[d0950ad] | 1 | /* |
---|
| 2 | * chap.c - Challenge Handshake Authentication Protocol. |
---|
| 3 | * |
---|
| 4 | * Copyright (c) 1993 The Australian National University. |
---|
| 5 | * All rights reserved. |
---|
| 6 | * |
---|
| 7 | * Redistribution and use in source and binary forms are permitted |
---|
| 8 | * provided that the above copyright notice and this paragraph are |
---|
| 9 | * duplicated in all such forms and that any documentation, |
---|
| 10 | * advertising materials, and other materials related to such |
---|
| 11 | * distribution and use acknowledge that the software was developed |
---|
| 12 | * by the Australian National University. The name of the University |
---|
| 13 | * may not be used to endorse or promote products derived from this |
---|
| 14 | * software without specific prior written permission. |
---|
| 15 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
---|
| 16 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
---|
| 17 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
---|
| 18 | * |
---|
| 19 | * Copyright (c) 1991 Gregory M. Christy. |
---|
| 20 | * All rights reserved. |
---|
| 21 | * |
---|
| 22 | * Redistribution and use in source and binary forms are permitted |
---|
| 23 | * provided that the above copyright notice and this paragraph are |
---|
| 24 | * duplicated in all such forms and that any documentation, |
---|
| 25 | * advertising materials, and other materials related to such |
---|
| 26 | * distribution and use acknowledge that the software was developed |
---|
| 27 | * by Gregory M. Christy. The name of the author may not be used to |
---|
| 28 | * endorse or promote products derived from this software without |
---|
| 29 | * specific prior written permission. |
---|
| 30 | * |
---|
| 31 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
---|
| 32 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
---|
| 33 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
---|
| 34 | */ |
---|
| 35 | |
---|
| 36 | #ifndef lint |
---|
| 37 | /* static char rcsid[] = "$Id$"; */ |
---|
| 38 | #endif |
---|
| 39 | |
---|
| 40 | /* |
---|
| 41 | * TODO: |
---|
| 42 | */ |
---|
| 43 | |
---|
| 44 | #include <stdio.h> |
---|
| 45 | #include <string.h> |
---|
| 46 | #include <sys/types.h> |
---|
| 47 | #include <sys/time.h> |
---|
| 48 | #include <syslog.h> |
---|
| 49 | |
---|
| 50 | #include "pppd.h" |
---|
| 51 | #include "chap.h" |
---|
| 52 | #include "md5.h" |
---|
| 53 | #ifdef CHAPMS |
---|
| 54 | #include "chap_ms.h" |
---|
| 55 | #endif |
---|
| 56 | |
---|
| 57 | /* |
---|
| 58 | * Protocol entry points. |
---|
| 59 | */ |
---|
| 60 | static void ChapInit __P((int)); |
---|
| 61 | static void ChapLowerUp __P((int)); |
---|
| 62 | static void ChapLowerDown __P((int)); |
---|
| 63 | static void ChapInput __P((int, u_char *, int)); |
---|
| 64 | static void ChapProtocolReject __P((int)); |
---|
| 65 | static int ChapPrintPkt __P((u_char *, int, |
---|
| 66 | void (*) __P((void *, char *, ...)), void *)); |
---|
| 67 | |
---|
| 68 | struct protent chap_protent = { |
---|
| 69 | PPP_CHAP, |
---|
| 70 | ChapInit, |
---|
| 71 | ChapInput, |
---|
| 72 | ChapProtocolReject, |
---|
| 73 | ChapLowerUp, |
---|
| 74 | ChapLowerDown, |
---|
| 75 | NULL, |
---|
| 76 | NULL, |
---|
| 77 | ChapPrintPkt, |
---|
| 78 | NULL, |
---|
| 79 | 1, |
---|
| 80 | "CHAP", |
---|
| 81 | NULL, |
---|
| 82 | NULL, |
---|
| 83 | NULL |
---|
| 84 | }; |
---|
| 85 | |
---|
| 86 | chap_state chap[NUM_PPP]; /* CHAP state; one for each unit */ |
---|
| 87 | |
---|
| 88 | static void ChapChallengeTimeout __P((void *)); |
---|
| 89 | static void ChapResponseTimeout __P((void *)); |
---|
| 90 | static void ChapReceiveChallenge __P((chap_state *, u_char *, int, int)); |
---|
| 91 | static void ChapRechallenge __P((void *)); |
---|
| 92 | static void ChapReceiveResponse __P((chap_state *, u_char *, int, int)); |
---|
| 93 | static void ChapReceiveSuccess __P((chap_state *, u_char *, int, int)); |
---|
| 94 | static void ChapReceiveFailure __P((chap_state *, u_char *, int, int)); |
---|
| 95 | static void ChapSendStatus __P((chap_state *, int)); |
