OpenCores
URL https://opencores.org/ocsvn/openrisc_me/openrisc_me/trunk

Subversion Repositories openrisc_me

[/] [openrisc/] [trunk/] [rtos/] [rtems/] [c/] [src/] [libnetworking/] [pppd/] [chap.c] - Blame information for rev 173

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 30 unneback 
/*
2 
 * chap.c - Challenge Handshake Authentication Protocol.
3 
 *
4 
 * Copyright (c) 1993 The Australian National University.
5 
 * All rights reserved.
6 
 *
7 
 * Redistribution and use in source and binary forms are permitted
8 
 * provided that the above copyright notice and this paragraph are
9 
 * duplicated in all such forms and that any documentation,
10 
 * advertising materials, and other materials related to such
11 
 * distribution and use acknowledge that the software was developed
12 
 * by the Australian National University.  The name of the University
13 
 * may not be used to endorse or promote products derived from this
14 
 * software without specific prior written permission.
15 
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
16 
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
17 
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
18 
 *
19 
 * Copyright (c) 1991 Gregory M. Christy.
20 
 * All rights reserved.
21 
 *
22 
 * Redistribution and use in source and binary forms are permitted
23 
 * provided that the above copyright notice and this paragraph are
24 
 * duplicated in all such forms and that any documentation,
25 
 * advertising materials, and other materials related to such
26 
 * distribution and use acknowledge that the software was developed
27 
 * by Gregory M. Christy.  The name of the author may not be used to
28 
 * endorse or promote products derived from this software without
29 
 * specific prior written permission.
30 
 *
31 
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
32 
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
33 
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
34 
 */
35 
 
36 
#ifndef lint
37 
/* static char rcsid[] = "$Id: chap.c,v 1.2 2001-09-27 12:01:57 chris Exp $"; */
38 
#endif
39 
 
40 
/*
41 
 * TODO:
42 
 */
43 
 
44 
#include <stdio.h>
45 
#include <string.h>
46 
#include <sys/types.h>
47 
#include <sys/time.h>
48 
#include <syslog.h>
49 
 
50 
#include "pppd.h"
51 
#include "chap.h"
52 
#include "md5.h"
53 
#ifdef CHAPMS
54 
#include "chap_ms.h"
55 
#endif
56 
 
57 
/*
58 
 * Protocol entry points.
59 
 */
60 
static void ChapInit __P((int));
61 
static void ChapLowerUp __P((int));
62 
static void ChapLowerDown __P((int));
63 
static void ChapInput __P((int, u_char *, int));
64 
static void ChapProtocolReject __P((int));
65 
static int  ChapPrintPkt __P((u_char *, int,
66 
                              void (*) __P((void *, char *, ...)), void *));
67 
 
68 
struct protent chap_protent = {
69 
    PPP_CHAP,
70 
    ChapInit,
71 
    ChapInput,
72 
    ChapProtocolReject,
73 
    ChapLowerUp,
74 
    ChapLowerDown,
75 
    NULL,
76 
    NULL,
77 
    ChapPrintPkt,
78 
    NULL,
79 
    1,
80 
    "CHAP",
81 
    NULL,
82 
    NULL,
83 
    NULL
84 
};
85 
 
86 
chap_state chap[NUM_PPP];               /* CHAP state; one for each unit */
87 
 
88 
static void ChapChallengeTimeout __P((void *));
89 
static void ChapResponseTimeout __P((void *));
90 
static void ChapReceiveChallenge __P((chap_state *, u_char *, int, int));
91 
static void ChapRechallenge __P((void *));
92 
static void ChapReceiveResponse __P((chap_state *, u_char *, int, int));
93 
static void ChapReceiveSuccess __P((chap_state *, u_char *, int, int));
94 
static void ChapReceiveFailure __P((chap_state *, u_char *, int, int));
95 
static void ChapSendStatus __P((chap_state *, int));
96 
static void ChapSendChallenge __P((chap_state *));
97 
static void ChapSendResponse __P((chap_state *));
98 
static void ChapGenChallenge __P((chap_state *));
99 
/* #include <stdlib.h> */
100 
 
