chap.c

Revision 14, 23.7 kB (checked in by phil, 15 years ago)
added unmodified FreeRTOS package V5.4.1 with only web srv demo source for LPC2368 for CrossWorks?

Line
1	/* WARNING - THIS HAS NEVER BEEN FINISHED */
2	/*****************************************************************************
3	* chap.c - Network Challenge Handshake Authentication Protocol program file.
4	*
5	* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
6	* portions Copyright (c) 1997 by Global Election Systems Inc.
7	*
8	* The authors hereby grant permission to use, copy, modify, distribute,
9	* and license this software and its documentation for any purpose, provided
10	* that existing copyright notices are retained in all copies and that this
11	* notice and the following disclaimer are included verbatim in any
12	* distributions. No written agreement, license, or royalty fee is required
13	* for any of the authorized uses.
14	*
15	* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS AS IS AND ANY EXPRESS OR
16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18	* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25	*
26	******************************************************************************
27	* REVISION HISTORY
28	*
29	* 03-01-01 Marc Boucher <marc@mbsi.ca>
30	* Ported to lwIP.
31	* 97-12-04 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
32	* Original based on BSD chap.c.
33	*****************************************************************************/
34	/*
35	* chap.c - Challenge Handshake Authentication Protocol.
36	*
37	* Copyright (c) 1993 The Australian National University.
38	* All rights reserved.
39	*
40	* Redistribution and use in source and binary forms are permitted
41	* provided that the above copyright notice and this paragraph are
42	* duplicated in all such forms and that any documentation,
43	* advertising materials, and other materials related to such
44	* distribution and use acknowledge that the software was developed
45	* by the Australian National University. The name of the University
46	* may not be used to endorse or promote products derived from this
47	* software without specific prior written permission.
48	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
49	* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
50	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
51	*
52	* Copyright (c) 1991 Gregory M. Christy.
53	* All rights reserved.
54	*
55	* Redistribution and use in source and binary forms are permitted
56	* provided that the above copyright notice and this paragraph are
57	* duplicated in all such forms and that any documentation,
58	* advertising materials, and other materials related to such
59	* distribution and use acknowledge that the software was developed
60	* by Gregory M. Christy. The name of the author may not be used to
61	* endorse or promote products derived from this software without
62	* specific prior written permission.
63	*
64	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
65	* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
66	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
67	*/
68
69	#include "ppp.h"
70	#if PPP_SUPPORT > 0
71	#include "magic.h"
72
73	#if CHAP_SUPPORT > 0
74
75	#include "randm.h"
76	#include "auth.h"
77	#include "md5.h"
78	#include "chap.h"
79	#include "chpms.h"
80	#include "pppdebug.h"
81
82
83	/*************************/
84	/* LOCAL DEFINITIONS */
85	/*************************/
86
87
88	/************************/
89	/* LOCAL DATA TYPES */
90	/************************/
91
92
93	/***********************************/
94	/* LOCAL FUNCTION DECLARATIONS */
95	/***********************************/
96	/*
97	* Protocol entry points.
98	*/
99	static void ChapInit (int);
100	static void ChapLowerUp (int);
101	static void ChapLowerDown (int);
102	static void ChapInput (int, u_char *, int);
103	static void ChapProtocolReject (int);
104	static int ChapPrintPkt (u_char *, int,
105	void () (void , char , ...), void );
106
107	static void ChapChallengeTimeout (void *);
108	static void ChapResponseTimeout (void *);
109	static void ChapReceiveChallenge (chap_state , u_char , int, int);
110	static void ChapRechallenge (void *);
111	static void ChapReceiveResponse (chap_state , u_char , int, int);
112	static void ChapReceiveSuccess(chap_state cstate, u_char inp, u_char id, int len);
113	static void ChapReceiveFailure(chap_state cstate, u_char inp, u_char id, int len);
114	static void ChapSendStatus (chap_state *, int);
115	static void ChapSendChallenge (chap_state *);
116	static void ChapSendResponse (chap_state *);
117	static void ChapGenChallenge (chap_state *);
118
119
120	/******************************/
121	/* PUBLIC DATA STRUCTURES */
122	/******************************/
123	chap_state chap[NUM_PPP]; /* CHAP state; one for each unit */
124
125	struct protent chap_protent = {
126	PPP_CHAP,
127	ChapInit,
128	ChapInput,
129	ChapProtocolReject,
130	ChapLowerUp,
131	ChapLowerDown,
132	NULL,
133	NULL,
134	#if 0
135	ChapPrintPkt,
136	NULL,
137	#endif
138	1,
139	"CHAP",
140	#if 0
141	NULL,
142	NULL,
143	NULL
144	#endif
145	};
146
147
148
149	/*****************************/
150	/* LOCAL DATA STRUCTURES */
151	/*****************************/
152	static char *ChapCodenames[] = {
153	"Challenge", "Response", "Success", "Failure"
154	};
155
156
157
158	/***********************************/
159	/* PUBLIC FUNCTION DEFINITIONS */
160	/***********************************/
161	/*
162	* ChapAuthWithPeer - Authenticate us with our peer (start client).
