OpenCores
URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [ecos-3.0/] [packages/] [net/] [lwip_tcpip/] [current/] [src/] [netif/] [ppp/] [chap.c] - Blame information for rev 786

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 786 skrzyp
/*** WARNING - THIS HAS NEVER BEEN FINISHED ***/
2
/*****************************************************************************
3
* chap.c - Network Challenge Handshake Authentication Protocol program file.
4
*
5
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
6
* portions Copyright (c) 1997 by Global Election Systems Inc.
7
*
8
* The authors hereby grant permission to use, copy, modify, distribute,
9
* and license this software and its documentation for any purpose, provided
10
* that existing copyright notices are retained in all copies and that this
11
* notice and the following disclaimer are included verbatim in any
12
* distributions. No written agreement, license, or royalty fee is required
13
* for any of the authorized uses.
14
*
15
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
16
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
19
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25
*
26
******************************************************************************
27
* REVISION HISTORY
28
*
29
* 03-01-01 Marc Boucher <marc@mbsi.ca>
30
*   Ported to lwIP.
31
* 97-12-04 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
32
*   Original based on BSD chap.c.
33
*****************************************************************************/
34
/*
35
 * chap.c - Challenge Handshake Authentication Protocol.
36
 *
37
 * Copyright (c) 1993 The Australian National University.
38
 * All rights reserved.
39
 *
40
 * Redistribution and use in source and binary forms are permitted
41
 * provided that the above copyright notice and this paragraph are
42
 * duplicated in all such forms and that any documentation,
43
 * advertising materials, and other materials related to such
44
 * distribution and use acknowledge that the software was developed
45
 * by the Australian National University.  The name of the University
46
 * may not be used to endorse or promote products derived from this
47
 * software without specific prior written permission.
48
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
49
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
50
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
51
 *
52
 * Copyright (c) 1991 Gregory M. Christy.
53
 * All rights reserved.
54
 *
55
 * Redistribution and use in source and binary forms are permitted
56
 * provided that the above copyright notice and this paragraph are
57
 * duplicated in all such forms and that any documentation,
58
 * advertising materials, and other materials related to such
59
 * distribution and use acknowledge that the software was developed
60
 * by Gregory M. Christy.  The name of the author may not be used to
61
 * endorse or promote products derived from this software without
62
 * specific prior written permission.
63
 *
64
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
65
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
66
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
67
 */
68
 
69
#include "lwip/opt.h"
70
 
71
#if PPP_SUPPORT  /* don't build if not configured for use in lwipopts.h */
72
 
73
#if CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
74
 
75
#include "netif/ppp/ppp.h"
76
#include "pppdebug.h"
77
#include "timesys.h"
78
 
79
#include "magic.h"
80
#include "randm.h"
81
#include "auth.h"
82
#include "md5.h"
83
#include "chap.h"
84
#include "chpms.h"
85
 
86
 
87
/*************************/
88
/*** LOCAL DEFINITIONS ***/
89
/*************************/
90
 
91
 
92
/************************/
93
/*** LOCAL DATA TYPES ***/
94
/************************/
95
 
96
 
97
/***********************************/
98
/*** LOCAL FUNCTION DECLARATIONS ***/
99
/***********************************/
100
/*
101
 * Protocol entry points.
102
 */
103
static void chap_init (int);
104
static void chap_lowerup (int);
105
static void chap_lowerdown (int);
106
static void chap_input (int, u8_t *, int);
107
static void chap_protrej (int);
108
#if 0
109
static int  chap_printpkt (u8_t *, int, void (*) (void *, char *, ...), void *);
110
#endif
111
 
112
static void chap_challenge_timeout (void *);
113
static void chap_response_timeout (void *);
114
static void chap_receive_challenge (chap_state *, u8_t *, int, int);
115
static void chap_rechallenge (void *);
116
static void chap_receive_response (chap_state *, u8_t *, int, int);
117
static void chap_receive_success(chap_state *cstate, u8_t *inp, u8_t id, int len);
118
static void chap_receive_failure(chap_state *cstate, u8_t *inp, u8_t id, int len);
119
static void chap_send_status (chap_state *, int);
120
static void chap_send_challenge (chap_state *);
121
static void chap_send_response (chap_state *);
122
static void chap_gen_challenge (chap_state *);
123
 
