root/webserver/example/freeRTOSexample/EnergyMeters/Common/ethernet/lwIP/netif/ppp/chap.c

Revision 14, 23.7 kB (checked in by phil, 15 years ago)

added unmodified FreeRTOS package V5.4.1 with only web srv demo source for LPC2368 for CrossWorks?

Line 
1 /*** WARNING - THIS HAS NEVER BEEN FINISHED ***/
2 /*****************************************************************************
3 * chap.c - Network Challenge Handshake Authentication Protocol program file.
4 *
5 * Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
6 * portions Copyright (c) 1997 by Global Election Systems Inc.
7 *
8 * The authors hereby grant permission to use, copy, modify, distribute,
9 * and license this software and its documentation for any purpose, provided
10 * that existing copyright notices are retained in all copies and that this
11 * notice and the following disclaimer are included verbatim in any
12 * distributions. No written agreement, license, or royalty fee is required
13 * for any of the authorized uses.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 *
26 ******************************************************************************
27 * REVISION HISTORY
28 *
29 * 03-01-01 Marc Boucher <marc@mbsi.ca>
30 *   Ported to lwIP.
31 * 97-12-04 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
32 *       Original based on BSD chap.c.
33 *****************************************************************************/
34 /*
35  * chap.c - Challenge Handshake Authentication Protocol.
36  *
37  * Copyright (c) 1993 The Australian National University.
38  * All rights reserved.
39  *
40  * Redistribution and use in source and binary forms are permitted
41  * provided that the above copyright notice and this paragraph are
42  * duplicated in all such forms and that any documentation,
43  * advertising materials, and other materials related to such
44  * distribution and use acknowledge that the software was developed
45  * by the Australian National University.  The name of the University
46  * may not be used to endorse or promote products derived from this
47  * software without specific prior written permission.
48  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
49  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
50  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
51  *
52  * Copyright (c) 1991 Gregory M. Christy.
53  * All rights reserved.
54  *
55  * Redistribution and use in source and binary forms are permitted
56  * provided that the above copyright notice and this paragraph are
57  * duplicated in all such forms and that any documentation,
58  * advertising materials, and other materials related to such
59  * distribution and use acknowledge that the software was developed
60  * by Gregory M. Christy.  The name of the author may not be used to
61  * endorse or promote products derived from this software without
62  * specific prior written permission.
63  *
64  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
65  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
66  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
67  */
68
69 #include "ppp.h"
70 #if PPP_SUPPORT > 0
71 #include "magic.h"
72
73 #if CHAP_SUPPORT > 0
74
75 #include "randm.h"
76 #include "auth.h"
77 #include "md5.h"
78 #include "chap.h"
79 #include "chpms.h"
80 #include "pppdebug.h"
81
82
83 /*************************/
84 /*** LOCAL DEFINITIONS ***/
85 /*************************/
86
87
88 /************************/
89 /*** LOCAL DATA TYPES ***/
90 /************************/
91
92
93 /***********************************/
94 /*** LOCAL FUNCTION DECLARATIONS ***/
95 /***********************************/
96 /*
97  * Protocol entry points.
98  */
99 static void ChapInit (int);
100 static void ChapLowerUp (int);
101 static void ChapLowerDown (int);
102 static void ChapInput (int, u_char *, int);
103 static void ChapProtocolReject (int);
104 static int  ChapPrintPkt (u_char *, int,
105                               void (*) (void *, char *, ...), void *);
106
107 static void ChapChallengeTimeout (void *);
108 static void ChapResponseTimeout (void *);
109 static void ChapReceiveChallenge (chap_state *, u_char *, int, int);
110 static void ChapRechallenge (void *);
111 static void ChapReceiveResponse (chap_state *, u_char *, int, int);
112 static void ChapReceiveSuccess(chap_state *cstate, u_char *inp, u_char id, int len);
113 static void ChapReceiveFailure(chap_state *cstate, u_char *inp, u_char id, int len);
114 static void ChapSendStatus (chap_state *, int);
115 static void ChapSendChallenge (chap_state *);
116 static void ChapSendResponse (chap_state *);
117 static void ChapGenChallenge (chap_state *);
118
119
120 /******************************/
121 /*** PUBLIC DATA STRUCTURES ***/
122 /******************************/
123 chap_state chap[NUM_PPP];               /* CHAP state; one for each unit */
124
125 struct protent chap_protent = {
126     PPP_CHAP,
127     ChapInit,
128     ChapInput,
129     ChapProtocolReject,
130     ChapLowerUp,
131     ChapLowerDown,
132     NULL,
133     NULL,
134 #if 0
135     ChapPrintPkt,
136     NULL,
137 #endif
138     1,
139     "CHAP",
140 #if 0
141     NULL,
142     NULL,
143     NULL
144 #endif
145 };
146
147
148
149 /*****************************/
150 /*** LOCAL DATA STRUCTURES ***/
151 /*****************************/
152 static char *ChapCodenames[] = {
153         "Challenge", "Response", "Success", "Failure"
154 };
155
156
157
158 /***********************************/
159 /*** PUBLIC FUNCTION DEFINITIONS ***/
160 /***********************************/
161 /*
162  * ChapAuthWithPeer - Authenticate us with our peer (start client).
