Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/net implement auth protocols on the state-machine of con...



details:   https://anonhg.NetBSD.org/src/rev/657c238d2077
branches:  trunk
changeset: 957351:657c238d2077
user:      yamaguchi <yamaguchi%NetBSD.org@localhost>
date:      Wed Nov 25 09:46:05 2020 +0000

description:
implement auth protocols on the state-machine of control protocols

reviewed by knakahara@n.o.

diffstat:

 sys/net/if_spppsubr.c |  1144 +++++++++++++++++++++++++++---------------------
 sys/net/if_spppvar.h  |    19 +-
 2 files changed, 658 insertions(+), 505 deletions(-)

diffs (truncated from 1775 to 300 lines):

diff -r 728ff44a23b0 -r 657c238d2077 sys/net/if_spppsubr.c
--- a/sys/net/if_spppsubr.c     Wed Nov 25 09:41:20 2020 +0000
+++ b/sys/net/if_spppsubr.c     Wed Nov 25 09:46:05 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_spppsubr.c,v 1.200 2020/11/25 09:41:20 yamaguchi Exp $       */
+/*     $NetBSD: if_spppsubr.c,v 1.201 2020/11/25 09:46:05 yamaguchi Exp $       */
 
 /*
  * Synchronous PPP/Cisco link level subroutines.
@@ -41,7 +41,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.200 2020/11/25 09:41:20 yamaguchi Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.201 2020/11/25 09:46:05 yamaguchi Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -102,6 +102,9 @@
 #define        DEFAULT_NORECV_TIME             15      /* before we get worried */
 #define DEFAULT_MAX_AUTH_FAILURES      5       /* max. auth. failures */
 
+#define FAILMSG "Failed..."
+#define SUCCMSG "Welcome!"
+
 /*
  * Interface flags that can be set in an ifconfig command.
  *
@@ -254,6 +257,12 @@
        void    (*scan)(const struct cp *, struct sppp *);
 };
 
+enum auth_role {
+       SPPP_AUTH_NOROLE = 0,
+       SPPP_AUTH_SERV = __BIT(0),
+       SPPP_AUTH_PEER = __BIT(1),
+};
+
 static struct sppp *spppq;
 static kmutex_t *spppq_lock = NULL;
 static callout_t keepalive_ch;
@@ -325,6 +334,8 @@
 static void sppp_cp_to_ipv6cp(void *);
 static void sppp_auth_send(const struct cp *, struct sppp *,
                            unsigned int, unsigned int, ...);
+static int sppp_auth_role(const struct cp *, struct sppp *);
+static void sppp_auth_to_event(const struct cp *, struct sppp *);
 
 static void sppp_up_event(struct sppp *, void *);
 static void sppp_down_event(struct sppp *, void *);
@@ -337,7 +348,6 @@
 static void sppp_rtr_event(struct sppp *, void *);
 static void sppp_rta_event(struct sppp *, void *);
 static void sppp_rxj_event(struct sppp *, void *);
-static void sppp_null_event(struct sppp *, void *);
 
 static void sppp_null(struct sppp *);
 static void sppp_sca_scn(const struct cp *, struct sppp *);
@@ -359,6 +369,7 @@
 static void sppp_lcp_scr(struct sppp *);
 static void sppp_lcp_check_and_close(struct sppp *);
 static int sppp_ncp_check(struct sppp *);
+static int sppp_auth_check(struct sppp *);
 
 static void sppp_ipcp_init(struct sppp *);
 static void sppp_ipcp_up(struct sppp *, void *);
@@ -392,22 +403,31 @@
 
 static void sppp_pap_input(struct sppp *, struct mbuf *);
 static void sppp_pap_init(struct sppp *);
+static void sppp_pap_up(struct sppp *, void *);
+static void sppp_pap_down(struct sppp *, void *);
 static void sppp_pap_open(struct sppp *, void *);
 static void sppp_pap_close(struct sppp *, void *);
-static void sppp_pap_TO(void *);
-static void sppp_pap_my_TO(void *);
+static void sppp_pap_TO(struct sppp *, void *);
+static void sppp_pap_tls(struct sppp *);
+static void sppp_pap_tlf(struct sppp *);
 static void sppp_pap_tlu(struct sppp *);
-static void sppp_pap_tld(struct sppp *);
+static void sppp_pap_scr(struct sppp *);
 static void sppp_pap_scr(struct sppp *);
+static void sppp_pap_scan(const struct cp *, struct sppp *);
 