163	*
164	*/
165	void ChapAuthWithPeer(int unit, char *our_name, int digest)
166	{
167	chap_state *cstate = &chap[unit];
168
169	cstate->resp_name = our_name;
170	cstate->resp_type = digest;
171
172	if (cstate->clientstate == CHAPCS_INITIAL \|\|
173	cstate->clientstate == CHAPCS_PENDING) {
174	/* lower layer isn't up - wait until later */
175	cstate->clientstate = CHAPCS_PENDING;
176	return;
177	}
178
179	/*
180	* We get here as a result of LCP coming up.
181	* So even if CHAP was open before, we will
182	* have to re-authenticate ourselves.
183	*/
184	cstate->clientstate = CHAPCS_LISTEN;
185	}
186
187
188	/*
189	* ChapAuthPeer - Authenticate our peer (start server).
190	*/
191	void ChapAuthPeer(int unit, char *our_name, int digest)
192	{
193	chap_state *cstate = &chap[unit];
194
195	cstate->chal_name = our_name;
196	cstate->chal_type = digest;
197
198	if (cstate->serverstate == CHAPSS_INITIAL \|\|
199	cstate->serverstate == CHAPSS_PENDING) {
200	/* lower layer isn't up - wait until later */
201	cstate->serverstate = CHAPSS_PENDING;
202	return;
203	}
204
205	ChapGenChallenge(cstate);
206	ChapSendChallenge(cstate); /* crank it up dude! */
207	cstate->serverstate = CHAPSS_INITIAL_CHAL;
208	}
209
210
211
212
213	/**********************************/
214	/* LOCAL FUNCTION DEFINITIONS */
215	/**********************************/
216	/*
217	* ChapInit - Initialize a CHAP unit.
218	*/
219	static void ChapInit(int unit)
220	{
221	chap_state *cstate = &chap[unit];
222
223	BZERO(cstate, sizeof(*cstate));
224	cstate->unit = unit;
225	cstate->clientstate = CHAPCS_INITIAL;
226	cstate->serverstate = CHAPSS_INITIAL;
227	cstate->timeouttime = CHAP_DEFTIMEOUT;
228	cstate->max_transmits = CHAP_DEFTRANSMITS;
229	/* random number generator is initialized in magic_init */
230	}
231
232
233	/*
234	* ChapChallengeTimeout - Timeout expired on sending challenge.
235	*/
236	static void ChapChallengeTimeout(void *arg)
237	{
238	chap_state cstate = (chap_state ) arg;
239
240	/* if we aren't sending challenges, don't worry. then again we */
241	/* probably shouldn't be here either */
242	if (cstate->serverstate != CHAPSS_INITIAL_CHAL &&
243	cstate->serverstate != CHAPSS_RECHALLENGE)
244	return;
245
246	if (cstate->chal_transmits >= cstate->max_transmits) {
247	/* give up on peer */
248	CHAPDEBUG((LOG_ERR, "Peer failed to respond to CHAP challenge\n"));
249	cstate->serverstate = CHAPSS_BADAUTH;
250	auth_peer_fail(cstate->unit, PPP_CHAP);
251	return;
252	}
253
254	ChapSendChallenge(cstate); /* Re-send challenge */
255	}
256
257
258	/*
259	* ChapResponseTimeout - Timeout expired on sending response.