---|
| 96 | static void ChapSendChallenge __P((chap_state *)); |
---|
| 97 | static void ChapSendResponse __P((chap_state *)); |
---|
| 98 | static void ChapGenChallenge __P((chap_state *)); |
---|
| 99 | /* #include <stdlib.h> */ |
---|
| 100 | |
---|
| 101 | extern double drand48 __P((void)); |
---|
| 102 | /*{ |
---|
| 103 | return (((double)rand())/RAND_MAX); |
---|
| 104 | } |
---|
| 105 | */ |
---|
| 106 | extern void srand48 __P((long)); |
---|
| 107 | |
---|
| 108 | /* |
---|
| 109 | * ChapInit - Initialize a CHAP unit. |
---|
| 110 | */ |
---|
| 111 | static void |
---|
| 112 | ChapInit(unit) |
---|
| 113 | int unit; |
---|
| 114 | { |
---|
| 115 | chap_state *cstate = &chap[unit]; |
---|
| 116 | |
---|
| 117 | BZERO(cstate, sizeof(*cstate)); |
---|
| 118 | cstate->unit = unit; |
---|
| 119 | cstate->clientstate = CHAPCS_INITIAL; |
---|
| 120 | cstate->serverstate = CHAPSS_INITIAL; |
---|
| 121 | cstate->timeouttime = CHAP_DEFTIMEOUT; |
---|
| 122 | cstate->max_transmits = CHAP_DEFTRANSMITS; |
---|
| 123 | /* random number generator is initialized in magic_init */ |
---|
| 124 | } |
---|
| 125 | |
---|
| 126 | |
---|
| 127 | /* |
---|
| 128 | * ChapAuthWithPeer - Authenticate us with our peer (start client). |
---|
| 129 | * |
---|
| 130 | */ |
---|
| 131 | void |
---|
| 132 | ChapAuthWithPeer(unit, our_name, digest) |
---|
| 133 | int unit; |
---|
| 134 | char *our_name; |
---|
| 135 | int digest; |
---|
| 136 | { |
---|
| 137 | chap_state *cstate = &chap[unit]; |
---|
| 138 | |
---|
| 139 | cstate->resp_name = our_name; |
---|
| 140 | cstate->resp_type = digest; |
---|
| 141 | |
---|
| 142 | if (cstate->clientstate == CHAPCS_INITIAL || |
---|
| 143 | cstate->clientstate == CHAPCS_PENDING) { |
---|
| 144 | /* lower layer isn't up - wait until later */ |
---|
| 145 | cstate->clientstate = CHAPCS_PENDING; |
---|
| 146 | return; |
---|
| 147 | } |
---|
| 148 | |
---|
| 149 | /* |
---|
| 150 | * We get here as a result of LCP coming up. |
---|
| 151 | * So even if CHAP was open before, we will |
---|
| 152 | * have to re-authenticate ourselves. |
---|
| 153 | */ |
---|
| 154 | cstate->clientstate = CHAPCS_LISTEN; |
---|
| 155 | } |
---|
| 156 | |
---|
| 157 | |
---|
| 158 | /* |
---|
| 159 | * ChapAuthPeer - Authenticate our peer (start server). |
---|
| 160 | */ |
---|
| 161 | void |
---|
| 162 | ChapAuthPeer(unit, our_name, digest) |
---|
| 163 | int unit; |
---|
| 164 | char *our_name; |
---|
| 165 | int digest; |
---|
| 166 | { |
---|
| 167 | chap_state *cstate = &chap[unit]; |
---|
| 168 | |
---|
| 169 | cstate->chal_name = our_name; |
---|
| 170 | cstate->chal_type = digest; |
---|
| 171 | |
---|
| 172 | if (cstate->serverstate == CHAPSS_INITIAL || |
---|
| 173 | cstate->serverstate == CHAPSS_PENDING) { |
---|
| 174 | /* lower layer isn't up - wait until later */ |
---|
| 175 | cstate->serverstate = CHAPSS_PENDING; |
---|
| 176 | return; |
---|
| 177 | } |
---|
| 178 | |
---|
| 179 | ChapGenChallenge(cstate); |
---|
| 180 | ChapSendChallenge(cstate); /* crank it up dude! */ |
---|
| 181 | cstate->serverstate = CHAPSS_INITIAL_CHAL; |
---|
| 182 | } |
---|
| 183 | |
---|
| 184 | |
---|
| 185 | /* |
---|
| 186 | * ChapChallengeTimeout - Timeout expired on sending challenge. |
---|
| 187 | */ |
---|
| 188 | static void |
---|
| 189 | ChapChallengeTimeout(arg) |
---|
| 190 | void *arg; |
---|
| 191 | { |
---|
| 192 | chap_state *cstate = (chap_state *) arg; |
---|
| 193 | |
---|
| 194 | /* if we aren't sending challenges, don't worry. then again we */ |
---|
| 195 | /* probably shouldn't be here either */ |
---|
| 196 | if (cstate->serverstate != CHAPSS_INITIAL_CHAL && |
---|
| 197 | cstate->serverstate != CHAPSS_RECHALLENGE) |
---|
| 198 | return; |
---|
| 199 | |
---|
| 200 | if (cstate->chal_transmits >= cstate->max_transmits) { |
---|
| 201 | /* give up on peer */ |
---|
| 202 | syslog(LOG_ERR, "Peer failed to respond to CHAP challenge"); |
---|
| 203 | cstate->serverstate = CHAPSS_BADAUTH; |
---|
| 204 | auth_peer_fail(cstate->unit, PPP_CHAP); |
---|
| 205 | return; |
---|
| 206 | } |
---|
| 207 | |
---|
| 208 | ChapSendChallenge(cstate); /* Re-send challenge */ |
---|
| 209 | } |
---|
| 210 | |
---|
| 211 | |
---|
| 212 | /* |
---|
| 213 | * ChapResponseTimeout - Timeout expired on sending response. |
---|
| 214 | */ |
---|
| 215 | static void |
---|
| 216 | ChapResponseTimeout(arg) |
---|
| 217 | void *arg; |
---|
| 218 | { |
---|
| 219 | chap_state *cstate = (chap_state *) arg; |
---|
| 220 | |
---|
| 221 | /* if we aren't sending a response, don't worry. */ |
---|
| 222 | if (cstate->clientstate != CHAPCS_RESPONSE) |
---|
| 223 | return; |
---|
| 224 | |
---|
| 225 | ChapSendResponse(cstate); /* re-send response */ |
---|
| 226 | } |
---|
| 227 | |
---|
| 228 | |
---|
| 229 | /* |
---|
| 230 | * ChapRechallenge - Time to challenge the peer again. |
---|
| 231 | */ |
---|
| 232 | static void |
---|
| 233 | ChapRechallenge(arg) |
---|
| 234 | void *arg; |
---|
| 235 | { |
---|
| 236 | chap_state *cstate = (chap_state *) arg; |
---|
| 237 | |
---|
| 238 | /* if we aren't sending a response, don't worry. */ |
---|
| 239 | if (cstate->serverstate != CHAPSS_OPEN) |
---|
| 240 | return; |
---|
| 241 | |
---|
| 242 | ChapGenChallenge(cstate); |
---|
| 243 | ChapSendChallenge(cstate); |
---|
| 244 | cstate->serverstate = CHAPSS_RECHALLENGE; |
---|
| 245 | } |
---|
| 246 | |
---|
| 247 | |
---|
| 248 | /* |
---|
| 249 | * ChapLowerUp - The lower layer is up. |
---|
| 250 | * |
---|
| 251 | * Start up if we have pending requests. |
---|
| 252 | */ |
---|
| 253 | static void |
---|
| 254 | ChapLowerUp(unit) |
---|
| 255 | int unit; |
---|
| 256 | { |
---|
| 257 | chap_state *cstate = &chap[unit]; |
---|
| 258 | |
---|
| 259 | if (cstate->clientstate == CHAPCS_INITIAL) |
---|
| 260 | cstate->clientstate = CHAPCS_CLOSED; |
---|
| 261 | else if (cstate->clientstate == CHAPCS_PENDING) |
---|
| 262 | cstate->clientstate = CHAPCS_LISTEN; |
---|
| 263 | |
---|
| 264 | if (cstate->serverstate == CHAPSS_INITIAL) |
---|
| 265 | cstate->serverstate = CHAPSS_CLOSED; |
---|
| 266 | else if (cstate->serverstate == CHAPSS_PENDING) { |
---|
| 267 | ChapGenChallenge(cstate); |
---|
| 268 | ChapSendChallenge(cstate); |
---|
| 269 | cstate->serverstate = CHAPSS_INITIAL_CHAL; |
---|
| 270 | } |
---|
| 271 | } |
---|
| 272 | |
---|
| 273 | |
---|
| 274 | /* |
---|
| 275 | * ChapLowerDown - The lower layer is down. |
---|
| 276 | * |
---|
| 277 | * Cancel all timeouts. |
---|
| 278 | */ |
---|
| 279 | static void |
---|
| 280 | ChapLowerDown(unit) |
---|
| 281 | int unit; |
---|
| 282 | { |
---|
| 283 | chap_state *cstate = &chap[unit]; |
---|
| 284 | |
---|
| 285 | /* Timeout(s) pending? Cancel if so. */ |
---|
| 286 | if (cstate->serverstate == CHAPSS_INITIAL_CHAL || |
---|
| 287 | cstate->serverstate == CHAPSS_RECHALLENGE) |
---|
| 288 | UNTIMEOUT(ChapChallengeTimeout, cstate); |
---|
| 289 | else if (cstate->serverstate == CHAPSS_OPEN |
---|
| 290 | && cstate->chal_interval != 0) |
---|
| 291 | UNTIMEOUT(ChapRechallenge, cstate); |
---|
| 292 | if (cstate->clientstate == CHAPCS_RESPONSE) |
---|
| 293 | UNTIMEOUT(ChapResponseTimeout, cstate); |
---|
| 294 | |
---|
| 295 | cstate->clientstate = CHAPCS_INITIAL; |
---|
| 296 | cstate->serverstate = CHAPSS_INITIAL; |
---|
| 297 | } |
---|
| 298 | |
---|
| 299 | |
---|
| 300 | /* |
---|
| 301 | * ChapProtocolReject - Peer doesn't grok CHAP. |
---|
| 302 | */ |
---|
| 303 | static void |
---|
| 304 | ChapProtocolReject(unit) |
---|
| 305 | int unit; |
---|
| 306 | { |
---|
| 307 | chap_state *cstate = &chap[unit]; |
---|
| 308 | |
---|
| 309 | if (cstate->serverstate != CHAPSS_INITIAL && |
---|
| 310 | cstate->serverstate != CHAPSS_CLOSED) |
---|
| 311 | auth_peer_fail(unit, PPP_CHAP); |
---|
| 312 | if (cstate->clientstate != CHAPCS_INITIAL && |
---|
| 313 | cstate->clientstate != CHAPCS_CLOSED) |
---|
| 314 | auth_withpeer_fail(unit, PPP_CHAP); |
---|
| 315 | ChapLowerDown(unit); /* shutdown chap */ |
---|
| 316 | } |
---|
| 317 | |
---|
| 318 | |
---|
| 319 | /* |
---|
| 320 | * ChapInput - Input CHAP packet. |
---|
| 321 | */ |
---|
| 322 | static void |
---|
| 323 | ChapInput(unit, inpacket, packet_len) |
---|
| 324 | int unit; |
---|
| 325 | u_char *inpacket; |
---|
| 326 | int packet_len; |
---|
| 327 | { |
---|
| 328 | chap_state *cstate = &chap[unit]; |
---|
| 329 | u_char *inp; |
---|
| 330 | u_char code, id; |
---|
| 331 | int len; |
---|
| 332 | |
---|
| 333 | /* |
---|
| 334 | * Parse header (code, id and length). |
---|
| 335 | * If packet too short, drop it. |
---|
| 336 | */ |
---|
| 337 | inp = inpacket; |
---|
| 338 | if (packet_len < CHAP_HEADERLEN) { |
---|
| 339 | CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short header.")); |
---|
| 340 | return; |
---|
| 341 | } |
---|
| 342 | GETCHAR(code, inp); |
---|
| 343 | GETCHAR(id, inp); |
---|
| 344 | GETSHORT(len, inp); |
---|
| 345 | if (len < CHAP_HEADERLEN) { |
---|
| 346 | CHAPDEBUG((LOG_INFO, "ChapInput: rcvd illegal length.")); |
---|
| 347 | return; |
---|
| 348 | } |
---|
| 349 | if (len > packet_len) { |
---|
| 350 | CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short packet.")); |
---|
| 351 | return; |
---|
| 352 | } |
---|
| 353 | len -= CHAP_HEADERLEN; |
---|
| 354 | |
---|
| 355 | /* |
---|
| 356 | * Action depends on code (as in fact it usually does :-). |
---|
| 357 | */ |
---|
| 358 | switch (code) { |
---|
| 359 | case CHAP_CHALLENGE: |
---|
| 360 | ChapReceiveChallenge(cstate, inp, id, len); |
---|
| 361 | break; |
---|
| 362 | |
---|
| 363 | case CHAP_RESPONSE: |
---|
| 364 | ChapReceiveResponse(cstate, inp, id, len); |
---|
| 365 | break; |
---|
| 366 | |
---|
| 367 | case CHAP_FAILURE: |
---|
| 368 | ChapReceiveFailure(cstate, inp, id, len); |
---|
| 369 | break; |
---|
| 370 | |
---|
| 371 | case CHAP_SUCCESS: |
---|
| 372 | ChapReceiveSuccess(cstate, inp, id, len); |
---|
| 373 | break; |
---|
| 374 | |
---|
| 375 | default: /* Need code reject? */ |
---|
| 376 | syslog(LOG_WARNING, "Unknown CHAP code (%d) received.", code); |
---|
| 377 | break; |
---|
| 378 | } |
---|
| 379 | } |
---|
| 380 | |
---|
| 381 | |
---|
| 382 | /* |
---|
| 383 | * ChapReceiveChallenge - Receive Challenge and send Response. |
---|
| 384 | */ |
---|
| 385 | static void |
---|
| 386 | ChapReceiveChallenge(cstate, inp, id, len) |
---|
| 387 | chap_state *cstate; |
---|
| 388 | u_char *inp; |
---|
| 389 | int id; |
---|
| 390 | int len; |
---|
| 391 | { |
---|
| 392 | int rchallenge_len; |
---|
| 393 | u_char *rchallenge; |
---|
| 394 | int secret_len; |
---|
| 395 | char secret[MAXSECRETLEN]; |
---|
| 396 | char rhostname[256]; |
---|
| 397 | MD5_CTX mdContext; |
---|
| 398 | u_char hash[MD5_SIGNATURE_SIZE]; |
---|
| 399 | |
---|
| 400 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.", id)); |
---|
| 401 | if (cstate->clientstate == CHAPCS_CLOSED || |
---|
| 402 | cstate->clientstate == CHAPCS_PENDING) { |
---|
| 403 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: in state %d", |
---|
| 404 | cstate->clientstate)); |
---|
| 405 | return; |
---|
| 406 | } |
---|
| 407 | |
---|
| 408 | if (len < 2) { |
---|
| 409 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet.")); |
---|
| 410 | return; |
---|
| 411 | } |
---|
| 412 | |
---|
| 413 | GETCHAR(rchallenge_len, inp); |
---|
| 414 | len -= sizeof (u_char) + rchallenge_len; /* now name field length */ |
---|
| 415 | if (len < 0) { |
---|
| 416 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet.")); |
---|
| 417 | return; |
---|
| 418 | } |
---|
| 419 | rchallenge = inp; |
---|
| 420 | INCPTR(rchallenge_len, inp); |
---|
| 421 | |
---|
| 422 | if (len >= sizeof(rhostname)) |
---|
| 423 | len = sizeof(rhostname) - 1; |
---|
| 424 | BCOPY(inp, rhostname, len); |
---|
| 425 | rhostname[len] = '\000'; |
---|
| 426 | |
---|
| 427 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: received name field '%s'", |
---|
| 428 | rhostname)); |
---|
| 429 | |
---|
| 430 | /* Microsoft doesn't send their name back in the PPP packet */ |
---|
| 431 | if (remote_name[0] != 0 && (explicit_remote || rhostname[0] == 0)) { |
---|
| 432 | strncpy(rhostname, remote_name, sizeof(rhostname)); |
---|
| 433 | rhostname[sizeof(rhostname) - 1] = 0; |
---|
| 434 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: using '%s' as remote name", |
---|
| 435 | rhostname)); |
---|
| 436 | } |
---|
| 437 | |
---|