124
 
125
/******************************/
126
/*** PUBLIC DATA STRUCTURES ***/
127
/******************************/
128
chap_state chap[NUM_PPP]; /* CHAP state; one for each unit */
129
 
130
struct protent chap_protent = {
131
  PPP_CHAP,
132
  chap_init,
133
  chap_input,
134
  chap_protrej,
135
  chap_lowerup,
136
  chap_lowerdown,
137
  NULL,
138
  NULL,
139
#if 0
140
  chap_printpkt,
141
  NULL,
142
#endif
143
  1,
144
  "CHAP",
145
#if 0
146
  NULL,
147
  NULL,
148
  NULL
149
#endif
150
};
151
 
152
 
153
/***********************************/
154
/*** PUBLIC FUNCTION DEFINITIONS ***/
155
/***********************************/
156
/*
157
 * chap_auth_with_peer - Authenticate us with our peer (start client).
158
 *
159
 */
160
void
161
chap_auth_with_peer(int unit, char *our_name, int digest)
162
{
163
  chap_state *cstate = &chap[unit];
164
 
165
  cstate->resp_name = our_name;
166
  cstate->resp_type = digest;
167
 
168
  if (cstate->clientstate == CHAPCS_INITIAL ||
169
      cstate->clientstate == CHAPCS_PENDING) {
170
    /* lower layer isn't up - wait until later */
171
    cstate->clientstate = CHAPCS_PENDING;
172
    return;
173
  }
174
 
175
  /*
176
   * We get here as a result of LCP coming up.
177
   * So even if CHAP was open before, we will
178
   * have to re-authenticate ourselves.
179
   */
180
  cstate->clientstate = CHAPCS_LISTEN;
181
}
182
 
183
 
184
/*
185
 * chap_auth_peer - Authenticate our peer (start server).
186
 */
187
void
188
chap_auth_peer(int unit, char *our_name, int digest)
189
{
190
  chap_state *cstate = &chap[unit];
191
 
192
  cstate->chal_name = our_name;
193
  cstate->chal_type = digest;
194
 
195
  if (cstate->serverstate == CHAPSS_INITIAL ||
196
      cstate->serverstate == CHAPSS_PENDING) {
197
    /* lower layer isn't up - wait until later */
198
    cstate->serverstate = CHAPSS_PENDING;
199
    return;
200
  }
201
 
202
  chap_gen_challenge(cstate);
203
  chap_send_challenge(cstate);    /* crank it up dude! */
204
  cstate->serverstate = CHAPSS_INITIAL_CHAL;
205
}
206
 
207
 
208
/**********************************/
209
/*** LOCAL FUNCTION DEFINITIONS ***/
210
/**********************************/
211
/*
212
 * chap_init - Initialize a CHAP unit.
213
 */
214
static void
215
chap_init(int unit)
216
{
217
  chap_state *cstate = &chap[unit];
218
 
219
  BZERO(cstate, sizeof(*cstate));
220
  cstate->unit = unit;
221
  cstate->clientstate = CHAPCS_INITIAL;
222
  cstate->serverstate = CHAPSS_INITIAL;
223
  cstate->timeouttime = CHAP_DEFTIMEOUT;
224
  cstate->max_transmits = CHAP_DEFTRANSMITS;
225
  /* random number generator is initialized in magic_init */
226
}
227
 
228
 
229
/*
230
 * chap_challenge_timeout - Timeout expired on sending challenge.
231
 */
232
static void
233
chap_challenge_timeout(void *arg)
234
{
235
  chap_state *cstate = (chap_state *) arg;
236
 
237
  /* if we aren't sending challenges, don't worry.  then again we */
238
  /* probably shouldn't be here either */
239
  if (cstate->serverstate != CHAPSS_INITIAL_CHAL &&
240
      cstate->serverstate != CHAPSS_RECHALLENGE) {
241
    return;
242
  }
243
 