260	*/
261	static void ChapResponseTimeout(void *arg)
262	{
263	chap_state cstate = (chap_state ) arg;
264
265	/* if we aren't sending a response, don't worry. */
266	if (cstate->clientstate != CHAPCS_RESPONSE)
267	return;
268
269	ChapSendResponse(cstate); /* re-send response */
270	}
271
272
273	/*
274	* ChapRechallenge - Time to challenge the peer again.
275	*/
276	static void ChapRechallenge(void *arg)
277	{
278	chap_state cstate = (chap_state ) arg;
279
280	/* if we aren't sending a response, don't worry. */
281	if (cstate->serverstate != CHAPSS_OPEN)
282	return;
283
284	ChapGenChallenge(cstate);
285	ChapSendChallenge(cstate);
286	cstate->serverstate = CHAPSS_RECHALLENGE;
287	}
288
289
290	/*
291	* ChapLowerUp - The lower layer is up.
292	*
293	* Start up if we have pending requests.
294	*/
295	static void ChapLowerUp(int unit)
296	{
297	chap_state *cstate = &chap[unit];
298
299	if (cstate->clientstate == CHAPCS_INITIAL)
300	cstate->clientstate = CHAPCS_CLOSED;
301	else if (cstate->clientstate == CHAPCS_PENDING)
302	cstate->clientstate = CHAPCS_LISTEN;
303
304	if (cstate->serverstate == CHAPSS_INITIAL)
305	cstate->serverstate = CHAPSS_CLOSED;
306	else if (cstate->serverstate == CHAPSS_PENDING) {
307	ChapGenChallenge(cstate);
308	ChapSendChallenge(cstate);
309	cstate->serverstate = CHAPSS_INITIAL_CHAL;
310	}
311	}
312
313
314	/*
315	* ChapLowerDown - The lower layer is down.
316	*
317	* Cancel all timeouts.
318	*/
319	static void ChapLowerDown(int unit)
320	{
321	chap_state *cstate = &chap[unit];
322
323	/* Timeout(s) pending? Cancel if so. */
324	if (cstate->serverstate == CHAPSS_INITIAL_CHAL \|\|
325	cstate->serverstate == CHAPSS_RECHALLENGE)
326	UNTIMEOUT(ChapChallengeTimeout, cstate);
327	else if (cstate->serverstate == CHAPSS_OPEN
328	&& cstate->chal_interval != 0)
329	UNTIMEOUT(ChapRechallenge, cstate);
330	if (cstate->clientstate == CHAPCS_RESPONSE)
331	UNTIMEOUT(ChapResponseTimeout, cstate);
332
333	cstate->clientstate = CHAPCS_INITIAL;
334	cstate->serverstate = CHAPSS_INITIAL;
335	}
336
337
338	/*
339	* ChapProtocolReject - Peer doesn't grok CHAP.
340	*/
341	static void ChapProtocolReject(int unit)
342	{
343	chap_state *cstate = &chap[unit];
344
345	if (cstate->serverstate != CHAPSS_INITIAL &&
346	cstate->serverstate != CHAPSS_CLOSED)
347	auth_peer_fail(unit, PPP_CHAP);
348	if (cstate->clientstate != CHAPCS_INITIAL &&
349	cstate->clientstate != CHAPCS_CLOSED)
350	auth_withpeer_fail(unit, PPP_CHAP);
351	ChapLowerDown(unit); /* shutdown chap */
352	}
353
354
355	/*
356	* ChapInput - Input CHAP packet.
357	*/
358	static void ChapInput(int unit, u_char *inpacket, int packet_len)
359	{
360	chap_state *cstate = &chap[unit];
361	u_char *inp;
362	u_char code, id;
363	int len;
364
365	/*
366	* Parse header (code, id and length).
367	* If packet too short, drop it.