101 
extern double drand48 __P((void));
102 
/*{
103 
        return (((double)rand())/RAND_MAX);
104 
}
105 
*/
106 
extern void srand48 __P((long));
107 
 
108 
/*
109 
 * ChapInit - Initialize a CHAP unit.
110 
 */
111 
static void
112 
ChapInit(unit)
113 
    int unit;
114 
{
115 
    chap_state *cstate = &chap[unit];
116 
 
117 
    BZERO(cstate, sizeof(*cstate));
118 
    cstate->unit = unit;
119 
    cstate->clientstate = CHAPCS_INITIAL;
120 
    cstate->serverstate = CHAPSS_INITIAL;
121 
    cstate->timeouttime = CHAP_DEFTIMEOUT;
122 
    cstate->max_transmits = CHAP_DEFTRANSMITS;
123 
    /* random number generator is initialized in magic_init */
124 
}
125 
 
126 
 
127 
/*
128 
 * ChapAuthWithPeer - Authenticate us with our peer (start client).
129 
 *
130 
 */
131 
void
132 
ChapAuthWithPeer(unit, our_name, digest)
133 
    int unit;
134 
    char *our_name;
135 
    int digest;
136 
{
137 
    chap_state *cstate = &chap[unit];
138 
 
139 
    cstate->resp_name = our_name;
140 
    cstate->resp_type = digest;
141 
 
142 
    if (cstate->clientstate == CHAPCS_INITIAL ||
143 
        cstate->clientstate == CHAPCS_PENDING) {
144 
        /* lower layer isn't up - wait until later */
145 
        cstate->clientstate = CHAPCS_PENDING;
146 
        return;
147 
    }
148 
 
149 
    /*
150 
     * We get here as a result of LCP coming up.
151 
     * So even if CHAP was open before, we will
152 
     * have to re-authenticate ourselves.
153 
     */
154 
    cstate->clientstate = CHAPCS_LISTEN;
155 
}
156 
 
157 
 
158 
/*
159 
 * ChapAuthPeer - Authenticate our peer (start server).
160 
 */
161 
void
162 
ChapAuthPeer(unit, our_name, digest)
163 
    int unit;
164 
    char *our_name;
165 
    int digest;
166 
{
167 
    chap_state *cstate = &chap[unit];
168 
 
169 
    cstate->chal_name = our_name;
170 
    cstate->chal_type = digest;
171 
 
172 
    if (cstate->serverstate == CHAPSS_INITIAL ||
173 
        cstate->serverstate == CHAPSS_PENDING) {
174 
        /* lower layer isn't up - wait until later */
175 
        cstate->serverstate = CHAPSS_PENDING;
176 
        return;
177 
    }
178 
 
179 
    ChapGenChallenge(cstate);
180 
    ChapSendChallenge(cstate);          /* crank it up dude! */
181 
    cstate->serverstate = CHAPSS_INITIAL_CHAL;
182 
}
183 
 
184 
 
185 
/*
186 
 * ChapChallengeTimeout - Timeout expired on sending challenge.
187 
 */
188 
static void
189 
ChapChallengeTimeout(arg)
190 
    void *arg;
191 
{
192 
    chap_state *cstate = (chap_state *) arg;
193 
 
194 
    /* if we aren't sending challenges, don't worry.  then again we */
195 
    /* probably shouldn't be here either */
196 
    if (cstate->serverstate != CHAPSS_INITIAL_CHAL &&
197 
        cstate->serverstate != CHAPSS_RECHALLENGE)
198 
        return;
199 
 
200 
    if (cstate->chal_transmits >= cstate->max_transmits) {
201 
        /* give up on peer */
202 
        syslog(LOG_ERR, "Peer failed to respond to CHAP challenge");
203 
        cstate->serverstate = CHAPSS_BADAUTH;
204 
        auth_peer_fail(cstate->unit, PPP_CHAP);
205 
        return;
206 
    }
207 
 