163  *
164  */
165 void ChapAuthWithPeer(int unit, char *our_name, int digest)
166 {
167         chap_state *cstate = &chap[unit];
168        
169         cstate->resp_name = our_name;
170         cstate->resp_type = digest;
171        
172         if (cstate->clientstate == CHAPCS_INITIAL ||
173                         cstate->clientstate == CHAPCS_PENDING) {
174                 /* lower layer isn't up - wait until later */
175                 cstate->clientstate = CHAPCS_PENDING;
176                 return;
177         }
178        
179         /*
180          * We get here as a result of LCP coming up.
181          * So even if CHAP was open before, we will
182          * have to re-authenticate ourselves.
183          */
184         cstate->clientstate = CHAPCS_LISTEN;
185 }
186
187
188 /*
189  * ChapAuthPeer - Authenticate our peer (start server).
190  */
191 void ChapAuthPeer(int unit, char *our_name, int digest)
192 {
193         chap_state *cstate = &chap[unit];
194        
195         cstate->chal_name = our_name;
196         cstate->chal_type = digest;
197        
198         if (cstate->serverstate == CHAPSS_INITIAL ||
199                         cstate->serverstate == CHAPSS_PENDING) {
200                 /* lower layer isn't up - wait until later */
201                 cstate->serverstate = CHAPSS_PENDING;
202                 return;
203         }
204        
205         ChapGenChallenge(cstate);
206         ChapSendChallenge(cstate);              /* crank it up dude! */
207         cstate->serverstate = CHAPSS_INITIAL_CHAL;
208 }
209
210
211
212
213 /**********************************/
214 /*** LOCAL FUNCTION DEFINITIONS ***/
215 /**********************************/
216 /*
217  * ChapInit - Initialize a CHAP unit.
218  */
219 static void ChapInit(int unit)
220 {
221         chap_state *cstate = &chap[unit];
222        
223         BZERO(cstate, sizeof(*cstate));
224         cstate->unit = unit;
225         cstate->clientstate = CHAPCS_INITIAL;
226         cstate->serverstate = CHAPSS_INITIAL;
227         cstate->timeouttime = CHAP_DEFTIMEOUT;
228         cstate->max_transmits = CHAP_DEFTRANSMITS;
229         /* random number generator is initialized in magic_init */
230 }
231
232
233 /*
234  * ChapChallengeTimeout - Timeout expired on sending challenge.
235  */
236 static void ChapChallengeTimeout(void *arg)
237 {
238         chap_state *cstate = (chap_state *) arg;
239        
240         /* if we aren't sending challenges, don't worry.  then again we */
241         /* probably shouldn't be here either */
242         if (cstate->serverstate != CHAPSS_INITIAL_CHAL &&
243                         cstate->serverstate != CHAPSS_RECHALLENGE)
244                 return;
245        
246         if (cstate->chal_transmits >= cstate->max_transmits) {
247                 /* give up on peer */
248                 CHAPDEBUG((LOG_ERR, "Peer failed to respond to CHAP challenge\n"));
249                 cstate->serverstate = CHAPSS_BADAUTH;
250                 auth_peer_fail(cstate->unit, PPP_CHAP);
251                 return;
252         }
253        
254         ChapSendChallenge(cstate);              /* Re-send challenge */
255 }
256
257
258 /*
259  * ChapResponseTimeout - Timeout expired on sending response.
