1 | /* |
---|
2 | * chap.c - Challenge Handshake Authentication Protocol. |
---|
3 | * |
---|
4 | * Copyright (c) 1993 The Australian National University. |
---|
5 | * All rights reserved. |
---|
6 | * |
---|
7 | * Redistribution and use in source and binary forms are permitted |
---|
8 | * provided that the above copyright notice and this paragraph are |
---|
9 | * duplicated in all such forms and that any documentation, |
---|
10 | * advertising materials, and other materials related to such |
---|
11 | * distribution and use acknowledge that the software was developed |
---|
12 | * by the Australian National University. The name of the University |
---|
13 | * may not be used to endorse or promote products derived from this |
---|
14 | * software without specific prior written permission. |
---|
15 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
---|
16 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
---|
17 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
---|
18 | * |
---|
19 | * Copyright (c) 1991 Gregory M. Christy. |
---|
20 | * All rights reserved. |
---|
21 | * |
---|
22 | * Redistribution and use in source and binary forms are permitted |
---|
23 | * provided that the above copyright notice and this paragraph are |
---|
24 | * duplicated in all such forms and that any documentation, |
---|
25 | * advertising materials, and other materials related to such |
---|
26 | * distribution and use acknowledge that the software was developed |
---|
27 | * by Gregory M. Christy. The name of the author may not be used to |
---|
28 | * endorse or promote products derived from this software without |
---|
29 | * specific prior written permission. |
---|
30 | * |
---|
31 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
---|
32 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
---|
33 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
---|
34 | */ |
---|
35 | |
---|
36 | #ifndef lint |
---|
37 | /* static char rcsid[] = "$Id$"; */ |
---|
38 | #endif |
---|
39 | |
---|
40 | /* |
---|
41 | * TODO: |
---|
42 | */ |
---|
43 | |
---|
44 | #include <stdio.h> |
---|
45 | #include <string.h> |
---|
46 | #include <sys/types.h> |
---|
47 | #include <sys/time.h> |
---|
48 | #include <syslog.h> |
---|
49 | |
---|
50 | #include "pppd.h" |
---|
51 | #include "chap.h" |
---|
52 | #include "md5.h" |
---|
53 | #ifdef CHAPMS |
---|
54 | #include "chap_ms.h" |
---|
55 | #endif |
---|
56 | |
---|
57 | /* |
---|
58 | * Protocol entry points. |
---|
59 | */ |
---|
60 | static void ChapInit __P((int)); |
---|
61 | static void ChapLowerUp __P((int)); |
---|
62 | static void ChapLowerDown __P((int)); |
---|
63 | static void ChapInput __P((int, u_char *, int)); |
---|
64 | static void ChapProtocolReject __P((int)); |
---|
65 | static int ChapPrintPkt __P((u_char *, int, |
---|
66 | void (*) __P((void *, char *, ...)), void *)); |
---|
67 | |
---|
68 | struct protent chap_protent = { |
---|
69 | PPP_CHAP, |
---|
70 | ChapInit, |
---|
71 | ChapInput, |
---|
72 | ChapProtocolReject, |
---|
73 | ChapLowerUp, |
---|
74 | ChapLowerDown, |
---|
75 | NULL, |
---|
76 | NULL, |
---|
77 | ChapPrintPkt, |
---|
78 | NULL, |
---|
79 | 1, |
---|
80 | "CHAP", |
---|
81 | NULL, |
---|
82 | NULL, |
---|
83 | NULL |
---|
84 | }; |
---|
85 | |
---|
86 | chap_state chap[NUM_PPP]; /* CHAP state; one for each unit */ |
---|
87 | |
---|
88 | static void ChapChallengeTimeout __P((void *)); |
---|
89 | static void ChapResponseTimeout __P((void *)); |
---|
90 | static void ChapReceiveChallenge __P((chap_state *, u_char *, int, int)); |
---|
91 | static void ChapRechallenge __P((void *)); |
---|
92 | static void ChapReceiveResponse __P((chap_state *, u_char *, int, int)); |
---|
93 | static void ChapReceiveSuccess __P((chap_state *, u_char *, int, int)); |
---|
94 | static void ChapReceiveFailure __P((chap_state *, u_char *, int, int)); |
---|
95 | static void ChapSendStatus __P((chap_state *, int)); |
---|
96 | static void ChapSendChallenge __P((chap_state *)); |
---|
97 | static void ChapSendResponse __P((chap_state *)); |
---|
98 | static void ChapGenChallenge __P((chap_state *)); |
---|
99 | /* #include <stdlib.h> */ |
---|
100 | |
---|
101 | extern double drand48 __P((void)); |
---|
102 | /*{ |
---|
103 | return (((double)rand())/RAND_MAX); |
---|
104 | } |
---|
105 | */ |
---|
106 | extern void srand48 __P((long)); |
---|
107 | |
---|
108 | /* |
---|
109 | * ChapInit - Initialize a CHAP unit. |
---|
110 | */ |
---|
111 | static void |
---|
112 | ChapInit(unit) |
---|
113 | int unit; |
---|
114 | { |
---|
115 | chap_state *cstate = &chap[unit]; |
---|
116 | |
---|
117 | BZERO(cstate, sizeof(*cstate)); |
---|
118 | cstate->unit = unit; |
---|
119 | cstate->clientstate = CHAPCS_INITIAL; |
---|
120 | cstate->serverstate = CHAPSS_INITIAL; |
---|
121 | cstate->timeouttime = CHAP_DEFTIMEOUT; |
---|
122 | cstate->max_transmits = CHAP_DEFTRANSMITS; |
---|
123 | /* random number generator is initialized in magic_init */ |
---|
124 | } |
---|
125 | |
---|
126 | |
---|
127 | /* |
---|
128 | * ChapAuthWithPeer - Authenticate us with our peer (start client). |
---|
129 | * |
---|
130 | */ |
---|
131 | void |
---|
132 | ChapAuthWithPeer(unit, our_name, digest) |
---|
133 | int unit; |
---|
134 | char *our_name; |
---|
135 | int digest; |
---|
136 | { |
---|
137 | chap_state *cstate = &chap[unit]; |
---|
138 | |
---|
139 | cstate->resp_name = our_name; |
---|
140 | cstate->resp_type = digest; |
---|
141 | |
---|
142 | if (cstate->clientstate == CHAPCS_INITIAL || |
---|
143 | cstate->clientstate == CHAPCS_PENDING) { |
---|
144 | /* lower layer isn't up - wait until later */ |
---|
145 | cstate->clientstate = CHAPCS_PENDING; |
---|
146 | return; |
---|
147 | } |
---|
148 | |
---|
149 | /* |
---|
150 | * We get here as a result of LCP coming up. |
---|
151 | * So even if CHAP was open before, we will |
---|
152 | * have to re-authenticate ourselves. |
---|
153 | */ |
---|
154 | cstate->clientstate = CHAPCS_LISTEN; |
---|
155 | } |
---|
156 | |
---|
157 | |
---|
158 | /* |
---|
159 | * ChapAuthPeer - Authenticate our peer (start server). |
---|
160 | */ |
---|
161 | void |
---|
162 | ChapAuthPeer(unit, our_name, digest) |
---|
163 | int unit; |
---|
164 | char *our_name; |
---|
165 | int digest; |
---|
166 | { |
---|
167 | chap_state *cstate = &chap[unit]; |
---|
168 | |
---|
169 | cstate->chal_name = our_name; |
---|
170 | cstate->chal_type = digest; |
---|
171 | |
---|
172 | if (cstate->serverstate == CHAPSS_INITIAL || |
---|
173 | cstate->serverstate == CHAPSS_PENDING) { |
---|
174 | /* lower layer isn't up - wait until later */ |
---|
175 | cstate->serverstate = CHAPSS_PENDING; |
---|
176 | return; |
---|
177 | } |
---|
178 | |
---|
179 | ChapGenChallenge(cstate); |
---|
180 | ChapSendChallenge(cstate); /* crank it up dude! */ |
---|
181 | cstate->serverstate = CHAPSS_INITIAL_CHAL; |
---|
182 | } |
---|
183 | |
---|
184 | |
---|
185 | /* |
---|
186 | * ChapChallengeTimeout - Timeout expired on sending challenge. |
---|
187 | */ |
---|
188 | static void |
---|
189 | ChapChallengeTimeout(arg) |
---|
190 | void *arg; |
---|
191 | { |
---|
192 | chap_state *cstate = (chap_state *) arg; |
---|
193 | |
---|
194 | /* if we aren't sending challenges, don't worry. then again we */ |
---|
195 | /* probably shouldn't be here either */ |
---|
196 | if (cstate->serverstate != CHAPSS_INITIAL_CHAL && |
---|
197 | cstate->serverstate != CHAPSS_RECHALLENGE) |
---|
198 | return; |
---|
199 | |
---|
200 | if (cstate->chal_transmits >= cstate->max_transmits) { |
---|
201 | /* give up on peer */ |
---|
202 | syslog(LOG_ERR, "Peer failed to respond to CHAP challenge"); |
---|
203 | cstate->serverstate = CHAPSS_BADAUTH; |
---|
204 | auth_peer_fail(cstate->unit, PPP_CHAP); |
---|
205 | return; |
---|
206 | } |
---|
207 | |
---|
208 | ChapSendChallenge(cstate); /* Re-send challenge */ |
---|
209 | } |
---|
210 | |
---|
211 | |
---|
212 | /* |
---|
213 | * ChapResponseTimeout - Timeout expired on sending response. |
---|
214 | */ |
---|
215 | static void |
---|
216 | ChapResponseTimeout(arg) |
---|
217 | void *arg; |
---|
218 | { |
---|
219 | chap_state *cstate = (chap_state *) arg; |
---|
220 | |
---|
221 | /* if we aren't sending a response, don't worry. */ |
---|
222 | if (cstate->clientstate != CHAPCS_RESPONSE) |
---|
223 | return; |
---|
224 | |
---|
225 | ChapSendResponse(cstate); /* re-send response */ |
---|
226 | } |
---|
227 | |
---|
228 | |
---|
229 | /* |
---|
230 | * ChapRechallenge - Time to challenge the peer again. |
---|
231 | */ |
---|
232 | static void |
---|
233 | ChapRechallenge(arg) |
---|
234 | void *arg; |
---|
235 | { |
---|
236 | chap_state *cstate = (chap_state *) arg; |
---|
237 | |
---|
238 | /* if we aren't sending a response, don't worry. */ |
---|
239 | if (cstate->serverstate != CHAPSS_OPEN) |
---|
240 | return; |
---|
241 | |
---|
242 | ChapGenChallenge(cstate); |
---|
243 | ChapSendChallenge(cstate); |
---|
244 | cstate->serverstate = CHAPSS_RECHALLENGE; |
---|
245 | } |
---|
246 | |
---|
247 | |
---|
248 | /* |
---|
249 | * ChapLowerUp - The lower layer is up. |
---|
250 | * |
---|
251 | * Start up if we have pending requests. |
---|
252 | */ |
---|
253 | static void |
---|
254 | ChapLowerUp(unit) |
---|
255 | int unit; |
---|
256 | { |
---|
257 | chap_state *cstate = &chap[unit]; |
---|
258 | |
---|
259 | if (cstate->clientstate == CHAPCS_INITIAL) |
---|
260 | cstate->clientstate = CHAPCS_CLOSED; |
---|
261 | else if (cstate->clientstate == CHAPCS_PENDING) |
---|
262 | cstate->clientstate = CHAPCS_LISTEN; |
---|
263 | |
---|
264 | if (cstate->serverstate == CHAPSS_INITIAL) |
---|
265 | cstate->serverstate = CHAPSS_CLOSED; |
---|
266 | else if (cstate->serverstate == CHAPSS_PENDING) { |
---|
267 | ChapGenChallenge(cstate); |
---|
268 | ChapSendChallenge(cstate); |
---|
269 | cstate->serverstate = CHAPSS_INITIAL_CHAL; |
---|
270 | } |
---|
271 | } |
---|
272 | |
---|
273 | |
---|
274 | /* |
---|
275 | * ChapLowerDown - The lower layer is down. |
---|
276 | * |
---|
277 | * Cancel all timeouts. |
---|
278 | */ |
---|
279 | static void |
---|
280 | ChapLowerDown(unit) |
---|
281 | int unit; |
---|
282 | { |
---|
283 | chap_state *cstate = &chap[unit]; |
---|
284 | |
---|
285 | /* Timeout(s) pending? Cancel if so. */ |
---|
286 | if (cstate->serverstate == CHAPSS_INITIAL_CHAL || |
---|
287 | cstate->serverstate == CHAPSS_RECHALLENGE) |
---|
288 | UNTIMEOUT(ChapChallengeTimeout, cstate); |
---|
289 | else if (cstate->serverstate == CHAPSS_OPEN |
---|
290 | && cstate->chal_interval != 0) |
---|
291 | UNTIMEOUT(ChapRechallenge, cstate); |
---|
292 | if (cstate->clientstate == CHAPCS_RESPONSE) |
---|
293 | UNTIMEOUT(ChapResponseTimeout, cstate); |
---|
294 | |
---|
295 | cstate->clientstate = CHAPCS_INITIAL; |
---|
296 | cstate->serverstate = CHAPSS_INITIAL; |
---|
297 | } |
---|
298 | |
---|
299 | |
---|
300 | /* |
---|
301 | * ChapProtocolReject - Peer doesn't grok CHAP. |
---|
302 | */ |
---|
303 | static void |
---|
304 | ChapProtocolReject(unit) |
---|
305 | int unit; |
---|
306 | { |
---|
307 | chap_state *cstate = &chap[unit]; |
---|
308 | |
---|
309 | if (cstate->serverstate != CHAPSS_INITIAL && |
---|
310 | cstate->serverstate != CHAPSS_CLOSED) |
---|
311 | auth_peer_fail(unit, PPP_CHAP); |
---|
312 | if (cstate->clientstate != CHAPCS_INITIAL && |
---|
313 | cstate->clientstate != CHAPCS_CLOSED) |
---|
314 | auth_withpeer_fail(unit, PPP_CHAP); |
---|
315 | ChapLowerDown(unit); /* shutdown chap */ |
---|
316 | } |
---|
317 | |
---|
318 | |
---|
319 | /* |
---|
320 | * ChapInput - Input CHAP packet. |
---|
321 | */ |
---|
322 | static void |
---|
323 | ChapInput(unit, inpacket, packet_len) |
---|
324 | int unit; |
---|
325 | u_char *inpacket; |
---|