208 
    ChapSendChallenge(cstate);          /* Re-send challenge */
209 
}
210 
 
211 
 
212 
/*
213 
 * ChapResponseTimeout - Timeout expired on sending response.
214 
 */
215 
static void
216 
ChapResponseTimeout(arg)
217 
    void *arg;
218 
{
219 
    chap_state *cstate = (chap_state *) arg;
220 
 
221 
    /* if we aren't sending a response, don't worry. */
222 
    if (cstate->clientstate != CHAPCS_RESPONSE)
223 
        return;
224 
 
225 
    ChapSendResponse(cstate);           /* re-send response */
226 
}
227 
 
228 
 
229 
/*
230 
 * ChapRechallenge - Time to challenge the peer again.
231 
 */
232 
static void
233 
ChapRechallenge(arg)
234 
    void *arg;
235 
{
236 
    chap_state *cstate = (chap_state *) arg;
237 
 
238 
    /* if we aren't sending a response, don't worry. */
239 
    if (cstate->serverstate != CHAPSS_OPEN)
240 
        return;
241 
 
242 
    ChapGenChallenge(cstate);
243 
    ChapSendChallenge(cstate);
244 
    cstate->serverstate = CHAPSS_RECHALLENGE;
245 
}
246 
 
247 
 
248 
/*
249 
 * ChapLowerUp - The lower layer is up.
250 
 *
251 
 * Start up if we have pending requests.
252 
 */
253 
static void
254 
ChapLowerUp(unit)
255 
    int unit;
256 
{
257 
    chap_state *cstate = &chap[unit];
258 
 
259 
    if (cstate->clientstate == CHAPCS_INITIAL)
260 
        cstate->clientstate = CHAPCS_CLOSED;
261 
    else if (cstate->clientstate == CHAPCS_PENDING)
262 
        cstate->clientstate = CHAPCS_LISTEN;
263 
 
264 
    if (cstate->serverstate == CHAPSS_INITIAL)
265 
        cstate->serverstate = CHAPSS_CLOSED;
266 
    else if (cstate->serverstate == CHAPSS_PENDING) {
267 
        ChapGenChallenge(cstate);
268 
        ChapSendChallenge(cstate);
269 
        cstate->serverstate = CHAPSS_INITIAL_CHAL;
270 
    }
271 
}
272 
 
273 
 
274 
/*
275 
 * ChapLowerDown - The lower layer is down.
276 
 *
277 
 * Cancel all timeouts.
278 
 */
279 
static void
280 
ChapLowerDown(unit)
281 
    int unit;
282 
{
283 
    chap_state *cstate = &chap[unit];
284 
 
285 
    /* Timeout(s) pending?  Cancel if so. */
286 
    if (cstate->serverstate == CHAPSS_INITIAL_CHAL ||
287 
        cstate->serverstate == CHAPSS_RECHALLENGE)
288 
        UNTIMEOUT(ChapChallengeTimeout, cstate);
289 
    else if (cstate->serverstate == CHAPSS_OPEN
290 
             && cstate->chal_interval != 0)
291 
        UNTIMEOUT(ChapRechallenge, cstate);
292 
    if (cstate->clientstate == CHAPCS_RESPONSE)
293 
        UNTIMEOUT(ChapResponseTimeout, cstate);
294 
 
295 
    cstate->clientstate = CHAPCS_INITIAL;
296 
    cstate->serverstate = CHAPSS_INITIAL;
297 
}
298 
 
299 
 
300 
/*
301 
 * ChapProtocolReject - Peer doesn't grok CHAP.
302 
 */
303 
static void
304 
ChapProtocolReject(unit)
305 
    int unit;
306 
{
307 
    chap_state *cstate = &chap[unit];
308 
 
309 
    if (cstate->serverstate != CHAPSS_INITIAL &&
310 
        cstate->serverstate != CHAPSS_CLOSED)
311 
        auth_peer_fail(unit, PPP_CHAP);
312 
    if (cstate->clientstate != CHAPCS_INITIAL &&
313 
        cstate->clientstate != CHAPCS_CLOSED)
314 
        auth_withpeer_fail(unit, PPP_CHAP);
315 
    ChapLowerDown(unit);                /* shutdown chap */
316 
}
317 
 