260  */
261 static void ChapResponseTimeout(void *arg)
262 {
263         chap_state *cstate = (chap_state *) arg;
264        
265         /* if we aren't sending a response, don't worry. */
266         if (cstate->clientstate != CHAPCS_RESPONSE)
267                 return;
268        
269         ChapSendResponse(cstate);               /* re-send response */
270 }
271
272
273 /*
274  * ChapRechallenge - Time to challenge the peer again.
275  */
276 static void ChapRechallenge(void *arg)
277 {
278         chap_state *cstate = (chap_state *) arg;
279        
280         /* if we aren't sending a response, don't worry. */
281         if (cstate->serverstate != CHAPSS_OPEN)
282                 return;
283        
284         ChapGenChallenge(cstate);
285         ChapSendChallenge(cstate);
286         cstate->serverstate = CHAPSS_RECHALLENGE;
287 }
288
289
290 /*
291  * ChapLowerUp - The lower layer is up.
292  *
293  * Start up if we have pending requests.
294  */
295 static void ChapLowerUp(int unit)
296 {
297         chap_state *cstate = &chap[unit];
298        
299         if (cstate->clientstate == CHAPCS_INITIAL)
300                 cstate->clientstate = CHAPCS_CLOSED;
301         else if (cstate->clientstate == CHAPCS_PENDING)
302                 cstate->clientstate = CHAPCS_LISTEN;
303        
304         if (cstate->serverstate == CHAPSS_INITIAL)
305                 cstate->serverstate = CHAPSS_CLOSED;
306         else if (cstate->serverstate == CHAPSS_PENDING) {
307                 ChapGenChallenge(cstate);
308                 ChapSendChallenge(cstate);
309                 cstate->serverstate = CHAPSS_INITIAL_CHAL;
310         }
311 }
312
313
314 /*
315  * ChapLowerDown - The lower layer is down.
316  *
317  * Cancel all timeouts.
318  */
319 static void ChapLowerDown(int unit)
320 {
321         chap_state *cstate = &chap[unit];
322        
323         /* Timeout(s) pending?  Cancel if so. */
324         if (cstate->serverstate == CHAPSS_INITIAL_CHAL ||
325                         cstate->serverstate == CHAPSS_RECHALLENGE)
326                 UNTIMEOUT(ChapChallengeTimeout, cstate);
327         else if (cstate->serverstate == CHAPSS_OPEN
328                         && cstate->chal_interval != 0)
329                 UNTIMEOUT(ChapRechallenge, cstate);
330         if (cstate->clientstate == CHAPCS_RESPONSE)
331                 UNTIMEOUT(ChapResponseTimeout, cstate);
332        
333         cstate->clientstate = CHAPCS_INITIAL;
334         cstate->serverstate = CHAPSS_INITIAL;
335 }
336
337
338 /*
339  * ChapProtocolReject - Peer doesn't grok CHAP.
340  */
341 static void ChapProtocolReject(int unit)
342 {
343         chap_state *cstate = &chap[unit];
344        
345         if (cstate->serverstate != CHAPSS_INITIAL &&
346                         cstate->serverstate != CHAPSS_CLOSED)
347                 auth_peer_fail(unit, PPP_CHAP);
348         if (cstate->clientstate != CHAPCS_INITIAL &&
349                         cstate->clientstate != CHAPCS_CLOSED)
350                 auth_withpeer_fail(unit, PPP_CHAP);
351         ChapLowerDown(unit);            /* shutdown chap */
352 }
353
354
355 /*
356  * ChapInput - Input CHAP packet.
357  */
358 static void ChapInput(int unit, u_char *inpacket, int packet_len)
359 {
360         chap_state *cstate = &chap[unit];
361         u_char *inp;
362         u_char code, id;
363         int len;
364        
365         /*
366          * Parse header (code, id and length).
367          * If packet too short, drop it.
368          */
369         inp = inpacket;
370         if (packet_len < CHAP_HEADERLEN) {
371                 CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short header.\n"));
372                 return;
373         }
374         GETCHAR(code, inp);
375         GETCHAR(id, inp);
376         GETSHORT(len, inp);
377         if (len < CHAP_HEADERLEN) {
378                 CHAPDEBUG((LOG_INFO, "ChapInput: rcvd illegal length.\n"));
379                 return;
380         }
381         if (len > packet_len) {
382                 CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short packet.\n"));
383                 return;
384         }
385         len -= CHAP_HEADERLEN;
386        
387         /*
388          * Action depends on code (as in fact it usually does :-).
389          */
390         switch (code) {
391         case CHAP_CHALLENGE:
392                 ChapReceiveChallenge(cstate, inp, id, len);
393                 break;
394        
395         case CHAP_RESPONSE:
396                 ChapReceiveResponse(cstate, inp, id, len);
397                 break;
398        
399         case CHAP_FAILURE:
400                 ChapReceiveFailure(cstate, inp, id, len);
401                 break;
402        
403         case CHAP_SUCCESS:
404                 ChapReceiveSuccess(cstate, inp, id, len);
405                 break;
406        
407         default:                                /* Need code reject? */
408                 CHAPDEBUG((LOG_WARNING, "Unknown CHAP code (%d) received.\n", code));
409                 break;
410         }
411 }
412
413
414 /*
415  * ChapReceiveChallenge - Receive Challenge and send Response.
416  */
417 static void ChapReceiveChallenge(chap_state *cstate, u_char *inp, int id, int len)
418 {
419         int rchallenge_len;
420         u_char *rchallenge;
421         int secret_len;
422         char secret[MAXSECRETLEN];
423         char rhostname[256];
424         MD5_CTX mdContext;
425         u_char hash[MD5_SIGNATURE_SIZE];
426        
427         CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.\n", id));
428         if (cstate->clientstate == CHAPCS_CLOSED ||
429                 cstate->clientstate == CHAPCS_PENDING) {
430                 CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: in state %d\n",
431                            cstate->clientstate));
432                 return;
433         }
434        
435         if (len < 2) {
436                 CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet.\n"));
437                 return;
438         }
439        
440         GETCHAR(rchallenge_len, inp);
441         len -= sizeof (u_char) + rchallenge_len;        /* now name field length */
442         if (len < 0) {
443                 CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet.\n"));
444                 return;
445         }
446         rchallenge = inp;
447         INCPTR(rchallenge_len, inp);
448        
449         if (len >= sizeof(rhostname))
450                 len = sizeof(rhostname) - 1;
451         BCOPY(inp, rhostname, len);
452         rhostname[len] = '\000';
453        
454         CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: received name field '%s'\n",
455                rhostname));
456        
457         /* Microsoft doesn't send their name back in the PPP packet */
458         if (ppp_settings.remote_name[0] != 0 && (ppp_settings.explicit_remote || rhostname[0] == 0)) {
459                 strncpy(rhostname, ppp_settings.remote_name, sizeof(rhostname));
460                 rhostname[sizeof(rhostname) - 1] = 0;
461                 CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: using '%s' as remote name\n",
462                            rhostname));
463         }
464        
465         /* get secret for authenticating ourselves with the specified host */
466         if (!get_secret(cstate->unit, cstate->resp_name, rhostname,
467                             secret, &secret_len, 0)) {
468                 secret_len = 0;         /* assume null secret if can't find one */
469                 CHAPDEBUG((LOG_WARNING, "No CHAP secret found for authenticating us to %s\n", rhostname));
470         }
471        
472         /* cancel response send timeout if necessary */
473         if (cstate->clientstate == CHAPCS_RESPONSE)
474                 UNTIMEOUT(ChapResponseTimeout, cstate);
475        
476         cstate->resp_id = id;
477         cstate->resp_transmits = 0;
478        
479         /*  generate MD based on negotiated type */
480         switch (cstate->resp_type) {
481        
482         case CHAP_DIGEST_MD5:
483                 MD5Init(&mdContext);
484                 MD5Update(&mdContext, &cstate->resp_id, 1);
485                 MD5Update(&mdContext, (u_char*)secret, secret_len);
486                 MD5Update(&mdContext, rchallenge, rchallenge_len);
487                 MD5Final(hash, &mdContext);
488                 BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE);
489                 cstate->resp_length = MD5_SIGNATURE_SIZE;
490                 break;
491        
492 #ifdef CHAPMS
493         case CHAP_MICROSOFT:
494                 ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len);
495                 break;
496 #endif
497        
498         default:
499                 CHAPDEBUG((LOG_INFO, "unknown digest type %d\n", cstate->resp_type));
500                 return;
501         }
502        
503         BZERO(secret, sizeof(secret));
504         ChapSendResponse(cstate);
505 }
506
507
508 /*
509  * ChapReceiveResponse - Receive and process response.
510  */
511 static void ChapReceiveResponse(chap_state *cstate, u_char *inp, int id, int len)
512 {
513         u_char *remmd, remmd_len;
514         int secret_len, old_state;
515         int code;
516         char rhostname[256];
517         MD5_CTX mdContext;
518         char secret[MAXSECRETLEN];
519         u_char hash[MD5_SIGNATURE_SIZE];
520        
521         CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.\n", id));
522        
523         if (cstate->serverstate == CHAPSS_CLOSED ||
524                         cstate->serverstate == CHAPSS_PENDING) {
525                 CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: in state %d\n",
526                 cstate->serverstate));
527                 return;
528         }
529        
530         if (id != cstate->chal_id)
531                 return;                 /* doesn't match ID of last challenge */
532        
533         /*
534         * If we have received a duplicate or bogus Response,
535         * we have to send the same answer (Success/Failure)
536         * as we did for the first Response we saw.
537         */
538         if (cstate->serverstate == CHAPSS_OPEN) {
539                 ChapSendStatus(cstate, CHAP_SUCCESS);
540                 return;
541         }
542         if (cstate->serverstate == CHAPSS_BADAUTH) {
543                 ChapSendStatus(cstate, CHAP_FAILURE);
544                 return;
545         }
546        
547         if (len < 2) {
548                 CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet.\n"));
549                 return;
550         }
551         GETCHAR(remmd_len, inp);                /* get length of MD */
552         remmd = inp;                    /* get pointer to MD */
553         INCPTR(remmd_len, inp);
554        
555         len -= sizeof (u_char) + remmd_len;
556         if (len < 0) {
557                 CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet.\n"));
558                 return;
559         }
560        
561         UNTIMEOUT(ChapChallengeTimeout, cstate);
562        
563         if (len >= sizeof(rhostname))
564                 len = sizeof(rhostname) - 1;
565         BCOPY(inp, rhostname, len);
566         rhostname[len] = '\000';
567        
568         CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: received name field: %s\n",
569                                 rhostname));
570        
571         /*
572         * Get secret for authenticating them with us,
573         * do the hash ourselves, and compare the result.
574         */
575         code = CHAP_FAILURE;
576         if (!get_secret(cstate->unit, rhostname, cstate->chal_name,
577         secret, &secret_len, 1)) {
578 /*        CHAPDEBUG((LOG_WARNING, TL_CHAP, "No CHAP secret found for authenticating %s\n", rhostname)); */
579                 CHAPDEBUG((LOG_WARNING, "No CHAP secret found for authenticating %s\n",
580                 rhostname));
581         } else {
582        
583                 /*  generate MD based on negotiated type */
584                 switch (cstate->chal_type) {
585                
586                 case CHAP_DIGEST_MD5:           /* only MD5 is defined for now */
587                         if (remmd_len != MD5_SIGNATURE_SIZE)
588                                 break;                  /* it's not even the right length */
589                         MD5Init(&mdContext);
590                         MD5Update(&mdContext, &cstate->chal_id, 1);
591                         MD5Update(&mdContext, (u_char*)secret, secret_len);
592                         MD5Update(&mdContext, cstate->challenge, cstate->chal_len);
593                         MD5Final(hash, &mdContext);
594                        
595                         /* compare local and remote MDs and send the appropriate status */
596                         if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0)
597                                 code = CHAP_SUCCESS;    /* they are the same! */
598                         break;
599                
600                 default:
601                         CHAPDEBUG((LOG_INFO, "unknown digest type %d\n", cstate->chal_type));
602                 }
603         }
604        
605         BZERO(secret, sizeof(secret));
606         ChapSendStatus(cstate, code);
607        
608         if (code == CHAP_SUCCESS) {
609                 old_state = cstate->serverstate;
610                 cstate->serverstate = CHAPSS_OPEN;
611                 if (old_state == CHAPSS_INITIAL_CHAL) {
612                         auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len);
613                 }
614                 if (cstate->chal_interval != 0)
615                         TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval);
616         } else {
617                 CHAPDEBUG((LOG_ERR, "CHAP peer authentication failed\n"));
618                 cstate->serverstate = CHAPSS_BADAUTH;
619                 auth_peer_fail(cstate->unit, PPP_CHAP);
620         }
621 }
622
623 /*
624  * ChapReceiveSuccess - Receive Success
625  */
626 static void ChapReceiveSuccess(chap_state *cstate, u_char *inp, u_char id, int len)
627 {
628
629         CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: Rcvd id %d.\n", id));
630        
631         if (cstate->clientstate == CHAPCS_OPEN)
632                 /* presumably an answer to a duplicate response */
633                 return;
634        
635         if (cstate->clientstate != CHAPCS_RESPONSE) {
636                 /* don't know what this is */
637                 CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: in state %d\n",
638                            cstate->clientstate));
639                 return;
640         }
641        
642         UNTIMEOUT(ChapResponseTimeout, cstate);
643        
644         /*
645          * Print message.
646          */
647         if (len > 0)
648                 PRINTMSG(inp, len);
649        
650         cstate->clientstate = CHAPCS_OPEN;
651        
652         auth_withpeer_success(cstate->unit, PPP_CHAP);
653 }
654
655
656 /*
657  * ChapReceiveFailure - Receive failure.
658  */
659 static void ChapReceiveFailure(chap_state *cstate, u_char *inp, u_char id, int len)
660 {
661         CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: Rcvd id %d.\n", id));
662        
663         if (cstate->clientstate != CHAPCS_RESPONSE) {
664                 /* don't know what this is */
665                 CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: in state %d\n",
666                            cstate->clientstate));
667                 return;
668         }
669        
670         UNTIMEOUT(ChapResponseTimeout, cstate);
671        
672         /*
673          * Print message.
674          */
675         if (len > 0)
676                 PRINTMSG(inp, len);
677        
678         CHAPDEBUG((LOG_ERR, "CHAP authentication failed\n"));
679         auth_withpeer_fail(cstate->unit, PPP_CHAP);
680 }
681
682
683 /*
684  * ChapSendChallenge - Send an Authenticate challenge.
685  */
686 static void ChapSendChallenge(chap_state *cstate)
687 {
688         u_char *outp;
689         int chal_len, name_len;
690         int outlen;
691        
692         chal_len = cstate->chal_len;
693         name_len = strlen(cstate->chal_name);
694         outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len;
695         outp = outpacket_buf[cstate->unit];
696        
697         MAKEHEADER(outp, PPP_CHAP);             /* paste in a CHAP header */
698        
699         PUTCHAR(CHAP_CHALLENGE, outp);
700         PUTCHAR(cstate->chal_id, outp);
701         PUTSHORT(outlen, outp);
702        
703         PUTCHAR(chal_len, outp);                /* put length of challenge */
704         BCOPY(cstate->challenge, outp, chal_len);
705         INCPTR(chal_len, outp);
706        
707         BCOPY(cstate->chal_name, outp, name_len);       /* append hostname */
708        
709         pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
710        
711         CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.\n", cstate->chal_id));
712        
713         TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime);
714         ++cstate->chal_transmits;
715 }
716
717
718 /*
719  * ChapSendStatus - Send a status response (ack or nak).
720  */
721 static void ChapSendStatus(chap_state *cstate, int code)
722 {
723         u_char *outp;
724         int outlen, msglen;
725         char msg[256];
726        
727         if (code == CHAP_SUCCESS)
728                 strcpy(msg, "Welcome!");
729         else
730                 strcpy(msg, "I don't like you.  Go 'way.");
731         msglen = strlen(msg);
732        
733         outlen = CHAP_HEADERLEN + msglen;
734         outp = outpacket_buf[cstate->unit];
735        
736         MAKEHEADER(outp, PPP_CHAP);             /* paste in a header */
737        
738         PUTCHAR(code, outp);
739         PUTCHAR(cstate->chal_id, outp);
740         PUTSHORT(outlen, outp);
741         BCOPY(msg, outp, msglen);
742         pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
743        
744         CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.\n", code,
745                cstate->chal_id));
746 }
747
748 /*
749  * ChapGenChallenge is used to generate a pseudo-random challenge string of
750  * a pseudo-random length between min_len and max_len.  The challenge
751  * string and its length are stored in *cstate, and various other fields of
752  * *cstate are initialized.
753  */
754
755 static void ChapGenChallenge(chap_state *cstate)
756 {
757         int chal_len;
758         u_char *ptr = cstate->challenge;
759         int i;
760        
761         /* pick a random challenge length between MIN_CHALLENGE_LENGTH and
762            MAX_CHALLENGE_LENGTH */ 
763         chal_len = (unsigned)
764                                 ((((magic() >> 16) *
765                                 (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) >> 16)
766                              + MIN_CHALLENGE_LENGTH);
767         cstate->chal_len = chal_len;
768         cstate->chal_id = ++cstate->id;
769         cstate->chal_transmits = 0;
770        
771         /* generate a random string */
772         for (i = 0; i < chal_len; i++ )
773                 *ptr++ = (char) (magic() & 0xff);
774 }
775
776 /*
777  * ChapSendResponse - send a response packet with values as specified
778  * in *cstate.
779  */
780 /* ARGSUSED */
781 static void ChapSendResponse(chap_state *cstate)
782 {
783         u_char *outp;
784         int outlen, md_len, name_len;
785        
786         md_len = cstate->resp_length;
787         name_len = strlen(cstate->resp_name);
788         outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len;
789         outp = outpacket_buf[cstate->unit];
790        
791         MAKEHEADER(outp, PPP_CHAP);
792        
793         PUTCHAR(CHAP_RESPONSE, outp);   /* we are a response */
794         PUTCHAR(cstate->resp_id, outp); /* copy id from challenge packet */
795         PUTSHORT(outlen, outp);                 /* packet length */
796        
797         PUTCHAR(md_len, outp);                  /* length of MD */
798         BCOPY(cstate->response, outp, md_len);          /* copy MD to buffer */
799         INCPTR(md_len, outp);
800        
801         BCOPY(cstate->resp_name, outp, name_len);       /* append our name */
802        
803         /* send the packet */
804         pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
805        
806         cstate->clientstate = CHAPCS_RESPONSE;
807         TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime);
808         ++cstate->resp_transmits;
809 }
810
811 /*
812  * ChapPrintPkt - print the contents of a CHAP packet.
813  */
814 static int ChapPrintPkt(
815         u_char *p,
816         int plen,
817         void (*printer) (void *, char *, ...),
818         void *arg
819 )
820 {
821         int code, id, len;
822         int clen, nlen;
823         u_char x;
824        
825         if (plen < CHAP_HEADERLEN)
826                 return 0;
827         GETCHAR(code, p);
828         GETCHAR(id, p);
829         GETSHORT(len, p);
830         if (len < CHAP_HEADERLEN || len > plen)
831                 return 0;
832        
833         if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *))
834                 printer(arg, " %s", ChapCodenames[code-1]);
835         else
836                 printer(arg, " code=0x%x", code);
837         printer(arg, " id=0x%x", id);
838         len -= CHAP_HEADERLEN;
839         switch (code) {
840         case CHAP_CHALLENGE:
841         case CHAP_RESPONSE:
842                 if (len < 1)
843                         break;
844                 clen = p[0];
845                 if (len < clen + 1)
846                         break;
847                 ++p;
848                 nlen = len - clen - 1;
849                 printer(arg, " <");
850                 for (; clen > 0; --clen) {
851                         GETCHAR(x, p);
852                         printer(arg, "%.2x", x);
853                 }
854                 printer(arg, ">, name = %.*Z", nlen, p);
855                 break;
856         case CHAP_FAILURE:
857         case CHAP_SUCCESS:
858                 printer(arg, " %.*Z", len, p);
859                 break;
860         default:
861                 for (clen = len; clen > 0; --clen) {
862                         GETCHAR(x, p);
863                         printer(arg, " %.2x", x);
864                 }
865         }
866        
867         return len + CHAP_HEADERLEN;
868 }
869
870 #endif
871
872 #endif /* PPP_SUPPORT */
Note: See TracBrowser for help on using the browser.