 static void sppp_chap_input(struct sppp *, struct mbuf *);
 static void sppp_chap_init(struct sppp *);
+static void sppp_chap_up(struct sppp *, void *);
+static void sppp_chap_down(struct sppp *, void *);
 static void sppp_chap_open(struct sppp *, void *);
 static void sppp_chap_close(struct sppp *, void *);
-static void sppp_chap_TO(void *);
+static void sppp_chap_TO(struct sppp *, void *);
 static void sppp_chap_tlu(struct sppp *);
-static void sppp_chap_tld(struct sppp *);
+static void sppp_chap_tls(struct sppp *);
+static void sppp_chap_tlf(struct sppp *);
 static void sppp_chap_scr(struct sppp *);
+static void sppp_chap_scan(const struct cp *, struct sppp *);
+static void sppp_chap_rcv_challenge_event(struct sppp *, void *);
 
 static const char *sppp_auth_type_name(u_short, u_char);
 static const char *sppp_cp_type_name(u_char);
@@ -494,18 +514,18 @@
 
 static const struct cp pap = {
        PPP_PAP, IDX_PAP, CP_AUTH, "pap",
-       sppp_null_event, sppp_null_event, sppp_pap_open, sppp_pap_close,
-       sppp_null_event, 0, 0, 0,
-       sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
-       sppp_pap_scr, 0
+       sppp_pap_up, sppp_pap_down, sppp_pap_open, sppp_pap_close,
+       sppp_pap_TO, 0, 0, 0,
+       sppp_pap_tlu, sppp_null, sppp_pap_tls, sppp_pap_tlf,
+       sppp_pap_scr, sppp_pap_scan
 };
 
 static const struct cp chap = {
        PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
-       sppp_null_event, sppp_null_event, sppp_chap_open, sppp_chap_close,
-       sppp_null_event, 0, 0, 0,
-       sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
-       sppp_chap_scr, 0
+       sppp_chap_up, sppp_chap_down, sppp_chap_open, sppp_chap_close,
+       sppp_chap_TO, 0, 0, 0,
+       sppp_chap_tlu, sppp_null, sppp_chap_tls, sppp_chap_tlf,
+       sppp_chap_scr, sppp_chap_scan
 };
 
 static const struct cp *cps[IDX_COUNT] = {
@@ -1074,13 +1094,12 @@
 
        sppp_cp_fini(&lcp, sp);
        sppp_cp_fini(&ipcp, sp);
-       callout_stop(&sp->scp[IDX_PAP].ch);
-       callout_stop(&sp->scp[IDX_CHAP].ch);
+       sppp_cp_fini(&pap, sp);
+       sppp_cp_fini(&chap, sp);
 #ifdef INET6
        sppp_cp_fini(&ipv6cp, sp);
 #endif
        sppp_wq_destroy(sp, sp->wq_cp);
-       callout_stop(&sp->pap_my_to_ch);
 
        /* free authentication info */
        if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF);
@@ -1523,6 +1542,23 @@
 }
 
 static void
+sppp_cp_to_pap(void *xsp)
+{
+       struct sppp *sp = xsp;
+
+       sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_to);
+}
+
+static void
+sppp_cp_to_chap(void *xsp)
+{
+       struct sppp *sp = xsp;
+
+       sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_to);
+}
+
+
+static void
 sppp_cp_init(const struct cp *cp, struct sppp *sp)
 {
        struct sppp_cp *scp;
@@ -1531,6 +1567,8 @@
                [IDX_LCP] = sppp_cp_to_lcp,
                [IDX_IPCP] = sppp_cp_to_ipcp,
                [IDX_IPV6CP] = sppp_cp_to_ipv6cp,
+               [IDX_PAP] = sppp_cp_to_pap,
+               [IDX_CHAP] = sppp_cp_to_chap,
        };
 
        scp = &sp->scp[cp->protoidx];
@@ -1814,6 +1852,10 @@
 
        KASSERT(SPPP_WLOCKED(sp));
 
+       if ((cp->flags & CP_AUTH) != 0 &&
+           sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
+               return;
+
        if (debug)
                log(LOG_DEBUG, "%s: %s up(%s)\n",
                    ifp->if_xname, cp->name,
@@ -1843,6 +1885,10 @@
 
        KASSERT(SPPP_WLOCKED(sp));
 