318 
 
319 
/*
320 
 * ChapInput - Input CHAP packet.
321 
 */
322 
static void
323 
ChapInput(unit, inpacket, packet_len)
324 
    int unit;
325 
    u_char *inpacket;
326 
    int packet_len;
327 
{
328 
    chap_state *cstate = &chap[unit];
329 
    u_char *inp;
330 
    u_char code, id;
331 
    int len;
332 
 
333 
    /*
334 
     * Parse header (code, id and length).
335 
     * If packet too short, drop it.
336 
     */
337 
    inp = inpacket;
338 
    if (packet_len < CHAP_HEADERLEN) {
339 
        CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short header."));
340 
        return;
341 
    }
342 
    GETCHAR(code, inp);
343 
    GETCHAR(id, inp);
344 
    GETSHORT(len, inp);
345 
    if (len < CHAP_HEADERLEN) {
346 
        CHAPDEBUG((LOG_INFO, "ChapInput: rcvd illegal length."));
347 
        return;
348 
    }
349 
    if (len > packet_len) {
350 
        CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short packet."));
351 
        return;
352 
    }
353 
    len -= CHAP_HEADERLEN;
354 
 
355 
    /*
356 
     * Action depends on code (as in fact it usually does :-).
357 
     */
358 
    switch (code) {
359 
    case CHAP_CHALLENGE:
360 
        ChapReceiveChallenge(cstate, inp, id, len);
361 
        break;
362 
 
363 
    case CHAP_RESPONSE:
364 
        ChapReceiveResponse(cstate, inp, id, len);
365 
        break;
366 
 
367 
    case CHAP_FAILURE:
368 
        ChapReceiveFailure(cstate, inp, id, len);
369 
        break;
370 
 
371 
    case CHAP_SUCCESS:
372 
        ChapReceiveSuccess(cstate, inp, id, len);
373 
        break;
374 
 
375 
    default:                            /* Need code reject? */
376 
        syslog(LOG_WARNING, "Unknown CHAP code (%d) received.", code);
377 
        break;
378 
    }
379 
}
380 
 
381 
 
382 
/*
383 
 * ChapReceiveChallenge - Receive Challenge and send Response.
384 
 */
385 
static void
386 
ChapReceiveChallenge(cstate, inp, id, len)
387 
    chap_state *cstate;
388 
    u_char *inp;
389 
    int id;
390 
    int len;
391 
{
392 
    int rchallenge_len;
393 
    u_char *rchallenge;
394 
    int secret_len;
395 
    char secret[MAXSECRETLEN];
396 
    char rhostname[256];
397 
    MD5_CTX mdContext;
398 
    u_char hash[MD5_SIGNATURE_SIZE];
399 
 
400 
    CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.", id));
401 
    if (cstate->clientstate == CHAPCS_CLOSED ||
402 
        cstate->clientstate == CHAPCS_PENDING) {
403 
        CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: in state %d",
404 
                   cstate->clientstate));
405 
        return;
406 
    }
407 
 
408 
    if (len < 2) {
409 
        CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet."));
410 
        return;
411 
    }
412 
 
413 
    GETCHAR(rchallenge_len, inp);
414 
    len -= sizeof (u_char) + rchallenge_len;    /* now name field length */
415 
    if (len < 0) {
416 
        CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet."));
417 
        return;
418 
    }
419 
    rchallenge = inp;
420 
    INCPTR(rchallenge_len, inp);
421 
 
422 
    if (len >= sizeof(rhostname))
423 
        len = sizeof(rhostname) - 1;
424 
    BCOPY(inp, rhostname, len);
425 
    rhostname[len] = '\000';
426 
 
427 
    CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: received name field '%s'",
428 
               rhostname));
429 
 