368	*/
369	inp = inpacket;
370	if (packet_len < CHAP_HEADERLEN) {
371	CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short header.\n"));
372	return;
373	}
374	GETCHAR(code, inp);
375	GETCHAR(id, inp);
376	GETSHORT(len, inp);
377	if (len < CHAP_HEADERLEN) {
378	CHAPDEBUG((LOG_INFO, "ChapInput: rcvd illegal length.\n"));
379	return;
380	}
381	if (len > packet_len) {
382	CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short packet.\n"));
383	return;
384	}
385	len -= CHAP_HEADERLEN;
386
387	/*
388	* Action depends on code (as in fact it usually does :-).
389	*/
390	switch (code) {
391	case CHAP_CHALLENGE:
392	ChapReceiveChallenge(cstate, inp, id, len);
393	break;
394
395	case CHAP_RESPONSE:
396	ChapReceiveResponse(cstate, inp, id, len);
397	break;
398
399	case CHAP_FAILURE:
400	ChapReceiveFailure(cstate, inp, id, len);
401	break;
402
403	case CHAP_SUCCESS:
404	ChapReceiveSuccess(cstate, inp, id, len);
405	break;
406
407	default: /* Need code reject? */
408	CHAPDEBUG((LOG_WARNING, "Unknown CHAP code (%d) received.\n", code));
409	break;
410	}
411	}
412
413
414	/*
415	* ChapReceiveChallenge - Receive Challenge and send Response.
416	*/
417	static void ChapReceiveChallenge(chap_state cstate, u_char inp, int id, int len)
418	{
419	int rchallenge_len;
420	u_char *rchallenge;
421	int secret_len;
422	char secret[MAXSECRETLEN];
423	char rhostname[256];
424	MD5_CTX mdContext;
425	u_char hash[MD5_SIGNATURE_SIZE];
426
427	CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.\n", id));
428	if (cstate->clientstate == CHAPCS_CLOSED \|\|
429	cstate->clientstate == CHAPCS_PENDING) {
430	CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: in state %d\n",
431	cstate->clientstate));
432	return;
433	}
434
435	if (len < 2) {
436	CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet.\n"));
437	return;
438	}
439
440	GETCHAR(rchallenge_len, inp);
441	len -= sizeof (u_char) + rchallenge_len; /* now name field length */
442	if (len < 0) {
443	CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet.\n"));
444	return;
445	}
446	rchallenge = inp;
447	INCPTR(rchallenge_len, inp);
448
449	if (len >= sizeof(rhostname))
450	len = sizeof(rhostname) - 1;
451	BCOPY(inp, rhostname, len);
452	rhostname[len] = '\000';
453
454	CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: received name field '%s'\n",
455	rhostname));
456
457	/* Microsoft doesn't send their name back in the PPP packet */
458	if (ppp_settings.remote_name[0] != 0 && (ppp_settings.explicit_remote \|\| rhostname[0] == 0)) {
459	strncpy(rhostname, ppp_settings.remote_name, sizeof(rhostname));
460	rhostname[sizeof(rhostname) - 1] = 0;
461	CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: using '%s' as remote name\n",
462	rhostname));
463	}
464
465	/* get secret for authenticating ourselves with the specified host */
466	if (!get_secret(cstate->unit, cstate->resp_name, rhostname,
467	secret, &secret_len, 0)) {
468	secret_len = 0; /* assume null secret if can't find one */
469	CHAPDEBUG((LOG_WARNING, "No CHAP secret found for authenticating us to %s\n", rhostname));
470	}
471
472	/* cancel response send timeout if necessary */
473	if (cstate->clientstate == CHAPCS_RESPONSE)
474	UNTIMEOUT(ChapResponseTimeout, cstate);
475
476	cstate->resp_id = id;
477	cstate->resp_transmits = 0;
478
479	/* generate MD based on negotiated type */
480	switch (cstate->resp_type) {
481
482	case CHAP_DIGEST_MD5:
483	MD5Init(&mdContext);
484	MD5Update(&mdContext, &cstate->resp_id, 1);
485	MD5Update(&mdContext, (u_char*)secret, secret_len);
486	MD5Update(&mdContext, rchallenge, rchallenge_len);
487	MD5Final(hash, &mdContext);
488	BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE);
489	cstate->resp_length = MD5_SIGNATURE_SIZE;
490	break;
491
492	#ifdef CHAPMS
493	case CHAP_MICROSOFT:
494	ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len);
495	break;
496	#endif
497
498	default:
499	CHAPDEBUG((LOG_INFO, "unknown digest type %d\n", cstate->resp_type));
500	return;
501	}
502
503	BZERO(secret, sizeof(secret));
504	ChapSendResponse(cstate);
505	}
506
507
508	/*
509	* ChapReceiveResponse - Receive and process response.