244
  if (cstate->chal_transmits >= cstate->max_transmits) {
245
    /* give up on peer */
246
    CHAPDEBUG((LOG_ERR, "Peer failed to respond to CHAP challenge\n"));
247
    cstate->serverstate = CHAPSS_BADAUTH;
248
    auth_peer_fail(cstate->unit, PPP_CHAP);
249
    return;
250
  }
251
 
252
  chap_send_challenge(cstate); /* Re-send challenge */
253
}
254
 
255
 
256
/*
257
 * chap_response_timeout - Timeout expired on sending response.
258
 */
259
static void
260
chap_response_timeout(void *arg)
261
{
262
  chap_state *cstate = (chap_state *) arg;
263
 
264
  /* if we aren't sending a response, don't worry. */
265
  if (cstate->clientstate != CHAPCS_RESPONSE) {
266
    return;
267
  }
268
 
269
  chap_send_response(cstate);    /* re-send response */
270
}
271
 
272
 
273
/*
274
 * chap_rechallenge - Time to challenge the peer again.
275
 */
276
static void
277
chap_rechallenge(void *arg)
278
{
279
  chap_state *cstate = (chap_state *) arg;
280
 
281
  /* if we aren't sending a response, don't worry. */
282
  if (cstate->serverstate != CHAPSS_OPEN) {
283
    return;
284
  }
285
 
286
  chap_gen_challenge(cstate);
287
  chap_send_challenge(cstate);
288
  cstate->serverstate = CHAPSS_RECHALLENGE;
289
}
290
 
291
 
292
/*
293
 * chap_lowerup - The lower layer is up.
294
 *
295
 * Start up if we have pending requests.
296
 */
297
static void
298
chap_lowerup(int unit)
299
{
300
  chap_state *cstate = &chap[unit];
301
 
302
  if (cstate->clientstate == CHAPCS_INITIAL) {
303
    cstate->clientstate = CHAPCS_CLOSED;
304
  } else if (cstate->clientstate == CHAPCS_PENDING) {
305
    cstate->clientstate = CHAPCS_LISTEN;
306
  }
307
 
308
  if (cstate->serverstate == CHAPSS_INITIAL) {
309
    cstate->serverstate = CHAPSS_CLOSED;
310
  } else if (cstate->serverstate == CHAPSS_PENDING) {
311
    chap_gen_challenge(cstate);
312
    chap_send_challenge(cstate);
313
    cstate->serverstate = CHAPSS_INITIAL_CHAL;
314
  }
315
}
316
 
317
 
318
/*
319
 * chap_lowerdown - The lower layer is down.
320
 *
321
 * Cancel all timeouts.
322
 */
323
static void
324
chap_lowerdown(int unit)
325
{
326
  chap_state *cstate = &chap[unit];
327
 
328
  /* Timeout(s) pending?  Cancel if so. */
329
  if (cstate->serverstate == CHAPSS_INITIAL_CHAL ||
330
      cstate->serverstate == CHAPSS_RECHALLENGE) {
331
    UNTIMEOUT(chap_challenge_timeout, cstate);
332
  } else if (cstate->serverstate == CHAPSS_OPEN
333
      && cstate->chal_interval != 0) {
334
    UNTIMEOUT(chap_rechallenge, cstate);
335
  }
336
  if (cstate->clientstate == CHAPCS_RESPONSE) {
337
    UNTIMEOUT(chap_response_timeout, cstate);
338
  }
339
  cstate->clientstate = CHAPCS_INITIAL;
340
  cstate->serverstate = CHAPSS_INITIAL;
341
}
342
 
343
 
344
/*
345
 * chap_protrej - Peer doesn't grok CHAP.
346
 */
347
static void
348
chap_protrej(int unit)
349
{
350
  chap_state *cstate = &chap[unit];
351
 
352
  if (cstate->serverstate != CHAPSS_INITIAL &&
353
      cstate->serverstate != CHAPSS_CLOSED) {
354
    auth_peer_fail(unit, PPP_CHAP);
355
  }
356
  if (cstate->clientstate != CHAPCS_INITIAL &&
357
      cstate->clientstate != CHAPCS_CLOSED) {
358
    auth_withpeer_fail(unit, PPP_CHAP);
359
  }
360
  chap_lowerdown(unit); /* shutdown chap */
361
}
362
 
363
 
364
/*
365
 * chap_input - Input CHAP packet.
366
 */
367
static void
368
chap_input(int unit, u8_t *inpacket, int packet_len)
369
{
370
  chap_state *cstate = &chap[unit];
371
  u8_t *inp;
372
  u8_t code, id;
373
  int len;
374
 
375
  /*
376
   * Parse header (code, id and length).
377
   * If packet too short, drop it.
378
   */
379
  inp = inpacket;
380
  if (packet_len < CHAP_HEADERLEN) {
381
    CHAPDEBUG((LOG_INFO, "chap_input: rcvd short header.\n"));
382
    return;
383
  }
384
  GETCHAR(code, inp);
385
  GETCHAR(id, inp);
386
  GETSHORT(len, inp);
387
  if (len < CHAP_HEADERLEN) {
388
    CHAPDEBUG((LOG_INFO, "chap_input: rcvd illegal length.\n"));
389
    return;
390
  }
391
  if (len > packet_len) {
392
    CHAPDEBUG((LOG_INFO, "chap_input: rcvd short packet.\n"));
393
    return;
394
  }
395
  len -= CHAP_HEADERLEN;
396
 
397
  /*
398
   * Action depends on code (as in fact it usually does :-).
399
   */
400
  switch (code) {
401
    case CHAP_CHALLENGE:
402
      chap_receive_challenge(cstate, inp, id, len);
403
      break;
404
 
405
    case CHAP_RESPONSE:
406
      chap_receive_response(cstate, inp, id, len);
407
      break;
408
 
409
    case CHAP_FAILURE:
410
      chap_receive_failure(cstate, inp, id, len);
411
      break;
412
 
413
    case CHAP_SUCCESS:
414
      chap_receive_success(cstate, inp, id, len);
415
      break;
416
 
417
    default:        /* Need code reject? */
418
      CHAPDEBUG((LOG_WARNING, "Unknown CHAP code (%d) received.\n", code));
419
      break;
420
  }
421
}
422
 
423
 
424
/*
425
 * chap_receive_challenge - Receive Challenge and send Response.
426
 */
427
static void
428
chap_receive_challenge(chap_state *cstate, u8_t *inp, int id, int len)
429
{
430
  int rchallenge_len;
431
  u8_t *rchallenge;
432
  int secret_len;
433
  char secret[MAXSECRETLEN];
434
  char rhostname[256];
435
  md5_ctx mdContext;
436
  u8_t hash[MD5_SIGNATURE_SIZE];
437
 
438
  CHAPDEBUG((LOG_INFO, "chap_receive_challenge: Rcvd id %d.\n", id));
439
  if (cstate->clientstate == CHAPCS_CLOSED ||
440
    cstate->clientstate == CHAPCS_PENDING) {
441
    CHAPDEBUG((LOG_INFO, "chap_receive_challenge: in state %d\n",
442
         cstate->clientstate));
443
    return;
444
  }
445
 
446
  if (len < 2) {
447
    CHAPDEBUG((LOG_INFO, "chap_receive_challenge: rcvd short packet.\n"));
448
    return;
449
  }
450
 
451
  GETCHAR(rchallenge_len, inp);
452
  len -= sizeof (u8_t) + rchallenge_len;  /* now name field length */
453
  if (len < 0) {
454
    CHAPDEBUG((LOG_INFO, "chap_receive_challenge: rcvd short packet.\n"));
455
    return;
456
  }
457
  rchallenge = inp;
458
  INCPTR(rchallenge_len, inp);
459
 
460
  if (len >= sizeof(rhostname)) {
461
    len = sizeof(rhostname) - 1;
462
  }
463
  BCOPY(inp, rhostname, len);
464
  rhostname[len] = '\000';
465
 
466
  CHAPDEBUG((LOG_INFO, "chap_receive_challenge: received name field '%s'\n", rhostname));
467
 
468
  /* Microsoft doesn't send their name back in the PPP packet */
469
  if (ppp_settings.remote_name[0] != 0 && (ppp_settings.explicit_remote || rhostname[0] == 0)) {
470
    strncpy(rhostname, ppp_settings.remote_name, sizeof(rhostname));
471
    rhostname[sizeof(rhostname) - 1] = 0;
472
    CHAPDEBUG((LOG_INFO, "chap_receive_challenge: using '%s' as remote name\n", rhostname));
473
  }
474
 
475
  /* get secret for authenticating ourselves with the specified host */
476
  if (!get_secret(cstate->unit, cstate->resp_name, rhostname, secret, &secret_len, 0)) {
477
    secret_len = 0;    /* assume null secret if can't find one */
478
    CHAPDEBUG((LOG_WARNING, "No CHAP secret found for authenticating us to %s\n", rhostname));
479
  }
480
 
481
  /* cancel response send timeout if necessary */
482
  if (cstate->clientstate == CHAPCS_RESPONSE) {
483
    UNTIMEOUT(chap_response_timeout, cstate);
484
  }
485
 
486
  cstate->resp_id = id;
487
  cstate->resp_transmits = 0;
488
 
489
  /*  generate MD based on negotiated type */
490
  switch (cstate->resp_type) {
491
 
492
  case CHAP_DIGEST_MD5:
493
    md5_init(&mdContext);
494
    md5_update(&mdContext, &cstate->resp_id, 1);
495
    md5_update(&mdContext, (u8_t*)secret, secret_len);
496
    md5_update(&mdContext, rchallenge, rchallenge_len);
497
    md5_final(hash, &mdContext);
498
    BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE);
499
    cstate->resp_length = MD5_SIGNATURE_SIZE;
500
    break;
501
 
502
#ifdef CHAPMS
503
  case CHAP_MICROSOFT:
504
    chapms(cstate, rchallenge, rchallenge_len, secret, secret_len);
505
    break;
506
#endif
507
 
508
  default:
509
    CHAPDEBUG((LOG_INFO, "unknown digest type %d\n", cstate->resp_type));
510
    return;
511
  }
512
 
513
  BZERO(secret, sizeof(secret));
514
  chap_send_response(cstate);
515
}
516
 
517
 
518
/*
519
 * chap_receive_response - Receive and process response.
520
 */
521
static void
522
chap_receive_response(chap_state *cstate, u8_t *inp, int id, int len)
523
{
524
  u8_t *remmd, remmd_len;
525
  int secret_len, old_state;
526
  int code;
527
  char rhostname[256];
528
  md5_ctx mdContext;
529
  char secret[MAXSECRETLEN];
530
  u8_t hash[MD5_SIGNATURE_SIZE];
531
 
532
  CHAPDEBUG((LOG_INFO, "chap_receive_response: Rcvd id %d.\n", id));
533
 
534
  if (cstate->serverstate == CHAPSS_CLOSED ||
535
      cstate->serverstate == CHAPSS_PENDING) {
536
    CHAPDEBUG((LOG_INFO, "chap_receive_response: in state %d\n",
537
    cstate->serverstate));
538
    return;
539
  }
540
 
541
  if (id != cstate->chal_id) {
542
    return;      /* doesn't match ID of last challenge */
543
  }
544
 
545
  /*
546
  * If we have received a duplicate or bogus Response,
547
  * we have to send the same answer (Success/Failure)
548
  * as we did for the first Response we saw.
549
  */
550
  if (cstate->serverstate == CHAPSS_OPEN) {
551
    chap_send_status(cstate, CHAP_SUCCESS);
552
    return;
553
  }
554
  if (cstate->serverstate == CHAPSS_BADAUTH) {
555
    chap_send_status(cstate, CHAP_FAILURE);
556
    return;
557
  }
558
 
559
  if (len < 2) {
560
    CHAPDEBUG((LOG_INFO, "chap_receive_response: rcvd short packet.\n"));
561
    return;
562
  }
563
  GETCHAR(remmd_len, inp); /* get length of MD */
564
  remmd = inp;             /* get pointer to MD */
565
  INCPTR(remmd_len, inp);
566
 
567
  len -= sizeof (u8_t) + remmd_len;
568
  if (len < 0) {
569
    CHAPDEBUG((LOG_INFO, "chap_receive_response: rcvd short packet.\n"));
570
    return;
571
  }
572
 
573
  UNTIMEOUT(chap_challenge_timeout, cstate);
574
 
575
  if (len >= sizeof(rhostname)) {
576
    len = sizeof(rhostname) - 1;
577
  }
578
  BCOPY(inp, rhostname, len);
579
  rhostname[len] = '\000';
580
 
581
  CHAPDEBUG((LOG_INFO, "chap_receive_response: received name field: %s\n", rhostname));
582
 
583
  /*
584
  * Get secret for authenticating them with us,
585
  * do the hash ourselves, and compare the result.
586
  */
587
  code = CHAP_FAILURE;
588
  if (!get_secret(cstate->unit, rhostname, cstate->chal_name, secret, &secret_len, 1)) {
589
    /* CHAPDEBUG((LOG_WARNING, TL_CHAP, "No CHAP secret found for authenticating %s\n", rhostname)); */
590
    CHAPDEBUG((LOG_WARNING, "No CHAP secret found for authenticating %s\n",
591
    rhostname));
592
  } else {
593
    /*  generate MD based on negotiated type */
594
    switch (cstate->chal_type) {
595
 
596
      case CHAP_DIGEST_MD5:    /* only MD5 is defined for now */
597
        if (remmd_len != MD5_SIGNATURE_SIZE) {
598
          break;      /* it's not even the right length */
599
        }
600
        md5_init(&mdContext);
601
        md5_update(&mdContext, &cstate->chal_id, 1);
602
        md5_update(&mdContext, (u8_t*)secret, secret_len);
603
        md5_update(&mdContext, cstate->challenge, cstate->chal_len);
604
        md5_final(hash, &mdContext);
605
 
606
        /* compare local and remote MDs and send the appropriate status */
607
        if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0) {
608
          code = CHAP_SUCCESS;  /* they are the same! */
609
        }
610
        break;
611
 
612
      default:
613
        CHAPDEBUG((LOG_INFO, "unknown digest type %d\n", cstate->chal_type));
614
    }
615
  }
616
 
617
  BZERO(secret, sizeof(secret));
618
  chap_send_status(cstate, code);
619
 
620
  if (code == CHAP_SUCCESS) {
621
    old_state = cstate->serverstate;
622
    cstate->serverstate = CHAPSS_OPEN;
623
    if (old_state == CHAPSS_INITIAL_CHAL) {
624
      auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len);
625
    }
626
    if (cstate->chal_interval != 0) {
627
      TIMEOUT(chap_rechallenge, cstate, cstate->chal_interval);
628
    }
629
  } else {
630
    CHAPDEBUG((LOG_ERR, "CHAP peer authentication failed\n"));
631
    cstate->serverstate = CHAPSS_BADAUTH;
632
    auth_peer_fail(cstate->unit, PPP_CHAP);
633
  }
634
}
635
 
636
/*
637
 * chap_receive_success - Receive Success
638
 */
639
static void
640
chap_receive_success(chap_state *cstate, u8_t *inp, u8_t id, int len)
641
{
642
  LWIP_UNUSED_ARG(id);
643
  LWIP_UNUSED_ARG(inp);
644
 
645
  CHAPDEBUG((LOG_INFO, "chap_receive_success: Rcvd id %d.\n", id));
646
 
647
  if (cstate->clientstate == CHAPCS_OPEN) {
648
    /* presumably an answer to a duplicate response */
649
    return;
650
  }
651
 
652
  if (cstate->clientstate != CHAPCS_RESPONSE) {
653
    /* don't know what this is */
654
    CHAPDEBUG((LOG_INFO, "chap_receive_success: in state %d\n", cstate->clientstate));
655
    return;
656
  }
657
 
658
  UNTIMEOUT(chap_response_timeout, cstate);
659
 
660
  /*
661
   * Print message.
662
   */
663
  if (len > 0) {
664
    PRINTMSG(inp, len);
665
  }
666
 
667
  cstate->clientstate = CHAPCS_OPEN;
668
 
669
  auth_withpeer_success(cstate->unit, PPP_CHAP);
670
}
671
 
672
 
673
/*
674
 * chap_receive_failure - Receive failure.
675
 */
676
static void
677
chap_receive_failure(chap_state *cstate, u8_t *inp, u8_t id, int len)
678
{
679
  LWIP_UNUSED_ARG(id);
680
  LWIP_UNUSED_ARG(inp);
681
 
682
  CHAPDEBUG((LOG_INFO, "chap_receive_failure: Rcvd id %d.\n", id));
683
 
684
  if (cstate->clientstate != CHAPCS_RESPONSE) {
685
    /* don't know what this is */
686
    CHAPDEBUG((LOG_INFO, "chap_receive_failure: in state %d\n", cstate->clientstate));
687
    return;
688
  }
689
 
690
  UNTIMEOUT(chap_response_timeout, cstate);
691
 
692
  /*
693
   * Print message.
694
   */
695
  if (len > 0) {
696
    PRINTMSG(inp, len);
697
  }
698
 
699
  CHAPDEBUG((LOG_ERR, "CHAP authentication failed\n"));
700
  auth_withpeer_fail(cstate->unit, PPP_CHAP);
701
}
702
 
703
 
704
/*
705
 * chap_send_challenge - Send an Authenticate challenge.
706
 */
707
static void
708
chap_send_challenge(chap_state *cstate)
709
{
710
  u8_t *outp;
711
  int chal_len, name_len;
712
  int outlen;
713
 
714
  chal_len = cstate->chal_len;
715
  name_len = strlen(cstate->chal_name);
716
  outlen = CHAP_HEADERLEN + sizeof (u8_t) + chal_len + name_len;
717
  outp = outpacket_buf[cstate->unit];
718
 
719
  MAKEHEADER(outp, PPP_CHAP);    /* paste in a CHAP header */
720
 
721
  PUTCHAR(CHAP_CHALLENGE, outp);
722
  PUTCHAR(cstate->chal_id, outp);
723
  PUTSHORT(outlen, outp);
724
 
725
  PUTCHAR(chal_len, outp);    /* put length of challenge */
726
  BCOPY(cstate->challenge, outp, chal_len);
727
  INCPTR(chal_len, outp);
728
 
729
  BCOPY(cstate->chal_name, outp, name_len);  /* append hostname */
730
 
731
  ppp_write(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
732
 
733
  CHAPDEBUG((LOG_INFO, "chap_send_challenge: Sent id %d.\n", cstate->chal_id));
734
 
735
  TIMEOUT(chap_challenge_timeout, cstate, cstate->timeouttime);
736
  ++cstate->chal_transmits;
737
}
738
 
739
 
740
/*
741
 * chap_send_status - Send a status response (ack or nak).
742
 */
743
static void
744
chap_send_status(chap_state *cstate, int code)
745
{
746
  u8_t *outp;
747
  int outlen, msglen;
748
  char msg[256];
749
 
750
  if (code == CHAP_SUCCESS) {
751
    strcpy(msg, "Welcome!");
752
  } else {
753
    strcpy(msg, "I don't like you.  Go 'way.");
754
  }
755
  msglen = strlen(msg);
756
 
757
  outlen = CHAP_HEADERLEN + msglen;
758
  outp = outpacket_buf[cstate->unit];
759
 
760
  MAKEHEADER(outp, PPP_CHAP);    /* paste in a header */
761
 
762
  PUTCHAR(code, outp);
763
  PUTCHAR(cstate->chal_id, outp);
764
  PUTSHORT(outlen, outp);
765
  BCOPY(msg, outp, msglen);
766
  ppp_write(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
767
 
768
  CHAPDEBUG((LOG_INFO, "chap_send_status: Sent code %d, id %d.\n", code, cstate->chal_id));
769
}
770
 
771
/*
772
 * chap_gen_challenge is used to generate a pseudo-random challenge string of
773
 * a pseudo-random length between min_len and max_len.  The challenge
774
 * string and its length are stored in *cstate, and various other fields of
775
 * *cstate are initialized.
776
 */
777
 
778
static void
779
chap_gen_challenge(chap_state *cstate)
780
{
781
  int chal_len;
782
  u8_t *ptr = cstate->challenge;
783
  int i;
784
 
