* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
-#define RCSID "$Id: auth.c,v 1.69 2001/03/12 22:50:01 paulus Exp $"
+#define RCSID "$Id: auth.c,v 1.6 2006/11/24 03:33:52 andylin Exp $"
#include <stdio.h>
#include <stddef.h>
#include "pathnames.h"
static const char rcsid[] = RCSID;
+#if defined(ONE_AND_ONE)
+extern int auth_again; //defined in main.c
+extern int is1n1;
+#endif
+extern int isp_1n1;
/* Bits in scan_authfile return value */
#define NONWILD_SERVER 1
#define ISWILD(word) (word[0] == '*' && word[1] == 0)
+//#if !defined(INCLUDE_EMBHTTPD)
+extern glbppppid;
+//#endif
+#if defined(ODM_LANG_LLL)
+extern int ppp_session;
+extern int got_ppp_down;
+#endif
+
/* The name by which the peer authenticated itself to us. */
char peer_authname[MAXNAMELEN];
uafname = fname;
/* get username */
- if (fgets(u, MAXNAMELEN - 1, ufile) == NULL
- || fgets(p, MAXSECRETLEN - 1, ufile) == NULL){
+ if (fgets(u, MAXNAMELEN - 1, ufile) == NULL || fgets(p, MAXSECRETLEN - 1, ufile) == NULL){
option_error("unable to read user login data file %s", fname);
return 0;
}
new_phase(PHASE_TERMINATE);
}
+/*==== add by Andrew to limit the times of authentication ====*/
+int isRetriesTimesOut(unit)
+ int unit;
+{
+ lcp_options *ho = &lcp_hisoptions[unit];
+ int isTimesOut = 0;
+
+ if (ho->neg_chap) {
+ chap_state *cstate = &chap[unit];
+ if(cstate->retries <= 0)
+ isTimesOut = 1;
+ } else if (ho->neg_upap) {
+ upap_state *u = &upap[unit];
+ if(u->us_retries <= 0)
+ isTimesOut = 1;
+ }
+ return isTimesOut;
+}
+/*==== end ====*/
+
/*
* The link is established.
* Proceed to the Dead, Authenticate or Network phase as appropriate.
lcp_options *ho = &lcp_hisoptions[unit];
int i;
struct protent *protp;
+ char cmd[60];
+
+ /*==== add by Andrew to limit the times of authentication ====*/
+//#if defined (PPP_AUTH_LIMIT)
+#if 0
+ if(isRetriesTimesOut(unit)) {
+ //system("echo '0:the times of retry is exhausted' > /var/pppmesg");
+ lcp_close(unit, "retries times is out");
+ status = EXIT_PEER_AUTH_FAILED;
+#ifdef BBB_XML_API //Wilson add, (04/18/2005)
+ FILE *fp=NULL;
+ fp = fopen("/var/pppStatus", "w+");
+ if(fp){
+ fprintf(fp, "1,1");
+ fclose(fp);
+ }
+#endif //endif BBB_XML_API
+#if defined(ODM_LANG_LLL)
+ FILE *wsnfp=NULL;
+ if (ppp_session == PPPOE){
+ wsnfp = fopen("/var/btaolstatus", "w");
+ if(wsnfp){
+ fprintf(wsnfp, "%d", 2);
+ fclose(wsnfp);
+ }
+ sprintf(cmd,"kill -9 %d",glbppppid);
+ system(cmd);
+ }
+#else//ODM_LANG_LLL
+ //sprintf(cmd,"echo 1 > /var/af_%s",req_name);
+ //system(cmd);
+ sprintf(cmd,"kill -9 %d",glbppppid);
+ system(cmd);
+ //exit(1);
+#endif//ODM_LANG_LLL
+ }
+#endif//PPP_AUTH_LIMIT
+ /*==== end ====*/
/*
* Tell higher-level protocols that LCP is up.