430 
    /* Microsoft doesn't send their name back in the PPP packet */
431 
    if (remote_name[0] != 0 && (explicit_remote || rhostname[0] == 0)) {
432 
        strncpy(rhostname, remote_name, sizeof(rhostname));
433 
        rhostname[sizeof(rhostname) - 1] = 0;
434 
        CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: using '%s' as remote name",
435 
                   rhostname));
436 
    }
437 
 
438 
    /* get secret for authenticating ourselves with the specified host */
439 
    if (!get_secret(cstate->unit, cstate->resp_name, rhostname,
440 
                    secret, &secret_len, 0)) {
441 
        secret_len = 0;          /* assume null secret if can't find one */
442 
        syslog(LOG_WARNING, "No CHAP secret found for authenticating us to %s",
443 
               rhostname);
444 
    }
445 
 
446 
    /* cancel response send timeout if necessary */
447 
    if (cstate->clientstate == CHAPCS_RESPONSE)
448 
        UNTIMEOUT(ChapResponseTimeout, cstate);
449 
 
450 
    cstate->resp_id = id;
451 
    cstate->resp_transmits = 0;
452 
 
453 
    /*  generate MD based on negotiated type */
454 
    switch (cstate->resp_type) {
455 
 
456 
    case CHAP_DIGEST_MD5:
457 
        MD5Init(&mdContext);
458 
        MD5Update(&mdContext, &cstate->resp_id, 1);
459 
        MD5Update(&mdContext, secret, secret_len);
460 
        MD5Update(&mdContext, rchallenge, rchallenge_len);
461 
        MD5Final(hash, &mdContext);
462 
        BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE);
463 
        cstate->resp_length = MD5_SIGNATURE_SIZE;
464 
        break;
465 
 
466 
#ifdef CHAPMS
467 
    case CHAP_MICROSOFT:
468 
        ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len);
469 
        break;
470 
#endif
471 
 
472 
    default:
473 
        CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->resp_type));
474 
        return;
475 
    }
476 
 
477 
    BZERO(secret, sizeof(secret));
478 
    ChapSendResponse(cstate);
479 
}
480 
 
481 
 
482 
/*
483 
 * ChapReceiveResponse - Receive and process response.
484 
 */
485 
static void
486 
ChapReceiveResponse(cstate, inp, id, len)
487 
    chap_state *cstate;
488 
    u_char *inp;
489 
    int id;
490 
    int len;
491 
{
492 
    u_char *remmd, remmd_len;
493 
    int secret_len, old_state;
494 
    int code;
495 
    char rhostname[256];
496 
    MD5_CTX mdContext;
497 
    char secret[MAXSECRETLEN];
498 
    u_char hash[MD5_SIGNATURE_SIZE];
499 
 
500 
    CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.", id));
501 
 
502 
    if (cstate->serverstate == CHAPSS_CLOSED ||
503 
        cstate->serverstate == CHAPSS_PENDING) {
504 
        CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: in state %d",
505 
                   cstate->serverstate));
506 
        return;
507 
    }
508 
 
509 
    if (id != cstate->chal_id)
510 
        return;                 /* doesn't match ID of last challenge */
511 
 
512 
    /*
513 
     * If we have received a duplicate or bogus Response,
514 
     * we have to send the same answer (Success/Failure)
515 
     * as we did for the first Response we saw.
516 
     */
517 
    if (cstate->serverstate == CHAPSS_OPEN) {
518 
        ChapSendStatus(cstate, CHAP_SUCCESS);
519 
        return;
520 
    }
521 
    if (cstate->serverstate == CHAPSS_BADAUTH) {
522 
        ChapSendStatus(cstate, CHAP_FAILURE);
523 
        return;
524 
    }
525 
 
526 
    if (len < 2) {
527 
        CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet."));
528 
        return;
529 
    }
530 
    GETCHAR(remmd_len, inp);            /* get length of MD */
531 
    remmd = inp;                        /* get pointer to MD */
532 
    INCPTR(remmd_len, inp);
533 
 
534 
    len -= sizeof (u_char) + remmd_len;
535 
    if (len < 0) {
536 
        CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet."));
537 
        return;
538 
    }
539 
 