510	*/
511	static void ChapReceiveResponse(chap_state cstate, u_char inp, int id, int len)
512	{
513	u_char *remmd, remmd_len;
514	int secret_len, old_state;
515	int code;
516	char rhostname[256];
517	MD5_CTX mdContext;
518	char secret[MAXSECRETLEN];
519	u_char hash[MD5_SIGNATURE_SIZE];
520
521	CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.\n", id));
522
523	if (cstate->serverstate == CHAPSS_CLOSED \|\|
524	cstate->serverstate == CHAPSS_PENDING) {
525	CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: in state %d\n",
526	cstate->serverstate));
527	return;
528	}
529
530	if (id != cstate->chal_id)
531	return; /* doesn't match ID of last challenge */
532
533	/*
534	* If we have received a duplicate or bogus Response,
535	* we have to send the same answer (Success/Failure)
536	* as we did for the first Response we saw.
537	*/
538	if (cstate->serverstate == CHAPSS_OPEN) {
539	ChapSendStatus(cstate, CHAP_SUCCESS);
540	return;
541	}
542	if (cstate->serverstate == CHAPSS_BADAUTH) {
543	ChapSendStatus(cstate, CHAP_FAILURE);
544	return;
545	}
546
547	if (len < 2) {
548	CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet.\n"));
549	return;
550	}
551	GETCHAR(remmd_len, inp); /* get length of MD */
552	remmd = inp; /* get pointer to MD */
553	INCPTR(remmd_len, inp);
554
555	len -= sizeof (u_char) + remmd_len;
556	if (len < 0) {
557	CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet.\n"));
558	return;
559	}
560
561	UNTIMEOUT(ChapChallengeTimeout, cstate);
562
563	if (len >= sizeof(rhostname))
564	len = sizeof(rhostname) - 1;
565	BCOPY(inp, rhostname, len);
566	rhostname[len] = '\000';
567
568	CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: received name field: %s\n",
569	rhostname));
570
571	/*
572	* Get secret for authenticating them with us,
573	* do the hash ourselves, and compare the result.
574	*/
575	code = CHAP_FAILURE;
576	if (!get_secret(cstate->unit, rhostname, cstate->chal_name,
577	secret, &secret_len, 1)) {
578	/* CHAPDEBUG((LOG_WARNING, TL_CHAP, "No CHAP secret found for authenticating %s\n", rhostname)); */
579	CHAPDEBUG((LOG_WARNING, "No CHAP secret found for authenticating %s\n",
580	rhostname));
581	} else {
582
583	/* generate MD based on negotiated type */
584	switch (cstate->chal_type) {
585
586	case CHAP_DIGEST_MD5: /* only MD5 is defined for now */
587	if (remmd_len != MD5_SIGNATURE_SIZE)
588	break; /* it's not even the right length */
589	MD5Init(&mdContext);
590	MD5Update(&mdContext, &cstate->chal_id, 1);
591	MD5Update(&mdContext, (u_char*)secret, secret_len);
592	MD5Update(&mdContext, cstate->challenge, cstate->chal_len);
593	MD5Final(hash, &mdContext);
594
595	/* compare local and remote MDs and send the appropriate status */
596	if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0)
597	code = CHAP_SUCCESS; /* they are the same! */
598	break;
599
600	default:
601	CHAPDEBUG((LOG_INFO, "unknown digest type %d\n", cstate->chal_type));
602	}
603	}
604
605	BZERO(secret, sizeof(secret));
606	ChapSendStatus(cstate, code);
607
608	if (code == CHAP_SUCCESS) {
609	old_state = cstate->serverstate;
610	cstate->serverstate = CHAPSS_OPEN;
611	if (old_state == CHAPSS_INITIAL_CHAL) {
612	auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len);
613	}
614	if (cstate->chal_interval != 0)
615	TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval);
616	} else {
617	CHAPDEBUG((LOG_ERR, "CHAP peer authentication failed\n"));
618	cstate->serverstate = CHAPSS_BADAUTH;
619	auth_peer_fail(cstate->unit, PPP_CHAP);
620	}
621	}
622
623	/*
624	* ChapReceiveSuccess - Receive Success
625	*/
626	static void ChapReceiveSuccess(chap_state cstate, u_char inp, u_char id, int len)
627	{
628
629	CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: Rcvd id %d.\n", id));
630
631	if (cstate->clientstate == CHAPCS_OPEN)
632	/* presumably an answer to a duplicate response */
633	return;
634
635	if (cstate->clientstate != CHAPCS_RESPONSE) {
636	/* don't know what this is */
637	CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: in state %d\n",
638	cstate->clientstate));
639	return;
640	}
641
642	UNTIMEOUT(ChapResponseTimeout, cstate);
643
644	/*
645	* Print message.
