2 * chap-new.c - New CHAP implementation.
4 * Copyright (c) 2003 Paul Mackerras. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. The name(s) of the authors of this software must not be used to
14 * endorse or promote products derived from this software without
15 * prior written permission.
17 * 3. Redistributions of any form whatsoever must retain the following
19 * "This product includes software developed by Paul Mackerras
20 * <paulus@ozlabs.org>".
22 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
23 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
24 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
25 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
26 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
27 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
28 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
31 #ifndef PPP_CHAP_NEW_H
32 #define PPP_CHAP_NEW_H
41 * CHAP packets begin with a standard header with code, id, len (2 bytes).
46 * Values for the code field.
48 #define CHAP_CHALLENGE 1
49 #define CHAP_RESPONSE 2
50 #define CHAP_SUCCESS 3
51 #define CHAP_FAILURE 4
57 #define CHAP_MICROSOFT 0x80
58 #define CHAP_MICROSOFT_V2 0x81
61 * Semi-arbitrary limits on challenge and response fields.
63 #define MAX_CHALLENGE_LEN 64
64 #define MAX_RESPONSE_LEN 64
66 /* bitmask of supported algorithms */
67 #define MDTYPE_MICROSOFT_V2 0x1
68 #define MDTYPE_MICROSOFT 0x2
69 #define MDTYPE_MD5 0x4
72 /* hashes supported by this instance of pppd */
73 extern int chap_mdtype_all;
75 /* Return the digest alg. ID for the most preferred digest type. */
76 #define CHAP_DIGEST(mdtype) \
77 ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
78 ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
79 ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
82 /* Return the bit flag (lsb set) for our most preferred digest type. */
83 #define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
85 /* Return the bit flag for a given digest algorithm ID. */
86 #define CHAP_MDTYPE_D(digest) \
87 ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
88 ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
89 ((digest) == CHAP_MD5)? MDTYPE_MD5: \
92 /* Can we do the requested digest? */
93 #define CHAP_CANDIGEST(mdtype, digest) \
94 ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
95 ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
96 ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
101 * The code for each digest type has to supply one of these.
103 struct chap_digest_type {
107 * Note: challenge and response arguments below are formatted as
108 * a length byte followed by the actual challenge/response data.
110 void (*generate_challenge)(unsigned char *challenge);
111 int (*verify_response)(int id, char *name,
112 unsigned char *secret, int secret_len,
113 unsigned char *challenge, unsigned char *response,
114 char *message, int message_space);
115 void (*make_response)(unsigned char *response, int id, char *our_name,
116 unsigned char *challenge, char *secret, int secret_len,
117 unsigned char *priv);
118 int (*check_success)(int id, unsigned char *pkt, int len);
119 void (*handle_failure)(unsigned char *pkt, int len);
121 struct chap_digest_type *next;
125 * This function will return a value of 1 to indicate that a plugin intend to supply
126 * a username or a password to pppd through the chap_passwd_hook callback.
128 * Return a value > 0 to avoid parsing the chap-secrets file.
130 typedef int (chap_check_hook_fn)(void);
131 extern chap_check_hook_fn *chap_check_hook;
134 * A plugin can chose to supply its own user and password overriding whatever
135 * has been provided by the configuration. Hook is only valid when pppd is
136 * acting as a client.
138 * The maximum size of the user argument is always MAXNAMELEN
139 * The length of the password is always MAXWORDLEN, however; secrets can't be
140 * longer than MAXSECRETLEN
142 * Return a value < 0 to fail the connection.
144 typedef int (chap_passwd_hook_fn)(char *user, char *password);
145 extern chap_passwd_hook_fn *chap_passwd_hook;
148 * A plugin can chose to replace the default chap_verify_response function with
151 typedef int (chap_verify_hook_fn)(char *name, char *ourname, int id,
152 struct chap_digest_type *digest,
153 unsigned char *challenge, unsigned char *response,
154 char *message, int message_space);
155 extern chap_verify_hook_fn *chap_verify_hook;
157 /* Called by digest code to register a digest type */
158 extern void chap_register_digest(struct chap_digest_type *);
160 /* Lookup a digest handler by type */
161 extern struct chap_digest_type *chap_find_digest(int digest_code);
163 /* Called by authentication code to start authenticating the peer. */
164 extern void chap_auth_peer(int unit, char *our_name, int digest_code);
166 /* Called by auth. code to start authenticating us to the peer. */
167 extern void chap_auth_with_peer(int unit, char *our_name, int digest_code);
169 /* Represents the CHAP protocol to the main pppd code */
170 extern struct protent chap_protent;
176 #endif // PPP_CHAP_NEW_H