540 
    UNTIMEOUT(ChapChallengeTimeout, cstate);
541 
 
542 
    if (len >= sizeof(rhostname))
543 
        len = sizeof(rhostname) - 1;
544 
    BCOPY(inp, rhostname, len);
545 
    rhostname[len] = '\000';
546 
 
547 
    CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: received name field: %s",
548 
               rhostname));
549 
 
550 
    /*
551 
     * Get secret for authenticating them with us,
552 
     * do the hash ourselves, and compare the result.
553 
     */
554 
    code = CHAP_FAILURE;
555 
    if (!get_secret(cstate->unit, rhostname, cstate->chal_name,
556 
                   secret, &secret_len, 1)) {
557 
        syslog(LOG_WARNING, "No CHAP secret found for authenticating %s",
558 
               rhostname);
559 
    } else {
560 
 
561 
        /*  generate MD based on negotiated type */
562 
        switch (cstate->chal_type) {
563 
 
564 
        case CHAP_DIGEST_MD5:           /* only MD5 is defined for now */
565 
            if (remmd_len != MD5_SIGNATURE_SIZE)
566 
                break;                  /* it's not even the right length */
567 
            MD5Init(&mdContext);
568 
            MD5Update(&mdContext, &cstate->chal_id, 1);
569 
            MD5Update(&mdContext, secret, secret_len);
570 
            MD5Update(&mdContext, cstate->challenge, cstate->chal_len);
571 
            MD5Final(hash, &mdContext);
572 
 
573 
            /* compare local and remote MDs and send the appropriate status */
574 
            if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0)
575 
                code = CHAP_SUCCESS;    /* they are the same! */
576 
            break;
577 
 
578 
        default:
579 
            CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->chal_type));
580 
        }
581 
    }
582 
 
583 
    BZERO(secret, sizeof(secret));
584 
    ChapSendStatus(cstate, code);
585 
 
586 
    if (code == CHAP_SUCCESS) {
587 
        old_state = cstate->serverstate;
588 
        cstate->serverstate = CHAPSS_OPEN;
589 
        if (old_state == CHAPSS_INITIAL_CHAL) {
590 
            auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len);
591 
        }
592 
        if (cstate->chal_interval != 0)
593 
            TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval);
594 
        syslog(LOG_NOTICE, "CHAP peer authentication succeeded for %s",
595 
               rhostname);
596 
 
597 
    } else {
598 
        syslog(LOG_ERR, "CHAP peer authentication failed for remote host %s",
599 
               rhostname);
600 
        cstate->serverstate = CHAPSS_BADAUTH;
601 
        auth_peer_fail(cstate->unit, PPP_CHAP);
602 
    }
603 
}
604 
 
605 
/*
606 
 * ChapReceiveSuccess - Receive Success
607 
 */
608 
static void
609 
ChapReceiveSuccess(cstate, inp, id, len)
610 
    chap_state *cstate;
611 
    u_char *inp;
612 
    int id;  /* was u_char id */
613 
    int len;
614 
{
615 
 
616 
    CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: Rcvd id %d.", id));
617 
 
618 
    if (cstate->clientstate == CHAPCS_OPEN)
619 
        /* presumably an answer to a duplicate response */
620 
        return;
621 
 
622 
    if (cstate->clientstate != CHAPCS_RESPONSE) {
623 
        /* don't know what this is */
624 
        CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: in state %d\n",
625 
                   cstate->clientstate));
626 
        return;
627 
    }
628 
 
629 
    UNTIMEOUT(ChapResponseTimeout, cstate);
630 
 
631 
    /*
632 
     * Print message.
633 
     */
634 
    if (len > 0)
635 
        PRINTMSG(inp, len);
636 
 
637 
    cstate->clientstate = CHAPCS_OPEN;
638 
 
639 
    auth_withpeer_success(cstate->unit, PPP_CHAP);
640 
}
641 
 
642 
 
643 
/*
644 
 * ChapReceiveFailure - Receive failure.
645 
 */
646 
static void
647 
ChapReceiveFailure(cstate, inp, id, len)
648 
    chap_state *cstate;
649 
    u_char *inp;
650 
    int id;  /* was u_char id; */
651 
    int len;
652 
{
653 
    CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: Rcvd id %d.", id));
654 
 