+       if ((cp->flags & CP_AUTH) != 0 &&
+           sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
+               return;
+
        if (debug)
                log(LOG_DEBUG, "%s: %s down(%s)\n",
                    ifp->if_xname, cp->name,
@@ -1882,6 +1928,10 @@
 
        KASSERT(SPPP_WLOCKED(sp));
 
+       if ((cp->flags & CP_AUTH) != 0 &&
+           sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
+               return;
+
        if (debug)
                log(LOG_DEBUG, "%s: %s open(%s)\n",
                    ifp->if_xname, cp->name,
@@ -1921,6 +1971,10 @@
 
        KASSERT(SPPP_WLOCKED(sp));
 
+       if ((cp->flags & CP_AUTH) != 0 &&
+           sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
+               return;
+
        if (debug)
                log(LOG_DEBUG, "%s: %s close(%s)\n",
                    ifp->if_xname, cp->name,
@@ -1948,8 +2002,10 @@
        case STATE_ACK_RCVD:
        case STATE_ACK_SENT:
                sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate;
-               sppp_cp_send(sp, cp->proto, TERM_REQ,
-                   ++sp->scp[cp->protoidx].seq, 0, 0);
+               if ((cp->flags & CP_AUTH) == 0) {
+                       sppp_cp_send(sp, cp->proto, TERM_REQ,
+                           ++sp->scp[cp->protoidx].seq, 0, 0);
+               }
                sppp_cp_change_state(cp, sp, STATE_CLOSING);
                break;
        }
@@ -1976,21 +2032,18 @@
                /* TO- event */
                switch (sp->scp[cp->protoidx].state) {
                case STATE_CLOSING:
+                       sppp_cp_change_state(cp, sp, STATE_CLOSED);
                        (cp->tlf)(sp);
-                       sppp_cp_change_state(cp, sp, STATE_CLOSED);
-                       sppp_lcp_check_and_close(sp);
                        break;
                case STATE_STOPPING:
+                       sppp_cp_change_state(cp, sp, STATE_STOPPED);
                        (cp->tlf)(sp);
-                       sppp_cp_change_state(cp, sp, STATE_STOPPED);
-                       sppp_lcp_check_and_close(sp);
                        break;
                case STATE_REQ_SENT:
                case STATE_ACK_RCVD:
                case STATE_ACK_SENT:
+                       sppp_cp_change_state(cp, sp, STATE_STOPPED);
                        (cp->tlf)(sp);
-                       sppp_cp_change_state(cp, sp, STATE_STOPPED);
-                       sppp_lcp_check_and_close(sp);
                        break;
                }
        else
@@ -1998,8 +2051,10 @@
                switch (sp->scp[cp->protoidx].state) {
                case STATE_CLOSING:
                case STATE_STOPPING:
-                       sppp_cp_send(sp, cp->proto, TERM_REQ,
-                           ++sp->scp[cp->protoidx].seq, 0, 0);
+                       if ((cp->flags & CP_AUTH) == 0) {
+                               sppp_cp_send(sp, cp->proto, TERM_REQ,
+                                   ++sp->scp[cp->protoidx].seq, 0, 0);
+                       }
                        callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout);
                        break;
                case STATE_REQ_SENT:
@@ -2067,8 +2122,10 @@
                        }
                        break;
                case STATE_CLOSED:
-                       sppp_cp_send(sp, cp->proto, TERM_ACK,
-                           sp->scp[cp->protoidx].rconfid, 0, 0);
+                       if ((cp->flags & CP_AUTH) == 0) {
+                               sppp_cp_send(sp, cp->proto, TERM_ACK,
+                                   sp->scp[cp->protoidx].rconfid, 0, 0);
+                       }
                        break;
                default:
                        printf("%s: %s illegal RCR+ in state %s\n",
@@ -2109,8 +2166,10 @@
                        break;
                case STATE_CLOSED:
                        sppp_cp_change_state(cp, sp, STATE_CLOSED);
-                       sppp_cp_send(sp, cp->proto, TERM_ACK,
-                           sp->scp[cp->protoidx].rconfid, 0, 0);
+                       if ((cp->flags & CP_AUTH) == 0) {
+                               sppp_cp_send(sp, cp->proto, TERM_ACK,
+                                   sp->scp[cp->protoidx].rconfid, 0, 0);
+                       }
                        break;
                default:
                        printf("%s: %s illegal RCR- in state %s\n",



Home | Main Index | Thread Index | Old Index