785
  /* pick a random challenge length between MIN_CHALLENGE_LENGTH and
786
     MAX_CHALLENGE_LENGTH */
787
  chal_len = (unsigned)
788
        ((((magic_next() >> 16) *
789
              (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) >> 16)
790
           + MIN_CHALLENGE_LENGTH);
791
  cstate->chal_len = chal_len;
792
  cstate->chal_id = ++cstate->id;
793
  cstate->chal_transmits = 0;
794
 
795
  /* generate a random string */
796
  for (i = 0; i < chal_len; i++ ) {
797
    *ptr++ = (char) (magic_next() & 0xff);
798
  }
799
}
800
 
801
/*
802
 * chap_send_response - send a response packet with values as specified
803
 * in *cstate.
804
 */
805
/* ARGSUSED */
806
static void
807
chap_send_response(chap_state *cstate)
808
{
809
  u8_t *outp;
810
  int outlen, md_len, name_len;
811
 
812
  md_len = cstate->resp_length;
813
  name_len = strlen(cstate->resp_name);
814
  outlen = CHAP_HEADERLEN + sizeof (u8_t) + md_len + name_len;
815
  outp = outpacket_buf[cstate->unit];
816
 
817
  MAKEHEADER(outp, PPP_CHAP);
818
 
819
  PUTCHAR(CHAP_RESPONSE, outp);  /* we are a response */
820
  PUTCHAR(cstate->resp_id, outp);  /* copy id from challenge packet */
821
  PUTSHORT(outlen, outp);      /* packet length */
822
 
823
  PUTCHAR(md_len, outp);      /* length of MD */
824
  BCOPY(cstate->response, outp, md_len);    /* copy MD to buffer */
825
  INCPTR(md_len, outp);
826
 
827
  BCOPY(cstate->resp_name, outp, name_len);  /* append our name */
828
 
829
  /* send the packet */
830
  ppp_write(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
831
 
832
  cstate->clientstate = CHAPCS_RESPONSE;
833
  TIMEOUT(chap_response_timeout, cstate, cstate->timeouttime);
834
  ++cstate->resp_transmits;
835
}
836
 
837
#if 0
838
static char *chap_codenames[] = {
839
  "Challenge", "Response", "Success", "Failure"
840
};
841
/*
842
 * chap_printpkt - print the contents of a CHAP packet.
843
 */
844
static int
845
chap_printpkt( u8_t *p, int plen, void (*printer) (void *, char *, ...), void *arg)
846
{
847
  int code, id, len;
848
  int clen, nlen;
849
  u8_t x;
850
 
851
  if (plen < CHAP_HEADERLEN) {
852
    return 0;
853
  }
854
  GETCHAR(code, p);
855
  GETCHAR(id, p);
856
  GETSHORT(len, p);
857
  if (len < CHAP_HEADERLEN || len > plen) {
858
    return 0;
859
  }
860
  if (code >= 1 && code <= sizeof(chap_codenames) / sizeof(char *)) {
861
    printer(arg, " %s", chap_codenames[code-1]);
862
  } else {
863
    printer(arg, " code=0x%x", code);
864
  }
865
  printer(arg, " id=0x%x", id);
866
  len -= CHAP_HEADERLEN;
867
  switch (code) {
868
    case CHAP_CHALLENGE:
869
    case CHAP_RESPONSE:
870
      if (len < 1) {
871
        break;
872
      }
873
      clen = p[0];
874
      if (len < clen + 1) {
875
        break;
876
      }
877
      ++p;
878
      nlen = len - clen - 1;
879
      printer(arg, " <");
880
      for (; clen > 0; --clen) {
881
        GETCHAR(x, p);
882
        printer(arg, "%.2x", x);
883
      }
884
      printer(arg, ">, name = %.*Z", nlen, p);
885
      break;
886
    case CHAP_FAILURE:
887
    case CHAP_SUCCESS:
888
      printer(arg, " %.*Z", len, p);
889
      break;
890
    default:
891
      for (clen = len; clen > 0; --clen) {
892
        GETCHAR(x, p);
893
        printer(arg, " %.2x", x);
894
      }
895
  }
896
 
897
  return len + CHAP_HEADERLEN;
898
}
899
#endif
900
 
901
#endif /* CHAP_SUPPORT */
902
 
903
#endif /* PPP_SUPPORT */

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.