*/
for (i = 0; (protp = protocols[i]) != NULL; ++i)
- if (protp->protocol != PPP_LCP && protp->enabled_flag
- && protp->lowerup != NULL)
+ if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL)
(*protp->lowerup)(unit);
if (auth_required && !(go->neg_chap || go->neg_upap)) {
ChapAuthWithPeer(unit, user, ho->chap_mdtype);
auth |= CHAP_WITHPEER;
} else if (ho->neg_upap) {
- if (passwd[0] == 0) {
- passwd_from_file = 1;
- if (!get_pap_passwd(passwd))
- error("No secret found for PAP login");
- }
+// Ported from 2.10.1--06/02/2003 continue Auth for Null Password
+// if (passwd[0] == 0) {
+// passwd_from_file = 1;
+// if (!get_pap_passwd(passwd))
+// error("No secret found for PAP login");
+// }
upap_authwithpeer(unit, user, passwd);
auth |= PAP_WITHPEER;
}
if (!demand)
set_filters(&pass_filter, &active_filter);
#endif
- for (i = 0; (protp = protocols[i]) != NULL; ++i)
- if (protp->protocol < 0xC000 && protp->enabled_flag
- && protp->open != NULL) {
+ for (i = 0; (protp = protocols[i]) != NULL; ++i) {
+ if (protp->protocol < 0xC000 && protp->enabled_flag && protp->open != NULL) {
(*protp->open)(0);
if (protp->protocol != PPP_CCP)
++num_np_open;
}
+ }
if (num_np_open == 0)
/* nothing to do */
* authentication secrets.
*/
lcp_close(unit, "Failed to authenticate ourselves to peer");
+#if defined(ONE_AND_ONE)
+ if(isp_1n1 && is1n1) {
+ upap_state *u = &upap[unit];
+ if(u->us_1n1stage==1) {
+ auth_again = 1;
+ } else {
+ status = EXIT_AUTH_TOPEER_FAILED;
+ printf("PPP: Authentication failed.\n");
+ create_msg(BCM_PPPOE_AUTH_FAILED);
+ syslog(LOG_ERR,"User name and password authentication failed.\n");
+ }
+ }else {
+ status = EXIT_AUTH_TOPEER_FAILED;
+ printf("PPP: Authentication failed.\n");
+ create_msg(BCM_PPPOE_AUTH_FAILED);
+ syslog(LOG_ERR,"User name and password authentication failed.\n");
+ }
+#else
status = EXIT_AUTH_TOPEER_FAILED;
// brcm
- if ((strlen(user) > 0) || autoscanP2) {
- printf("PPP: Authenication failed.\n");
- create_msg(BCM_PPPOE_AUTH_FAILED);
- syslog(LOG_ERR,"User name and password authentication failed.\n");
+// if ((strlen(user) > 0) || autoscanP2) {
+ printf("PPP: Authentication failed.\n");
+ create_msg(BCM_PPPOE_AUTH_FAILED);
+ //syslog(LOG_ERR,"User name and password authentication failed.\n");
+ syslog(LOG_ERR,"PPP Authentication Failed\n");
+// }
+//#ifdef BBB_XML_API //Wilson add, (04/18/2005)
+#if defined(SUPPORT_XML_API) //Wilson add, (03/14/2006)
+ FILE *fp=NULL;
+ fp = fopen("/var/pppStatus", "w+");
+ if(fp){
+ fprintf(fp, "1,1");
+ fclose(fp);
}
- persist=0;
+#endif //end#if defined(BBB_XML_API) || defined(SUPPORT_XML_API) //Wilson add, (03/14/2006)
+#if defined(SUPPORT_TR69C) //Wilson add, (09/01/2006)
+ FILE *fd=NULL;
+ char filePath[128]={0,};
+ sprintf(filePath, "/var/%s_LastError", session_path);
+ fd = fopen(filePath, "w+");
+ if(fd){
+ fprintf(fd, "ERROR_AUTHENTICATION_FAILURE");
+ fclose(fd);
+ }
+#endif //endif SUPPORT_TR69C
+ //marked by Charles 07/03/2003 to allow continous retry
+ //persist=0;
+#endif
}
/*
switch (protocol) {
case PPP_CHAP:
bit = CHAP_WITHPEER;
+ syslog(LOG_NOTICE,"PPP Authentication Successful\n");
break;
case PPP_PAP:
if (passwd_from_file)
BZERO(passwd, MAXSECRETLEN);
bit = PAP_WITHPEER;
+ syslog(LOG_NOTICE,"PPP Authentication Successful\n");