646	*/
647	if (len > 0)
648	PRINTMSG(inp, len);
649
650	cstate->clientstate = CHAPCS_OPEN;
651
652	auth_withpeer_success(cstate->unit, PPP_CHAP);
653	}
654
655
656	/*
657	* ChapReceiveFailure - Receive failure.
658	*/
659	static void ChapReceiveFailure(chap_state cstate, u_char inp, u_char id, int len)
660	{
661	CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: Rcvd id %d.\n", id));
662
663	if (cstate->clientstate != CHAPCS_RESPONSE) {
664	/* don't know what this is */
665	CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: in state %d\n",
666	cstate->clientstate));
667	return;
668	}
669
670	UNTIMEOUT(ChapResponseTimeout, cstate);
671
672	/*
673	* Print message.
674	*/
675	if (len > 0)
676	PRINTMSG(inp, len);
677
678	CHAPDEBUG((LOG_ERR, "CHAP authentication failed\n"));
679	auth_withpeer_fail(cstate->unit, PPP_CHAP);
680	}
681
682
683	/*
684	* ChapSendChallenge - Send an Authenticate challenge.
685	*/
686	static void ChapSendChallenge(chap_state *cstate)
687	{
688	u_char *outp;
689	int chal_len, name_len;
690	int outlen;
691
692	chal_len = cstate->chal_len;
693	name_len = strlen(cstate->chal_name);
694	outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len;
695	outp = outpacket_buf[cstate->unit];
696
697	MAKEHEADER(outp, PPP_CHAP); /* paste in a CHAP header */
698
699	PUTCHAR(CHAP_CHALLENGE, outp);
700	PUTCHAR(cstate->chal_id, outp);
701	PUTSHORT(outlen, outp);
702
703	PUTCHAR(chal_len, outp); /* put length of challenge */
704	BCOPY(cstate->challenge, outp, chal_len);
705	INCPTR(chal_len, outp);
706
707	BCOPY(cstate->chal_name, outp, name_len); /* append hostname */
708
709	pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
710
711	CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.\n", cstate->chal_id));
712
713	TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime);
714	++cstate->chal_transmits;
715	}
716
717
718	/*
719	* ChapSendStatus - Send a status response (ack or nak).
720	*/
721	static void ChapSendStatus(chap_state *cstate, int code)
722	{
723	u_char *outp;
724	int outlen, msglen;
725	char msg[256];
726
727	if (code == CHAP_SUCCESS)
728	strcpy(msg, "Welcome!");
729	else
730	strcpy(msg, "I don't like you. Go 'way.");
731	msglen = strlen(msg);
732
733	outlen = CHAP_HEADERLEN + msglen;
734	outp = outpacket_buf[cstate->unit];
735
736	MAKEHEADER(outp, PPP_CHAP); /* paste in a header */
737
738	PUTCHAR(code, outp);
739	PUTCHAR(cstate->chal_id, outp);
740	PUTSHORT(outlen, outp);
741	BCOPY(msg, outp, msglen);
742	pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
743
744	CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.\n", code,
745	cstate->chal_id));
746	}
747
748	/*
749	* ChapGenChallenge is used to generate a pseudo-random challenge string of
750	* a pseudo-random length between min_len and max_len. The challenge
751	* string and its length are stored in *cstate, and various other fields of
752	* *cstate are initialized.