| 438 | /* get secret for authenticating ourselves with the specified host */ |
---|
| 439 | if (!get_secret(cstate->unit, cstate->resp_name, rhostname, |
---|
| 440 | secret, &secret_len, 0)) { |
---|
| 441 | secret_len = 0; /* assume null secret if can't find one */ |
---|
| 442 | syslog(LOG_WARNING, "No CHAP secret found for authenticating us to %s", |
---|
| 443 | rhostname); |
---|
| 444 | } |
---|
| 445 | |
---|
| 446 | /* cancel response send timeout if necessary */ |
---|
| 447 | if (cstate->clientstate == CHAPCS_RESPONSE) |
---|
| 448 | UNTIMEOUT(ChapResponseTimeout, cstate); |
---|
| 449 | |
---|
| 450 | cstate->resp_id = id; |
---|
| 451 | cstate->resp_transmits = 0; |
---|
| 452 | |
---|
| 453 | /* generate MD based on negotiated type */ |
---|
| 454 | switch (cstate->resp_type) { |
---|
| 455 | |
---|
| 456 | case CHAP_DIGEST_MD5: |
---|
| 457 | MD5Init(&mdContext); |
---|
| 458 | MD5Update(&mdContext, &cstate->resp_id, 1); |
---|
| 459 | MD5Update(&mdContext, secret, secret_len); |
---|
| 460 | MD5Update(&mdContext, rchallenge, rchallenge_len); |
---|
| 461 | MD5Final(hash, &mdContext); |
---|
| 462 | BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE); |
---|
| 463 | cstate->resp_length = MD5_SIGNATURE_SIZE; |
---|
| 464 | break; |
---|
| 465 | |
---|
| 466 | #ifdef CHAPMS |
---|
| 467 | case CHAP_MICROSOFT: |
---|
| 468 | ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len); |
---|
| 469 | break; |
---|
| 470 | #endif |
---|
| 471 | |
---|
| 472 | default: |
---|
| 473 | CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->resp_type)); |
---|
| 474 | return; |
---|
| 475 | } |
---|
| 476 | |
---|
| 477 | BZERO(secret, sizeof(secret)); |
---|
| 478 | ChapSendResponse(cstate); |
---|
| 479 | } |
---|
| 480 | |
---|
| 481 | |
---|
| 482 | /* |
---|
| 483 | * ChapReceiveResponse - Receive and process response. |
---|
| 484 | */ |
---|
| 485 | static void |
---|
| 486 | ChapReceiveResponse(cstate, inp, id, len) |
---|
| 487 | chap_state *cstate; |
---|
| 488 | u_char *inp; |
---|
| 489 | int id; |
---|
| 490 | int len; |
---|
| 491 | { |
---|
| 492 | u_char *remmd, remmd_len; |
---|
| 493 | int secret_len, old_state; |
---|
| 494 | int code; |
---|
| 495 | char rhostname[256]; |
---|
| 496 | MD5_CTX mdContext; |
---|
| 497 | char secret[MAXSECRETLEN]; |
---|
| 498 | u_char hash[MD5_SIGNATURE_SIZE]; |
---|
| 499 | |
---|
| 500 | CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.", id)); |
---|
| 501 | |
---|
| 502 | if (cstate->serverstate == CHAPSS_CLOSED || |
---|
| 503 | cstate->serverstate == CHAPSS_PENDING) { |
---|
| 504 | CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: in state %d", |
---|
| 505 | cstate->serverstate)); |
---|
| 506 | return; |
---|
| 507 | } |
---|
| 508 | |
---|
| 509 | if (id != cstate->chal_id) |
---|
| 510 | return; /* doesn't match ID of last challenge */ |
---|
| 511 | |
---|
| 512 | /* |
---|
| 513 | * If we have received a duplicate or bogus Response, |
---|
| 514 | * we have to send the same answer (Success/Failure) |
---|
| 515 | * as we did for the first Response we saw. |
---|
| 516 | */ |
---|
| 517 | if (cstate->serverstate == CHAPSS_OPEN) { |
---|
| 518 | ChapSendStatus(cstate, CHAP_SUCCESS); |
---|
| 519 | return; |
---|
| 520 | } |
---|
| 521 | if (cstate->serverstate == CHAPSS_BADAUTH) { |
---|
| 522 | ChapSendStatus(cstate, CHAP_FAILURE); |
---|
| 523 | return; |
---|
| 524 | } |
---|
| 525 | |
---|
| 526 | if (len < 2) { |
---|
| 527 | CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet.")); |
---|
| 528 | return; |
---|
| 529 | } |
---|
| 530 | GETCHAR(remmd_len, inp); /* get length of MD */ |
---|
| 531 | remmd = inp; /* get pointer to MD */ |
---|
| 532 | INCPTR(remmd_len, inp); |
---|
| 533 | |
---|
| 534 | len -= sizeof (u_char) + remmd_len; |
---|
| 535 | if (len < 0) { |
---|
| 536 | CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet.")); |
---|
| 537 | return; |
---|
| 538 | } |
---|
| 539 | |
---|
| 540 | UNTIMEOUT(ChapChallengeTimeout, cstate); |
---|
| 541 | |
---|
| 542 | if (len >= sizeof(rhostname)) |
---|
| 543 | len = sizeof(rhostname) - 1; |
---|
| 544 | BCOPY(inp, rhostname, len); |
---|
| 545 | rhostname[len] = '\000'; |
---|
| 546 | |
---|
| 547 | CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: received name field: %s", |
---|
| 548 | rhostname)); |
---|
| 549 | |
---|
| 550 | /* |
---|
| 551 | * Get secret for authenticating them with us, |
---|
| 552 | * do the hash ourselves, and compare the result. |
---|
| 553 | */ |
---|
| 554 | code = CHAP_FAILURE; |
---|
| 555 | if (!get_secret(cstate->unit, rhostname, cstate->chal_name, |
---|
| 556 | secret, &secret_len, 1)) { |
---|
| 557 | syslog(LOG_WARNING, "No CHAP secret found for authenticating %s", |
---|
| 558 | rhostname); |
---|
| 559 | } else { |
---|
| 560 | |
---|
| 561 | /* generate MD based on negotiated type */ |
---|
| 562 | switch (cstate->chal_type) { |
---|
| 563 | |
---|
| 564 | case CHAP_DIGEST_MD5: /* only MD5 is defined for now */ |
---|
| 565 | if (remmd_len != MD5_SIGNATURE_SIZE) |
---|
| 566 | break; /* it's not even the right length */ |
---|
| 567 | MD5Init(&mdContext); |
---|
| 568 | MD5Update(&mdContext, &cstate->chal_id, 1); |
---|
| 569 | MD5Update(&mdContext, secret, secret_len); |
---|
| 570 | MD5Update(&mdContext, cstate->challenge, cstate->chal_len); |
---|
| 571 | MD5Final(hash, &mdContext); |
---|
| 572 | |
---|
| 573 | /* compare local and remote MDs and send the appropriate status */ |
---|
| 574 | if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0) |
---|
| 575 | code = CHAP_SUCCESS; /* they are the same! */ |
---|
| 576 | break; |
---|
| 577 | |
---|
| 578 | default: |
---|
| 579 | CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->chal_type)); |
---|
| 580 | } |
---|
| 581 | } |
---|
| 582 | |
---|
| 583 | BZERO(secret, sizeof(secret)); |
---|
| 584 | ChapSendStatus(cstate, code); |
---|
| 585 | |
---|
| 586 | if (code == CHAP_SUCCESS) { |
---|
| 587 | old_state = cstate->serverstate; |
---|
| 588 | cstate->serverstate = CHAPSS_OPEN; |
---|
| 589 | if (old_state == CHAPSS_INITIAL_CHAL) { |
---|
| 590 | auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len); |
---|
| 591 | } |
---|
| 592 | if (cstate->chal_interval != 0) |
---|
| 593 | TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval); |
---|
| 594 | syslog(LOG_NOTICE, "CHAP peer authentication succeeded for %s", |
---|
| 595 | rhostname); |
---|
| 596 | |
---|
| 597 | } else { |
---|
| 598 | syslog(LOG_ERR, "CHAP peer authentication failed for remote host %s", |
---|
| 599 | rhostname); |
---|
| 600 | cstate->serverstate = CHAPSS_BADAUTH; |
---|
| 601 | auth_peer_fail(cstate->unit, PPP_CHAP); |
---|
| 602 | } |
---|
| 603 | } |
---|
| 604 | |
---|
| 605 | /* |
---|
| 606 | * ChapReceiveSuccess - Receive Success |
---|
| 607 | */ |
---|
| 608 | static void |
---|
| 609 | ChapReceiveSuccess(cstate, inp, id, len) |
---|
| 610 | chap_state *cstate; |
---|
| 611 | u_char *inp; |
---|
[5bce35b] | 612 | int id; /* was u_char id */ |
---|
[d0950ad] | 613 | int len; |
---|
| 614 | { |
---|
| 615 | |
---|
| 616 | CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: Rcvd id %d.", id)); |
---|
| 617 | |
---|
| 618 | if (cstate->clientstate == CHAPCS_OPEN) |
---|
| 619 | /* presumably an answer to a duplicate response */ |
---|
| 620 | return; |
---|
| 621 | |
---|
| 622 | if (cstate->clientstate != CHAPCS_RESPONSE) { |
---|
| 623 | /* don't know what this is */ |
---|
| 624 | CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: in state %d\n", |
---|
| 625 | cstate->clientstate)); |
---|
| 626 | return; |
---|
| 627 | } |
---|
| 628 | |
---|
| 629 | UNTIMEOUT(ChapResponseTimeout, cstate); |
---|
| 630 | |
---|
| 631 | /* |
---|
| 632 | * Print message. |
---|
| 633 | */ |
---|
| 634 | if (len > 0) |
---|
| 635 | PRINTMSG(inp, len); |
---|
| 636 | |
---|
| 637 | cstate->clientstate = CHAPCS_OPEN; |
---|
| 638 | |
---|
| 639 | auth_withpeer_success(cstate->unit, PPP_CHAP); |
---|
| 640 | } |
---|
| 641 | |
---|
| 642 | |
---|
| 643 | /* |
---|
| 644 | * ChapReceiveFailure - Receive failure. |
---|
| 645 | */ |
---|
| 646 | static void |
---|
| 647 | ChapReceiveFailure(cstate, inp, id, len) |
---|
| 648 | chap_state *cstate; |
---|
| 649 | u_char *inp; |
---|
[5bce35b] | 650 | int id; /* was u_char id; */ |
---|
[d0950ad] | 651 | int len; |
---|
| 652 | { |
---|
| 653 | CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: Rcvd id %d.", id)); |
---|
| 654 | |
---|
| 655 | if (cstate->clientstate != CHAPCS_RESPONSE) { |
---|
| 656 | /* don't know what this is */ |
---|
| 657 | CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: in state %d\n", |
---|
| 658 | cstate->clientstate)); |
---|
| 659 | return; |
---|
| 660 | } |
---|
| 661 | |
---|
| 662 | UNTIMEOUT(ChapResponseTimeout, cstate); |
---|
| 663 | |
---|
| 664 | /* |
---|
| 665 | * Print message. |
---|
| 666 | */ |
---|
| 667 | if (len > 0) |
---|
| 668 | PRINTMSG(inp, len); |
---|
| 669 | |
---|
| 670 | syslog(LOG_ERR, "CHAP authentication failed"); |
---|
| 671 | auth_withpeer_fail(cstate->unit, PPP_CHAP); |
---|
| 672 | } |
---|
| 673 | |
---|
| 674 | |
---|
| 675 | /* |
---|
| 676 | * ChapSendChallenge - Send an Authenticate challenge. |
---|
| 677 | */ |
---|
| 678 | static void |
---|
| 679 | ChapSendChallenge(cstate) |
---|
| 680 | chap_state *cstate; |
---|
| 681 | { |
---|
| 682 | u_char *outp; |
---|
| 683 | int chal_len, name_len; |
---|
| 684 | int outlen; |
---|
| 685 | |
---|
| 686 | chal_len = cstate->chal_len; |
---|
| 687 | name_len = strlen(cstate->chal_name); |
---|
| 688 | outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len; |
---|
| 689 | outp = outpacket_buf; |
---|
| 690 | |
---|
| 691 | MAKEHEADER(outp, PPP_CHAP); /* paste in a CHAP header */ |
---|
| 692 | |
---|
| 693 | PUTCHAR(CHAP_CHALLENGE, outp); |
---|
| 694 | PUTCHAR(cstate->chal_id, outp); |
---|
| 695 | PUTSHORT(outlen, outp); |
---|
| 696 | |
---|
| 697 | PUTCHAR(chal_len, outp); /* put length of challenge */ |
---|
| 698 | BCOPY(cstate->challenge, outp, chal_len); |
---|
| 699 | INCPTR(chal_len, outp); |
---|
| 700 | |
---|
| 701 | BCOPY(cstate->chal_name, outp, name_len); /* append hostname */ |
---|
| 702 | |
---|
| 703 | output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN); |
---|
| 704 | |
---|
| 705 | CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.", cstate->chal_id)); |
---|
| 706 | |
---|
| 707 | TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime); |
---|
| 708 | ++cstate->chal_transmits; |
---|
| 709 | } |
---|
| 710 | |
---|
| 711 | |
---|
| 712 | /* |
---|
| 713 | * ChapSendStatus - Send a status response (ack or nak). |
---|
| 714 | */ |
---|
| 715 | static void |
---|
| 716 | ChapSendStatus(cstate, code) |
---|
| 717 | chap_state *cstate; |
---|
| 718 | int code; |
---|
| 719 | { |
---|
| 720 | u_char *outp; |
---|
| 721 | int outlen, msglen; |
---|
| 722 | char msg[256]; |
---|
| 723 | |
---|
| 724 | if (code == CHAP_SUCCESS) |
---|
| 725 | sprintf(msg, "Welcome to %s.", hostname); |
---|
| 726 | else |
---|
| 727 | sprintf(msg, "I don't like you. Go 'way."); |
---|
| 728 | msglen = strlen(msg); |
---|
| 729 | |
---|
| 730 | outlen = CHAP_HEADERLEN + msglen; |
---|
| 731 | outp = outpacket_buf; |
---|
| 732 | |
---|
| 733 | MAKEHEADER(outp, PPP_CHAP); /* paste in a header */ |
---|
| 734 | |
---|
| 735 | PUTCHAR(code, outp); |
---|
| 736 | PUTCHAR(cstate->chal_id, outp); |
---|
| 737 | PUTSHORT(outlen, outp); |
---|
| 738 | BCOPY(msg, outp, msglen); |
---|
| 739 | output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN); |
---|
| 740 | |
---|
| 741 | CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.", code, |
---|
| 742 | cstate->chal_id)); |
---|
| 743 | } |
---|
| 744 | |
---|
| 745 | /* |
---|
| 746 | * ChapGenChallenge is used to generate a pseudo-random challenge string of |
---|
| 747 | * a pseudo-random length between min_len and max_len. The challenge |
---|
| 748 | * string and its length are stored in *cstate, and various other fields of |
---|
| 749 | * *cstate are initialized. |
---|
| 750 | */ |
---|
| 751 | |
---|
| 752 | static void |
---|
| 753 | ChapGenChallenge(cstate) |
---|
| 754 | chap_state *cstate; |
---|
| 755 | { |
---|
| 756 | int chal_len; |
---|
| 757 | u_char *ptr = cstate->challenge; |
---|
| 758 | unsigned int i; |
---|
| 759 | |
---|
| 760 | /* pick a random challenge length between MIN_CHALLENGE_LENGTH and |
---|
| 761 | MAX_CHALLENGE_LENGTH */ |
---|
| 762 | chal_len = (unsigned) ((drand48() * |
---|
| 763 | (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) + |
---|
| 764 | MIN_CHALLENGE_LENGTH); |
---|
| 765 | cstate->chal_len = chal_len; |
---|
| 766 | cstate->chal_id = ++cstate->id; |
---|
| 767 | cstate->chal_transmits = 0; |
---|
| 768 | |
---|
| 769 | /* generate a random string */ |
---|
| 770 | for (i = 0; i < chal_len; i++ ) |
---|
| 771 | *ptr++ = (char) (drand48() * 0xff); |
---|
| 772 | } |
---|
| 773 | |
---|
| 774 | /* |
---|
| 775 | * ChapSendResponse - send a response packet with values as specified |
---|
| 776 | * in *cstate. |
---|
| 777 | */ |
---|
| 778 | /* ARGSUSED */ |
---|
| 779 | static void |
---|
| 780 | ChapSendResponse(cstate) |
---|
| 781 | chap_state *cstate; |
---|
| 782 | { |
---|
| 783 | u_char *outp; |
---|
| 784 | int outlen, md_len, name_len; |
---|
| 785 | |
---|
| 786 | md_len = cstate->resp_length; |
---|
| 787 | name_len = strlen(cstate->resp_name); |
---|
| 788 | outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len; |
---|
| 789 | outp = outpacket_buf; |
---|
| 790 | |
---|
| 791 | MAKEHEADER(outp, PPP_CHAP); |
---|
| 792 | |
---|
| 793 | PUTCHAR(CHAP_RESPONSE, outp); /* we are a response */ |
---|
| 794 | PUTCHAR(cstate->resp_id, outp); /* copy id from challenge packet */ |
---|
| 795 | PUTSHORT(outlen, outp); /* packet length */ |
---|
| 796 | |
---|
| 797 | PUTCHAR(md_len, outp); /* length of MD */ |
---|
| 798 | BCOPY(cstate->response, outp, md_len); /* copy MD to buffer */ |
---|
| 799 | INCPTR(md_len, outp); |
---|
| 800 | |
---|
| 801 | BCOPY(cstate->resp_name, outp, name_len); /* append our name */ |
---|
| 802 | |
---|
| 803 | /* send the packet */ |
---|
| 804 | output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN); |
---|
| 805 | |
---|
| 806 | cstate->clientstate = CHAPCS_RESPONSE; |
---|
| 807 | TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime); |
---|
| 808 | ++cstate->resp_transmits; |
---|
| 809 | } |
---|
| 810 | |
---|
| 811 | /* |
---|
| 812 | * ChapPrintPkt - print the contents of a CHAP packet. |
---|
| 813 | */ |
---|
| 814 | static char *ChapCodenames[] = { |
---|
| 815 | "Challenge", "Response", "Success", "Failure" |
---|
| 816 | }; |
---|
| 817 | |
---|
| 818 | static int |
---|
| 819 | ChapPrintPkt(p, plen, printer, arg) |
---|
| 820 | u_char *p; |
---|
| 821 | int plen; |
---|
| 822 | void (*printer) __P((void *, char *, ...)); |
---|
| 823 | void *arg; |
---|
| 824 | { |
---|
| 825 | int code, id, len; |
---|
| 826 | int clen, nlen; |
---|
| 827 | u_char x; |
---|
| 828 | if (plen < CHAP_HEADERLEN) |
---|
| 829 | return 0; |
---|
| 830 | GETCHAR(code, p); |
---|
| 831 | GETCHAR(id, p); |
---|
| 832 | GETSHORT(len, p); |
---|
| 833 | if (len < CHAP_HEADERLEN || len > plen) |
---|
| 834 | return 0; |
---|
| 835 | |
---|
| 836 | if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *)) |
---|
| 837 | printer(arg, " %s", ChapCodenames[code-1]); |
---|
| 838 | else |
---|
| 839 | printer(arg, " code=0x%x", code); |
---|
| 840 | printer(arg, " id=0x%x", id); |
---|
| 841 | len -= CHAP_HEADERLEN; |
---|
| 842 | switch (code) { |
---|
| 843 | case CHAP_CHALLENGE: |
---|
| 844 | case CHAP_RESPONSE: |
---|
| 845 | if (len < 1) |
---|
| 846 | break; |
---|
| 847 | clen = p[0]; |
---|
| 848 | if (len < clen + 1) |
---|
| 849 | break; |
---|
| 850 | ++p; |
---|
| 851 | nlen = len - clen - 1; |
---|
| 852 | printer(arg, " <"); |
---|
| 853 | for (; clen > 0; --clen) { |
---|
| 854 | GETCHAR(x, p); |
---|
| 855 | printer(arg, "%.2x", x); |
---|
| 856 | } |
---|
| 857 | printer(arg, ">, name = "); |
---|
| 858 | print_string((char *)p, nlen, printer, arg); |
---|
| 859 | break; |
---|
| 860 | case CHAP_FAILURE: |
---|
| 861 | case CHAP_SUCCESS: |
---|
| 862 | printer(arg, " "); |
---|
| 863 | print_string((char *)p, len, printer, arg); |
---|
| 864 | break; |
---|
| 865 | default: |
---|
| 866 | for (clen = len; clen > 0; --clen) { |
---|
| 867 | GETCHAR(x, p); |
---|
| 868 | printer(arg, " %.2x", x); |
---|
| 869 | } |
---|
| 870 | } |
---|
| 871 | return len + CHAP_HEADERLEN; |
---|
| 872 | } |
---|