break;
default:
warn("auth_withpeer_success: unknown protocol %x", protocol);
struct ppp_idle idle;
time_t itime;
int tlim;
+#if defined(SUPPORT_TR69C) //Wilson add, (09/01/2006)
+ FILE *fp=NULL;
+ char filePath[128]={0,};
+#endif
if (!get_idle_time(0, &idle))
return;
tlim = idle_time_hook(&idle);
} else {
tlim = idle_time_limit - idle.xmit_idle;
- itime = MIN(idle.xmit_idle, idle.recv_idle);
- tlim = idle_time_limit - itime;
+ /***************************************************
+ * idle timer will only consider LAN-->WAN traffic *
+ * comment it according Brcm patch *
+ * Andrew(02/12/2004) *
+ ***************************************************/
+ //itime = MIN(idle.xmit_idle, idle.recv_idle);
+ //tlim = idle_time_limit - itime;
+ /***************************************************/
}
if (tlim <= 0) {
/* link is idle: shut it down. */
// brcm
redisconn = 0;
sprintf(oldsession, "%s", "");
+#if defined(SUPPORT_TR69C) //Wilson add, (09/01/2006)
+ sprintf(filePath, "/var/%s_LastError", session_path);
+ fp = fopen(filePath, "w+");
+ if(fp){
+ fprintf(fp, "ERROR_IDLE_DISCONNECT");
+ fclose(fp);
+ }
+#endif //endif SUPPORT_TR69C
} else {
TIMEOUT(check_idle, NULL, tlim);
}
return 1;
else
return 0;
- return 1;
}
else
return 0;
fclose(fd);
lan_state=1;
return 1;
+ }else if ((fd=fopen("/var/run/wlup", "r"))) { //Paul add, 8/22/2006 check wlan is enabled or not
+ fclose(fd);
+ lan_state=1;
+ return 1;
}
else {
lan_state=0;
lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ao = &lcp_allowoptions[0];
+ // Ported from 2.10.1---Jack Suen 06/02/2003 Let Null Password also to do Auth State
+ ao->neg_upap = !refuse_pap;
+ ao->neg_chap = !refuse_chap;
+ return;
+
ao->neg_upap = !refuse_pap && (passwd[0] != 0 || get_pap_passwd(NULL));
ao->neg_chap = !refuse_chap
&& (passwd[0] != 0
#ifdef USE_PAM
/* Static variables used to communicate between the conversation function
- * and the server_login function
+ * and the server_login function
*/
static char *PAM_username;
static char *PAM_password;
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = NULL;
break;
- default:
+ default:
/* Must be an error of some sort... */
free (reply);
PAM_error = 1;
return PAM_CONV_ERR;
}
}
- *resp = reply;
+ *resp = reply;
return PAM_SUCCESS;
}
* In either case, msg points to an appropriate message.
*/
-static int
-plogin(user, passwd, msg)
+static int plogin(user, passwd, msg)
char *user;
char *passwd;
char **msg;
/*
* Define the fields for the credential validation
*/
-
+
PAM_username = user;
PAM_password = passwd;
PAM_error = 0;
* Validate the user
*/
pam_error = pam_authenticate (pamh, PAM_SILENT);
- if (pam_error == PAM_SUCCESS && !PAM_error) {
+ if (pam_error == PAM_SUCCESS && !PAM_error) {
pam_error = pam_acct_mgmt (pamh, PAM_SILENT);
if (pam_error == PAM_SUCCESS)
pam_open_session (pamh, PAM_SILENT);
}
/* Apparently the pam stuff does closelog(). */
reopen_log();
-#else /* ! USE_PAM */
+#else /* ! USE_PAM */
char *tty;
tty = devnam;
if (f == NULL)
return 0;
- ret = scan_authfile(f, (explicit_remote? remote_name: NULL), our_name,
- NULL, &addrs, NULL, filename);
+ ret = scan_authfile(f, (explicit_remote? remote_name: NULL), our_name, NULL, &addrs, NULL, filename);
fclose(f);
if (ret >= 0 && !some_ip_ok(addrs)) {
if (lacks_ipp != 0)