753	*/
754
755	static void ChapGenChallenge(chap_state *cstate)
756	{
757	int chal_len;
758	u_char *ptr = cstate->challenge;
759	int i;
760
761	/* pick a random challenge length between MIN_CHALLENGE_LENGTH and
762	MAX_CHALLENGE_LENGTH */
763	chal_len = (unsigned)
764	((((magic() >> 16) *
765	(MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) >> 16)
766	+ MIN_CHALLENGE_LENGTH);
767	cstate->chal_len = chal_len;
768	cstate->chal_id = ++cstate->id;
769	cstate->chal_transmits = 0;
770
771	/* generate a random string */
772	for (i = 0; i < chal_len; i++ )
773	*ptr++ = (char) (magic() & 0xff);
774	}
775
776	/*
777	* ChapSendResponse - send a response packet with values as specified
778	* in *cstate.
779	*/
780	/* ARGSUSED */
781	static void ChapSendResponse(chap_state *cstate)
782	{
783	u_char *outp;
784	int outlen, md_len, name_len;
785
786	md_len = cstate->resp_length;
787	name_len = strlen(cstate->resp_name);
788	outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len;
789	outp = outpacket_buf[cstate->unit];
790
791	MAKEHEADER(outp, PPP_CHAP);
792
793	PUTCHAR(CHAP_RESPONSE, outp); /* we are a response */
794	PUTCHAR(cstate->resp_id, outp); /* copy id from challenge packet */
795	PUTSHORT(outlen, outp); /* packet length */
796
797	PUTCHAR(md_len, outp); /* length of MD */
798	BCOPY(cstate->response, outp, md_len); /* copy MD to buffer */
799	INCPTR(md_len, outp);
800
801	BCOPY(cstate->resp_name, outp, name_len); /* append our name */
802
803	/* send the packet */
804	pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
805
806	cstate->clientstate = CHAPCS_RESPONSE;
807	TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime);
808	++cstate->resp_transmits;
809	}
810
811	/*
812	* ChapPrintPkt - print the contents of a CHAP packet.
813	*/
814	static int ChapPrintPkt(
815	u_char *p,
816	int plen,
817	void (printer) (void , char *, ...),
818	void *arg
819	)
820	{
821	int code, id, len;
822	int clen, nlen;
823	u_char x;
824
825	if (plen < CHAP_HEADERLEN)
826	return 0;
827	GETCHAR(code, p);
828	GETCHAR(id, p);
829	GETSHORT(len, p);
830	if (len < CHAP_HEADERLEN \|\| len > plen)
831	return 0;
832
833	if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *))
834	printer(arg, " %s", ChapCodenames[code-1]);
835	else
836	printer(arg, " code=0x%x", code);
837	printer(arg, " id=0x%x", id);
838	len -= CHAP_HEADERLEN;
839	switch (code) {
840	case CHAP_CHALLENGE:
841	case CHAP_RESPONSE:
842	if (len < 1)
843	break;
844	clen = p[0];
845	if (len < clen + 1)
846	break;
847	++p;
848	nlen = len - clen - 1;
849	printer(arg, " <");
850	for (; clen > 0; --clen) {
851	GETCHAR(x, p);
852	printer(arg, "%.2x", x);
853	}
854	printer(arg, ">, name = %.*Z", nlen, p);
855	break;
856	case CHAP_FAILURE:
857	case CHAP_SUCCESS:
858	printer(arg, " %.*Z", len, p);
859	break;
860	default:
861	for (clen = len; clen > 0; --clen) {
862	GETCHAR(x, p);
863	printer(arg, " %.2x", x);
864	}
865	}
866
867	return len + CHAP_HEADERLEN;
868	}
869
870	#endif
871
872	#endif /* PPP_SUPPORT */

Note: See TracBrowser for help on using the browser.

root/webserver/example/freeRTOS/Demo/Common/ethernet/lwIP/netif/ppp/chap.c

Download in other formats: