ch;
@@ -325,6 +334,8 @@
static void sppp_cp_to_ipv6cp(void *);
static void sppp_auth_send(const struct cp *, struct sppp *,
unsigned int, unsigned int, ...);
+static int sppp_auth_role(const struct cp *, struct sppp *);
+static void sppp_auth_to_event(const struct cp *, struct sppp *);
static void sppp_up_event(struct sppp *, void *);
static void sppp_down_event(struct sppp *, void *);
@@ -337,7 +348,6 @@
static void sppp_rtr_event(struct sppp *, void *);
static void sppp_rta_event(struct sppp *, void *);
static void sppp_rxj_event(struct sppp *, void *);
-static void sppp_null_event(struct sppp *, void *);
static void sppp_null(struct sppp *);
static void sppp_sca_scn(const struct cp *, struct sppp *);
@@ -359,6 +369,7 @@
static void sppp_lcp_scr(struct sppp *);
static void sppp_lcp_check_and_close(struct sppp *);
static int sppp_ncp_check(struct sppp *);
+static int sppp_auth_check(struct sppp *);
static void sppp_ipcp_init(struct sppp *);
static void sppp_ipcp_up(struct sppp *, void *);
@@ -392,22 +403,31 @@
static void sppp_pap_input(struct sppp *, struct mbuf *);
static void sppp_pap_init(struct sppp *);
+static void sppp_pap_up(struct sppp *, void *);
+static void sppp_pap_down(struct sppp *, void *);
static void sppp_pap_open(struct sppp *, void *);
static void sppp_pap_close(struct sppp *, void *);
-static void sppp_pap_TO(void *);
-static void sppp_pap_my_TO(void *);
+static void sppp_pap_TO(struct sppp *, void *);
+static void sppp_pap_tls(struct sppp *);
+static void sppp_pap_tlf(struct sppp *);
static void sppp_pap_tlu(struct sppp *);
-static void sppp_pap_tld(struct sppp *);
+static void sppp_pap_scr(struct sppp *);
static void sppp_pap_scr(struct sppp *);
+static void sppp_pap_scan(const struct cp *, struct sppp *);
static void sppp_chap_input(struct sppp *, struct mbuf *);
static void sppp_chap_init(struct sppp *);
+static void sppp_chap_up(struct sppp *, void *);
+static void sppp_chap_down(struct sppp *, void *);
static void sppp_chap_open(struct sppp *, void *);
static void sppp_chap_close(struct sppp *, void *);
-static void sppp_chap_TO(void *);
+static void sppp_chap_TO(struct sppp *, void *);
static void sppp_chap_tlu(struct sppp *);
-static void sppp_chap_tld(struct sppp *);
+static void sppp_chap_tls(struct sppp *);
+static void sppp_chap_tlf(struct sppp *);
static void sppp_chap_scr(struct sppp *);
+static void sppp_chap_scan(const struct cp *, struct sppp *);
+static void sppp_chap_rcv_challenge_event(struct sppp *, void *);
static const char *sppp_auth_type_name(u_short, u_char);
static const char *sppp_cp_type_name(u_char);
@@ -494,18 +514,18 @@
static const struct cp pap = {
PPP_PAP, IDX_PAP, CP_AUTH, "pap",
- sppp_null_event, sppp_null_event, sppp_pap_open, sppp_pap_close,
- sppp_null_event, 0, 0, 0,
- sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
- sppp_pap_scr, 0
+ sppp_pap_up, sppp_pap_down, sppp_pap_open, sppp_pap_close,
+ sppp_pap_TO, 0, 0, 0,
+ sppp_pap_tlu, sppp_null, sppp_pap_tls, sppp_pap_tlf,
+ sppp_pap_scr, sppp_pap_scan
};
static const struct cp chap = {
PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
- sppp_null_event, sppp_null_event, sppp_chap_open, sppp_chap_close,
- sppp_null_event, 0, 0, 0,
- sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
- sppp_chap_scr, 0
+ sppp_chap_up, sppp_chap_down, sppp_chap_open, sppp_chap_close,
+ sppp_chap_TO, 0, 0, 0,
+ sppp_chap_tlu, sppp_null, sppp_chap_tls, sppp_chap_tlf,
+ sppp_chap_scr, sppp_chap_scan
};
static const struct cp *cps[IDX_COUNT] = {
@@ -1074,13 +1094,12 @@
sppp_cp_fini(&lcp, sp);
sppp_cp_fini(&ipcp, sp);
- callout_stop(&sp->scp[IDX_PAP].ch);
- callout_stop(&sp->scp[IDX_CHAP].ch);
+ sppp_cp_fini(&pap, sp);
+ sppp_cp_fini(&chap, sp);
#ifdef INET6
sppp_cp_fini(&ipv6cp, sp);
#endif
sppp_wq_destroy(sp, sp->wq_cp);
- callout_stop(&sp->pap_my_to_ch);
/* free authentication info */
if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF);
@@ -1523,6 +1542,23 @@
}
static void
+sppp_cp_to_pap(void *xsp)
+{
+ struct sppp *sp = xsp;
+
+ sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_to);
+}
+
+static void
+sppp_cp_to_chap(void *xsp)
+{
+ struct sppp *sp = xsp;
+
+ sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_to);
+}
+
+
+static void
sppp_cp_init(const struct cp *cp, struct sppp *sp)
{
struct sppp_cp *scp;
@@ -1531,6 +1567,8 @@
[IDX_LCP] = sppp_cp_to_lcp,
[IDX_IPCP] = sppp_cp_to_ipcp,
[IDX_IPV6CP] = sppp_cp_to_ipv6cp,
+ [IDX_PAP] = sppp_cp_to_pap,
+ [IDX_CHAP] = sppp_cp_to_chap,
};
scp = &sp->scp[cp->protoidx];
@@ -1814,6 +1852,10 @@
KASSERT(SPPP_WLOCKED(sp));
+ if ((cp->flags & CP_AUTH) != 0 &&
+ sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
+ return;
+
if (debug)
log(LOG_DEBUG, "%s: %s up(%s)\n",
ifp->if_xname, cp->name,
@@ -1843,6 +1885,10 @@
KASSERT(SPPP_WLOCKED(sp));
+ if ((cp->flags & CP_AUTH) != 0 &&
+ sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
+ return;
+
if (debug)
log(LOG_DEBUG, "%s: %s down(%s)\n",
ifp->if_xname, cp->name,
@@ -1882,6 +1928,10 @@
KASSERT(SPPP_WLOCKED(sp));
+ if ((cp->flags & CP_AUTH) != 0 &&
+ sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
+ return;
+
if (debug)
log(LOG_DEBUG, "%s: %s open(%s)\n",
ifp->if_xname, cp->name,
@@ -1921,6 +1971,10 @@
KASSERT(SPPP_WLOCKED(sp));
+ if ((cp->flags & CP_AUTH) != 0 &&
+ sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
+ return;
+
if (debug)
log(LOG_DEBUG, "%s: %s close(%s)\n",
ifp->if_xname, cp->name,
@@ -1948,8 +2002,10 @@
case STATE_ACK_RCVD:
case STATE_ACK_SENT:
sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate;
- sppp_cp_send(sp, cp->proto, TERM_REQ,
- ++sp->scp[cp->protoidx].seq, 0, 0);
+ if ((cp->flags & CP_AUTH) == 0) {
+ sppp_cp_send(sp, cp->proto, TERM_REQ,
+ ++sp->scp[cp->protoidx].seq, 0, 0);
+ }
sppp_cp_change_state(cp, sp, STATE_CLOSING);
break;
}
@@ -1976,21 +2032,18 @@
/* TO- event */
switch (sp->scp[cp->protoidx].state) {
case STATE_CLOSING:
+ sppp_cp_change_state(cp, sp, STATE_CLOSED);
(cp->tlf)(sp);
- sppp_cp_change_state(cp, sp, STATE_CLOSED);
- sppp_lcp_check_and_close(sp);
break;
case STATE_STOPPING:
+ sppp_cp_change_state(cp, sp, STATE_STOPPED);
(cp->tlf)(sp);
- sppp_cp_change_state(cp, sp, STATE_STOPPED);
- sppp_lcp_check_and_close(sp);
break;
case STATE_REQ_SENT:
case STATE_ACK_RCVD:
case STATE_ACK_SENT:
+ sppp_cp_change_state(cp, sp, STATE_STOPPED);
(cp->tlf)(sp);
- sppp_cp_change_state(cp, sp, STATE_STOPPED);
- sppp_lcp_check_and_close(sp);
break;
}
else
@@ -1998,8 +2051,10 @@
switch (sp->scp[cp->protoidx].state) {
case STATE_CLOSING:
case STATE_STOPPING:
- sppp_cp_send(sp, cp->proto, TERM_REQ,
- ++sp->scp[cp->protoidx].seq, 0, 0);
+ if ((cp->flags & CP_AUTH) == 0) {
+ sppp_cp_send(sp, cp->proto, TERM_REQ,
+ ++sp->scp[cp->protoidx].seq, 0, 0);
+ }
callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout);
break;
case STATE_REQ_SENT:
@@ -2067,8 +2122,10 @@
}
break;
case STATE_CLOSED:
- sppp_cp_send(sp, cp->proto, TERM_ACK,
- sp->scp[cp->protoidx].rconfid, 0, 0);
+ if ((cp->flags & CP_AUTH) == 0) {
+ sppp_cp_send(sp, cp->proto, TERM_ACK,
+ sp->scp[cp->protoidx].rconfid, 0, 0);
+ }
break;
default:
printf("%s: %s illegal RCR+ in state %s\n",
@@ -2109,8 +2166,10 @@
break;
case STATE_CLOSED:
sppp_cp_change_state(cp, sp, STATE_CLOSED);
- sppp_cp_send(sp, cp->proto, TERM_ACK,
- sp->scp[cp->protoidx].rconfid, 0, 0);
+ if ((cp->flags & CP_AUTH) == 0) {
+ sppp_cp_send(sp, cp->proto, TERM_ACK,
+ sp->scp[cp->protoidx].rconfid, 0, 0);
+ }
break;
default:
printf("%s: %s illegal RCR- in state %s\n",
Home |
Main Index |
Thread Index |
Old Index