326 | int packet_len; |
---|
327 | { |
---|
328 | chap_state *cstate = &chap[unit]; |
---|
329 | u_char *inp; |
---|
330 | u_char code, id; |
---|
331 | int len; |
---|
332 | |
---|
333 | /* |
---|
334 | * Parse header (code, id and length). |
---|
335 | * If packet too short, drop it. |
---|
336 | */ |
---|
337 | inp = inpacket; |
---|
338 | if (packet_len < CHAP_HEADERLEN) { |
---|
339 | CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short header.")); |
---|
340 | return; |
---|
341 | } |
---|
342 | GETCHAR(code, inp); |
---|
343 | GETCHAR(id, inp); |
---|
344 | GETSHORT(len, inp); |
---|
345 | if (len < CHAP_HEADERLEN) { |
---|
346 | CHAPDEBUG((LOG_INFO, "ChapInput: rcvd illegal length.")); |
---|
347 | return; |
---|
348 | } |
---|
349 | if (len > packet_len) { |
---|
350 | CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short packet.")); |
---|
351 | return; |
---|
352 | } |
---|
353 | len -= CHAP_HEADERLEN; |
---|
354 | |
---|
355 | /* |
---|
356 | * Action depends on code (as in fact it usually does :-). |
---|
357 | */ |
---|
358 | switch (code) { |
---|
359 | case CHAP_CHALLENGE: |
---|
360 | ChapReceiveChallenge(cstate, inp, id, len); |
---|
361 | break; |
---|
362 | |
---|
363 | case CHAP_RESPONSE: |
---|
364 | ChapReceiveResponse(cstate, inp, id, len); |
---|
365 | break; |
---|
366 | |
---|
367 | case CHAP_FAILURE: |
---|
368 | ChapReceiveFailure(cstate, inp, id, len); |
---|
369 | break; |
---|
370 | |
---|
371 | case CHAP_SUCCESS: |
---|
372 | ChapReceiveSuccess(cstate, inp, id, len); |
---|
373 | break; |
---|
374 | |
---|
375 | default: /* Need code reject? */ |
---|
376 | syslog(LOG_WARNING, "Unknown CHAP code (%d) received.", code); |
---|
377 | break; |
---|
378 | } |
---|
379 | } |
---|
380 | |
---|
381 | |
---|
382 | /* |
---|
383 | * ChapReceiveChallenge - Receive Challenge and send Response. |
---|
384 | */ |
---|
385 | static void |
---|
386 | ChapReceiveChallenge(cstate, inp, id, len) |
---|
387 | chap_state *cstate; |
---|
388 | u_char *inp; |
---|
389 | int id; |
---|
390 | int len; |
---|
391 | { |
---|
392 | int rchallenge_len; |
---|
393 | u_char *rchallenge; |
---|
394 | int secret_len; |
---|
395 | char secret[MAXSECRETLEN]; |
---|
396 | char rhostname[256]; |
---|
397 | MD5_CTX mdContext; |
---|
398 | u_char hash[MD5_SIGNATURE_SIZE]; |
---|
399 | |
---|
400 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.", id)); |
---|
401 | if (cstate->clientstate == CHAPCS_CLOSED || |
---|
402 | cstate->clientstate == CHAPCS_PENDING) { |
---|
403 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: in state %d", |
---|
404 | cstate->clientstate)); |
---|
405 | return; |
---|
406 | } |
---|
407 | |
---|
408 | if (len < 2) { |
---|
409 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet.")); |
---|
410 | return; |
---|
411 | } |
---|
412 | |
---|
413 | GETCHAR(rchallenge_len, inp); |
---|
414 | len -= sizeof (u_char) + rchallenge_len; /* now name field length */ |
---|
415 | if (len < 0) { |
---|
416 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet.")); |
---|
417 | return; |
---|
418 | } |
---|
419 | rchallenge = inp; |
---|
420 | INCPTR(rchallenge_len, inp); |
---|
421 | |
---|
422 | if (len >= sizeof(rhostname)) |
---|
423 | len = sizeof(rhostname) - 1; |
---|
424 | BCOPY(inp, rhostname, len); |
---|
425 | rhostname[len] = '\000'; |
---|
426 | |
---|
427 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: received name field '%s'", |
---|
428 | rhostname)); |
---|
429 | |
---|
430 | /* Microsoft doesn't send their name back in the PPP packet */ |
---|
431 | if (remote_name[0] != 0 && (explicit_remote || rhostname[0] == 0)) { |
---|
432 | strncpy(rhostname, remote_name, sizeof(rhostname)); |
---|
433 | rhostname[sizeof(rhostname) - 1] = 0; |
---|
434 | CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: using '%s' as remote name", |
---|
435 | rhostname)); |
---|
436 | } |
---|
437 | |
---|
438 | /* get secret for authenticating ourselves with the specified host */ |
---|
439 | if (!get_secret(cstate->unit, cstate->resp_name, rhostname, |
---|
440 | secret, &secret_len, 0)) { |
---|
441 | secret_len = 0; /* assume null secret if can't find one */ |
---|
442 | syslog(LOG_WARNING, "No CHAP secret found for authenticating us to %s", |
---|
443 | rhostname); |
---|
444 | } |
---|
445 | |
---|
446 | /* cancel response send timeout if necessary */ |
---|
447 | if (cstate->clientstate == CHAPCS_RESPONSE) |
---|
448 | UNTIMEOUT(ChapResponseTimeout, cstate); |
---|
449 | |
---|
450 | cstate->resp_id = id; |
---|
451 | cstate->resp_transmits = 0; |
---|
452 | |
---|
453 | /* generate MD based on negotiated type */ |
---|
454 | switch (cstate->resp_type) { |
---|
455 | |
---|
456 | case CHAP_DIGEST_MD5: |
---|
457 | MD5Init(&mdContext); |
---|
458 | MD5Update(&mdContext, &cstate->resp_id, 1); |
---|
459 | MD5Update(&mdContext, secret, secret_len); |
---|
460 | MD5Update(&mdContext, rchallenge, rchallenge_len); |
---|
461 | MD5Final(hash, &mdContext); |
---|
462 | BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE); |
---|
463 | cstate->resp_length = MD5_SIGNATURE_SIZE; |
---|
464 | break; |
---|
465 | |
---|
466 | #ifdef CHAPMS |
---|
467 | case CHAP_MICROSOFT: |
---|
468 | ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len); |
---|
469 | break; |
---|
470 | #endif |
---|
471 | |
---|
472 | default: |
---|
473 | CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->resp_type)); |
---|
474 | return; |
---|
475 | } |
---|
476 | |
---|
477 | BZERO(secret, sizeof(secret)); |
---|
478 | ChapSendResponse(cstate); |
---|
479 | } |
---|
480 | |
---|
481 | |
---|
482 | /* |
---|
483 | * ChapReceiveResponse - Receive and process response. |
---|
484 | */ |
---|
485 | static void |
---|
486 | ChapReceiveResponse(cstate, inp, id, len) |
---|
487 | chap_state *cstate; |
---|
488 | u_char *inp; |
---|
489 | int id; |
---|
490 | int len; |
---|
491 | { |
---|
492 | u_char *remmd, remmd_len; |
---|
493 | int secret_len, old_state; |
---|
494 | int code; |
---|
495 | char rhostname[256]; |
---|
496 | MD5_CTX mdContext; |
---|
497 | char secret[MAXSECRETLEN]; |
---|
498 | u_char hash[MD5_SIGNATURE_SIZE]; |
---|
499 | |
---|
500 | CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.", id)); |
---|
501 | |
---|
502 | if (cstate->serverstate == CHAPSS_CLOSED || |
---|
503 | cstate->serverstate == CHAPSS_PENDING) { |
---|
504 | CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: in state %d", |
---|
505 | cstate->serverstate)); |
---|
506 | return; |
---|
507 | } |
---|
508 | |
---|
509 | if (id != cstate->chal_id) |
---|
510 | return; /* doesn't match ID of last challenge */ |
---|
511 | |
---|
512 | /* |
---|
513 | * If we have received a duplicate or bogus Response, |
---|
514 | * we have to send the same answer (Success/Failure) |
---|
515 | * as we did for the first Response we saw. |
---|
516 | */ |
---|
517 | if (cstate->serverstate == CHAPSS_OPEN) { |
---|
518 | ChapSendStatus(cstate, CHAP_SUCCESS); |
---|
519 | return; |
---|
520 | } |
---|
521 | if (cstate->serverstate == CHAPSS_BADAUTH) { |
---|
522 | ChapSendStatus(cstate, CHAP_FAILURE); |
---|
523 | return; |
---|
524 | } |
---|
525 | |
---|
526 | if (len < 2) { |
---|
527 | CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet.")); |
---|
528 | return; |
---|
529 | } |
---|
530 | GETCHAR(remmd_len, inp); /* get length of MD */ |
---|
531 | remmd = inp; /* get pointer to MD */ |
---|
532 | INCPTR(remmd_len, inp); |
---|
533 | |
---|
534 | len -= sizeof (u_char) + remmd_len; |
---|
535 | if (len < 0) { |
---|
536 | CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet.")); |
---|
537 | return; |
---|
538 | } |
---|
539 | |
---|
540 | UNTIMEOUT(ChapChallengeTimeout, cstate); |
---|
541 | |
---|
542 | if (len >= sizeof(rhostname)) |
---|
543 | len = sizeof(rhostname) - 1; |
---|
544 | BCOPY(inp, rhostname, len); |
---|
545 | rhostname[len] = '\000'; |
---|
546 | |
---|
547 | CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: received name field: %s", |
---|
548 | rhostname)); |
---|
549 | |
---|
550 | /* |
---|
551 | * Get secret for authenticating them with us, |
---|
552 | * do the hash ourselves, and compare the result. |
---|
553 | */ |
---|
554 | code = CHAP_FAILURE; |
---|
555 | if (!get_secret(cstate->unit, rhostname, cstate->chal_name, |
---|
556 | secret, &secret_len, 1)) { |
---|
557 | syslog(LOG_WARNING, "No CHAP secret found for authenticating %s", |
---|
558 | rhostname); |
---|
559 | } else { |
---|
560 | |
---|
561 | /* generate MD based on negotiated type */ |
---|
562 | switch (cstate->chal_type) { |
---|
563 | |
---|
564 | case CHAP_DIGEST_MD5: /* only MD5 is defined for now */ |
---|
565 | if (remmd_len != MD5_SIGNATURE_SIZE) |
---|
566 | break; /* it's not even the right length */ |
---|
567 | MD5Init(&mdContext); |
---|
568 | MD5Update(&mdContext, &cstate->chal_id, 1); |
---|
569 | MD5Update(&mdContext, secret, secret_len); |
---|
570 | MD5Update(&mdContext, cstate->challenge, cstate->chal_len); |
---|
571 | MD5Final(hash, &mdContext); |
---|
572 | |
---|
573 | /* compare local and remote MDs and send the appropriate status */ |
---|
574 | if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0) |
---|
575 | code = CHAP_SUCCESS; /* they are the same! */ |
---|
576 | break; |
---|
577 | |
---|
578 | default: |
---|
579 | CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->chal_type)); |
---|
580 | } |
---|
581 | } |
---|
582 | |
---|
583 | BZERO(secret, sizeof(secret)); |
---|
584 | ChapSendStatus(cstate, code); |
---|
585 | |
---|
586 | if (code == CHAP_SUCCESS) { |
---|
587 | old_state = cstate->serverstate; |
---|
588 | cstate->serverstate = CHAPSS_OPEN; |
---|
589 | if (old_state == CHAPSS_INITIAL_CHAL) { |
---|
590 | auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len); |
---|
591 | } |
---|
592 | if (cstate->chal_interval != 0) |
---|
593 | TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval); |
---|
594 | syslog(LOG_NOTICE, "CHAP peer authentication succeeded for %s", |
---|
595 | rhostname); |
---|
596 | |
---|
597 | } else { |
---|
598 | syslog(LOG_ERR, "CHAP peer authentication failed for remote host %s", |
---|
599 | rhostname); |
---|
600 | cstate->serverstate = CHAPSS_BADAUTH; |
---|
601 | auth_peer_fail(cstate->unit, PPP_CHAP); |
---|
602 | } |
---|
603 | } |
---|
604 | |
---|
605 | /* |
---|
606 | * ChapReceiveSuccess - Receive Success |
---|
607 | */ |
---|
608 | static void |
---|
609 | ChapReceiveSuccess(cstate, inp, id, len) |
---|
610 | chap_state *cstate; |
---|
611 | u_char *inp; |
---|
612 | u_char id; |
---|
613 | int len; |
---|
614 | { |
---|
615 | |
---|
616 | CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: Rcvd id %d.", id)); |
---|
617 | |
---|
618 | if (cstate->clientstate == CHAPCS_OPEN) |
---|
619 | /* presumably an answer to a duplicate response */ |
---|
620 | return; |
---|
621 | |
---|
622 | if (cstate->clientstate != CHAPCS_RESPONSE) { |
---|
623 | /* don't know what this is */ |
---|
624 | CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: in state %d\n", |
---|
625 | cstate->clientstate)); |
---|
626 | return; |
---|
627 | } |
---|
628 | |
---|
629 | UNTIMEOUT(ChapResponseTimeout, cstate); |
---|
630 | |
---|
631 | /* |
---|
632 | * Print message. |
---|
633 | */ |
---|
634 | if (len > 0) |
---|
635 | PRINTMSG(inp, len); |
---|
636 | |
---|
637 | cstate->clientstate = CHAPCS_OPEN; |
---|
638 | |
---|
639 | auth_withpeer_success(cstate->unit, PPP_CHAP); |
---|
640 | } |
---|
641 | |
---|
642 | |
---|
643 | /* |
---|
644 | * ChapReceiveFailure - Receive failure. |
---|
645 | */ |
---|
646 | static void |
---|
647 | ChapReceiveFailure(cstate, inp, id, len) |
---|
648 | chap_state *cstate; |
---|
649 | u_char *inp; |
---|
650 | u_char id; |
---|
651 | int len; |
---|
652 | { |
---|
653 | CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: Rcvd id %d.", id)); |
---|
654 | |
---|
655 | if (cstate->clientstate != CHAPCS_RESPONSE) { |
---|
656 | /* don't know what this is */ |
---|
657 | CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: in state %d\n", |
---|
658 | cstate->clientstate)); |
---|
659 | return; |
---|
660 | } |
---|
661 | |
---|
662 | UNTIMEOUT(ChapResponseTimeout, cstate); |
---|
663 | |
---|
664 | /* |
---|
665 | * Print message. |
---|
666 | */ |
---|
667 | if (len > 0) |
---|
668 | PRINTMSG(inp, len); |
---|
669 | |
---|
670 | syslog(LOG_ERR, "CHAP authentication failed"); |
---|
671 | auth_withpeer_fail(cstate->unit, PPP_CHAP); |
---|
672 | } |
---|
673 | |
---|
674 | |
---|
675 | /* |
---|
676 | * ChapSendChallenge - Send an Authenticate challenge. |
---|
677 | */ |
---|
678 | static void |
---|
679 | ChapSendChallenge(cstate) |
---|
680 | chap_state *cstate; |
---|
681 | { |
---|
682 | u_char *outp; |
---|
683 | int chal_len, name_len; |
---|
684 | int outlen; |
---|
685 | |
---|
686 | chal_len = cstate->chal_len; |
---|
687 | name_len = strlen(cstate->chal_name); |
---|
688 | outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len; |
---|
689 | outp = outpacket_buf; |
---|
690 | |
---|
691 | MAKEHEADER(outp, PPP_CHAP); /* paste in a CHAP header */ |
---|
692 | |
---|
693 | PUTCHAR(CHAP_CHALLENGE, outp); |
---|
694 | PUTCHAR(cstate->chal_id, outp); |
---|
695 | PUTSHORT(outlen, outp); |
---|
696 | |
---|
697 | PUTCHAR(chal_len, outp); /* put length of challenge */ |
---|
698 | BCOPY(cstate->challenge, outp, chal_len); |
---|
699 | INCPTR(chal_len, outp); |
---|
700 | |
---|
701 | BCOPY(cstate->chal_name, outp, name_len); /* append hostname */ |
---|
702 | |
---|
703 | output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN); |
---|
704 | |
---|
705 | CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.", cstate->chal_id)); |
---|
706 | |
---|
707 | TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime); |
---|
708 | ++cstate->chal_transmits; |
---|
709 | } |
---|
710 | |
---|
711 | |
---|
712 | /* |
---|
713 | * ChapSendStatus - Send a status response (ack or nak). |
---|
714 | */ |
---|
715 | static void |
---|
716 | ChapSendStatus(cstate, code) |
---|
717 | chap_state *cstate; |
---|
718 | int code; |
---|
719 | { |
---|
720 | u_char *outp; |
---|
721 | int outlen, msglen; |
---|
722 | char msg[256]; |
---|
723 | |
---|
724 | if (code == CHAP_SUCCESS) |
---|
725 | sprintf(msg, "Welcome to %s.", hostname); |
---|
726 | else |
---|
727 | sprintf(msg, "I don't like you. Go 'way."); |
---|
728 | msglen = strlen(msg); |
---|
729 | |
---|
730 | outlen = CHAP_HEADERLEN + msglen; |
---|
731 | outp = outpacket_buf; |
---|
732 | |
---|
733 | MAKEHEADER(outp, PPP_CHAP); /* paste in a header */ |
---|
734 | |
---|
735 | PUTCHAR(code, outp); |
---|
736 | PUTCHAR(cstate->chal_id, outp); |
---|
737 | PUTSHORT(outlen, outp); |
---|
738 | BCOPY(msg, outp, msglen); |
---|
739 | output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN); |
---|
740 | |
---|
741 | CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.", code, |
---|
742 | cstate->chal_id)); |
---|
743 | } |
---|
744 | |
---|
745 | /* |
---|
746 | * ChapGenChallenge is used to generate a pseudo-random challenge string of |
---|
747 | * a pseudo-random length between min_len and max_len. The challenge |
---|
748 | * string and its length are stored in *cstate, and various other fields of |
---|
749 | * *cstate are initialized. |
---|
750 | */ |
---|
751 | |
---|
752 | static void |
---|
753 | ChapGenChallenge(cstate) |
---|
754 | chap_state *cstate; |
---|
755 | { |
---|
756 | int chal_len; |
---|
757 | u_char *ptr = cstate->challenge; |
---|
758 | unsigned int i; |
---|
759 | |
---|
760 | /* pick a random challenge length between MIN_CHALLENGE_LENGTH and |
---|
761 | MAX_CHALLENGE_LENGTH */ |
---|
762 | chal_len = (unsigned) ((drand48() * |
---|
763 | (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) + |
---|
764 | MIN_CHALLENGE_LENGTH); |
---|
765 | cstate->chal_len = chal_len; |
---|
766 | cstate->chal_id = ++cstate->id; |
---|
767 | cstate->chal_transmits = 0; |
---|
768 | |
---|
769 | /* generate a random string */ |
---|
770 | for (i = 0; i < chal_len; i++ ) |
---|
771 | *ptr++ = (char) (drand48() * 0xff); |
---|
772 | } |
---|
773 | |
---|
774 | /* |
---|
775 | * ChapSendResponse - send a response packet with values as specified |
---|
776 | * in *cstate. |
---|
777 | */ |
---|
778 | /* ARGSUSED */ |
---|
779 | static void |
---|
780 | ChapSendResponse(cstate) |
---|
781 | chap_state *cstate; |
---|
782 | { |
---|
783 | u_char *outp; |
---|
784 | int outlen, md_len, name_len; |
---|
785 | |
---|
786 | md_len = cstate->resp_length; |
---|
787 | name_len = strlen(cstate->resp_name); |
---|
788 | outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len; |
---|
789 | outp = outpacket_buf; |
---|
790 | |
---|
791 | MAKEHEADER(outp, PPP_CHAP); |
---|
792 | |
---|
793 | PUTCHAR(CHAP_RESPONSE, outp); /* we are a response */ |
---|
794 | PUTCHAR(cstate->resp_id, outp); /* copy id from challenge packet */ |
---|
795 | PUTSHORT(outlen, outp); /* packet length */ |
---|
796 | |
---|
797 | PUTCHAR(md_len, outp); /* length of MD */ |
---|
798 | BCOPY(cstate->response, outp, md_len); /* copy MD to buffer */ |
---|
799 | INCPTR(md_len, outp); |
---|
800 | |
---|
801 | BCOPY(cstate->resp_name, outp, name_len); /* append our name */ |
---|
802 | |
---|
803 | /* send the packet */ |
---|
804 | output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN); |
---|
805 | |
---|
806 | cstate->clientstate = CHAPCS_RESPONSE; |
---|
807 | TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime); |
---|
808 | ++cstate->resp_transmits; |
---|
809 | } |
---|
810 | |
---|
811 | /* |
---|
812 | * ChapPrintPkt - print the contents of a CHAP packet. |
---|
813 | */ |
---|
814 | static char *ChapCodenames[] = { |
---|
815 | "Challenge", "Response", "Success", "Failure" |
---|
816 | }; |
---|
817 | |
---|
818 | static int |
---|
819 | ChapPrintPkt(p, plen, printer, arg) |
---|
820 | u_char *p; |
---|
821 | int plen; |
---|
822 | void (*printer) __P((void *, char *, ...)); |
---|
823 | void *arg; |
---|
824 | { |
---|
825 | int code, id, len; |
---|
826 | int clen, nlen; |
---|
827 | u_char x; |
---|
828 | if (plen < CHAP_HEADERLEN) |
---|
829 | return 0; |
---|
830 | GETCHAR(code, p); |
---|
831 | GETCHAR(id, p); |
---|
832 | GETSHORT(len, p); |
---|
833 | if (len < CHAP_HEADERLEN || len > plen) |
---|
834 | return 0; |
---|
835 | |
---|
836 | if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *)) |
---|
837 | printer(arg, " %s", ChapCodenames[code-1]); |
---|
838 | else |
---|
839 | printer(arg, " code=0x%x", code); |
---|
840 | printer(arg, " id=0x%x", id); |
---|
841 | len -= CHAP_HEADERLEN; |
---|
842 | switch (code) { |
---|
843 | case CHAP_CHALLENGE: |
---|
844 | case CHAP_RESPONSE: |
---|
845 | if (len < 1) |
---|
846 | break; |
---|
847 | clen = p[0]; |
---|
848 | if (len < clen + 1) |
---|
849 | break; |
---|
850 | ++p; |
---|
851 | nlen = len - clen - 1; |
---|
852 | printer(arg, " <"); |
---|
853 | for (; clen > 0; --clen) { |
---|
854 | GETCHAR(x, p); |
---|
855 | printer(arg, "%.2x", x); |
---|
856 | } |
---|
857 | printer(arg, ">, name = "); |
---|
858 | print_string((char *)p, nlen, printer, arg); |
---|
859 | break; |
---|
860 | case CHAP_FAILURE: |
---|
861 | case CHAP_SUCCESS: |
---|
862 | printer(arg, " "); |
---|
863 | print_string((char *)p, len, printer, arg); |
---|
864 | break; |
---|
865 | default: |
---|
866 | for (clen = len; clen > 0; --clen) { |
---|
867 | GETCHAR(x, p); |
---|
868 | printer(arg, " %.2x", x); |
---|
869 | } |
---|
870 | } |
---|
871 | return len + CHAP_HEADERLEN; |
---|
872 | } |
---|