655 
    if (cstate->clientstate != CHAPCS_RESPONSE) {
656 
        /* don't know what this is */
657 
        CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: in state %d\n",
658 
                   cstate->clientstate));
659 
        return;
660 
    }
661 
 
662 
    UNTIMEOUT(ChapResponseTimeout, cstate);
663 
 
664 
    /*
665 
     * Print message.
666 
     */
667 
    if (len > 0)
668 
        PRINTMSG(inp, len);
669 
 
670 
    syslog(LOG_ERR, "CHAP authentication failed");
671 
    auth_withpeer_fail(cstate->unit, PPP_CHAP);
672 
}
673 
 
674 
 
675 
/*
676 
 * ChapSendChallenge - Send an Authenticate challenge.
677 
 */
678 
static void
679 
ChapSendChallenge(cstate)
680 
    chap_state *cstate;
681 
{
682 
    u_char *outp;
683 
    int chal_len, name_len;
684 
    int outlen;
685 
 
686 
    chal_len = cstate->chal_len;
687 
    name_len = strlen(cstate->chal_name);
688 
    outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len;
689 
    outp = outpacket_buf;
690 
 
691 
    MAKEHEADER(outp, PPP_CHAP);         /* paste in a CHAP header */
692 
 
693 
    PUTCHAR(CHAP_CHALLENGE, outp);
694 
    PUTCHAR(cstate->chal_id, outp);
695 
    PUTSHORT(outlen, outp);
696 
 
697 
    PUTCHAR(chal_len, outp);            /* put length of challenge */
698 
    BCOPY(cstate->challenge, outp, chal_len);
699 
    INCPTR(chal_len, outp);
700 
 
701 
    BCOPY(cstate->chal_name, outp, name_len);   /* append hostname */
702 
 
703 
    output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
704 
 
705 
    CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.", cstate->chal_id));
706 
 
707 
    TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime);
708 
    ++cstate->chal_transmits;
709 
}
710 
 
711 
 
712 
/*
713 
 * ChapSendStatus - Send a status response (ack or nak).
714 
 */
715 
static void
716 
ChapSendStatus(cstate, code)
717 
    chap_state *cstate;
718 
    int code;
719 
{
720 
    u_char *outp;
721 
    int outlen, msglen;
722 
    char msg[256];
723 
 
724 
    if (code == CHAP_SUCCESS)
725 
        sprintf(msg, "Welcome to %s.", hostname);
726 
    else
727 
        sprintf(msg, "I don't like you.  Go 'way.");
728 
    msglen = strlen(msg);
729 
 
730 
    outlen = CHAP_HEADERLEN + msglen;
731 
    outp = outpacket_buf;
732 
 
733 
    MAKEHEADER(outp, PPP_CHAP); /* paste in a header */
734 
 
735 
    PUTCHAR(code, outp);
736 
    PUTCHAR(cstate->chal_id, outp);
737 
    PUTSHORT(outlen, outp);
738 
    BCOPY(msg, outp, msglen);
739 
    output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
740 
 
741 
    CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.", code,
742 
               cstate->chal_id));
743 
}
744 
 
745 
/*
746 
 * ChapGenChallenge is used to generate a pseudo-random challenge string of
747 
 * a pseudo-random length between min_len and max_len.  The challenge
748 
 * string and its length are stored in *cstate, and various other fields of
749 
 * *cstate are initialized.
750 
 */
751 
 
752 
static void
753 
ChapGenChallenge(cstate)
754 
    chap_state *cstate;
755 
{
756 
    int chal_len;
757 
    u_char *ptr = cstate->challenge;
758 
    unsigned int i;
759 
 
760 
    /* pick a random challenge length between MIN_CHALLENGE_LENGTH and
761 
       MAX_CHALLENGE_LENGTH */
762 
    chal_len =  (unsigned) ((drand48() *
763 
                             (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) +
764 
                            MIN_CHALLENGE_LENGTH);
765 
    cstate->chal_len = chal_len;
766 
    cstate->chal_id = ++cstate->id;
767 
    cstate->chal_transmits = 0;
768 
 
769 
    /* generate a random string */
770 
    for (i = 0; i < chal_len; i++ )
771 
        *ptr++ = (char) (drand48() * 0xff);
772 
}
773 
 
774 
/*
775 
 * ChapSendResponse - send a response packet with values as specified
776 
 * in *cstate.
777 
 */
778 
/* ARGSUSED */
779 
static void
780 
ChapSendResponse(cstate)
781 
    chap_state *cstate;
782 
{
783 
    u_char *outp;
784 
    int outlen, md_len, name_len;
785 
 
786 
    md_len = cstate->resp_length;
787 
    name_len = strlen(cstate->resp_name);
788 
    outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len;
789 
    outp = outpacket_buf;
790 
 
791 
    MAKEHEADER(outp, PPP_CHAP);
792 
 
793 
    PUTCHAR(CHAP_RESPONSE, outp);       /* we are a response */
794 
    PUTCHAR(cstate->resp_id, outp);     /* copy id from challenge packet */
795 
    PUTSHORT(outlen, outp);             /* packet length */
796 
 
797 
    PUTCHAR(md_len, outp);              /* length of MD */
798 
    BCOPY(cstate->response, outp, md_len);      /* copy MD to buffer */
799 
    INCPTR(md_len, outp);
800 
 
801 
    BCOPY(cstate->resp_name, outp, name_len); /* append our name */
802 
 
803 
    /* send the packet */
804 
    output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
805 
 
806 
    cstate->clientstate = CHAPCS_RESPONSE;
807 
    TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime);
808 
    ++cstate->resp_transmits;
809 
}
810 
 
811 
/*
812 
 * ChapPrintPkt - print the contents of a CHAP packet.
813 
 */
814 
static char *ChapCodenames[] = {
815 
    "Challenge", "Response", "Success", "Failure"
816 
};
817 
 
818 
static int
819 
ChapPrintPkt(p, plen, printer, arg)
820 
    u_char *p;
821 
    int plen;
822 
    void (*printer) __P((void *, char *, ...));
823 
    void *arg;
824 
{
825 
    int code, id, len;
826 
    int clen, nlen;
827 
    u_char x;
828 
    if (plen < CHAP_HEADERLEN)
829 
        return 0;
830 
    GETCHAR(code, p);
831 
    GETCHAR(id, p);
832 
    GETSHORT(len, p);
833 
    if (len < CHAP_HEADERLEN || len > plen)
834 
        return 0;
835 
 
836 
    if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *))
837 
        printer(arg, " %s", ChapCodenames[code-1]);
838 
    else
839 
        printer(arg, " code=0x%x", code);
840 
    printer(arg, " id=0x%x", id);
841 
    len -= CHAP_HEADERLEN;
842 
    switch (code) {
843 
    case CHAP_CHALLENGE:
844 
    case CHAP_RESPONSE:
845 
        if (len < 1)
846 
            break;
847 
        clen = p[0];
848 
        if (len < clen + 1)
849 
            break;
850 
        ++p;
851 
        nlen = len - clen - 1;
852 
        printer(arg, " <");
853 
        for (; clen > 0; --clen) {
854 
            GETCHAR(x, p);
855 
            printer(arg, "%.2x", x);
856 
        }
857 
        printer(arg, ">, name = ");
858 
        print_string((char *)p, nlen, printer, arg);
859 
        break;
860 
    case CHAP_FAILURE:
861 
    case CHAP_SUCCESS:
862 
        printer(arg, " ");
863 
        print_string((char *)p, len, printer, arg);
864 
        break;
865 
    default:
866 
        for (clen = len; clen > 0; --clen) {
867 
            GETCHAR(x, p);
868 
            printer(arg, " %.2x", x);
869 
        }
870 
    }
871 
    return len + CHAP_HEADERLEN;
872 
}

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.