X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fchap.h;h=0e4cae122497f613b2f654d5c1fadbfdace47866;hb=39c06d616dd4c9443ed390969e58cd53ca1e314d;hp=682ecb864d170e6b66e5dccdfd10b521d3dcbe3a;hpb=f1085e1db51d5fc24764f1e1a9f0101e86bf7ca0;p=ppp.git diff --git a/pppd/chap.h b/pppd/chap.h index 682ecb8..0e4cae1 100644 --- a/pppd/chap.h +++ b/pppd/chap.h @@ -1,5 +1,36 @@ /* - * chap.h - Cryptographic Handshake Authentication Protocol definitions. + * chap.h - Challenge Handshake Authentication Protocol definitions. + * + * Copyright (c) 1993-2002 Paul Mackerras. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 4. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Paul Mackerras + * ". + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * Copyright (c) 1991 Gregory M. Christy * All rights reserved. @@ -15,7 +46,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: chap.h,v 1.2 1994/04/11 07:13:44 paulus Exp $ + * $Id: chap.h,v 1.15 2002/12/04 23:03:32 paulus Exp $ */ #ifndef __CHAP_INCLUDE__ @@ -29,6 +60,48 @@ #define CHAP_DIGEST_MD5 5 /* use MD5 algorithm */ #define MD5_SIGNATURE_SIZE 16 /* 16 bytes in a MD5 message digest */ +#define CHAP_MICROSOFT 0x80 /* use Microsoft-compatible alg. */ +#define CHAP_MICROSOFT_V2 0x81 /* use Microsoft-compatible alg. */ + +/* + * Digest type and selection. + */ + +/* bitmask of supported algorithms */ +#define MDTYPE_MICROSOFT_V2 0x1 +#define MDTYPE_MICROSOFT 0x2 +#define MDTYPE_MD5 0x4 + +#ifdef CHAPMS +#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5) +#else +#define MDTYPE_ALL (MDTYPE_MD5) +#endif +#define MDTYPE_NONE 0 + +/* Return the digest alg. ID for the most preferred digest type. */ +#define CHAP_DIGEST(mdtype) \ + ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \ + ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \ + ((mdtype) & MDTYPE_MD5)? CHAP_DIGEST_MD5: \ + 0 + +/* Return the bit flag (lsb set) for our most preferred digest type. */ +#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype) + +/* Return the bit flag for a given digest algorithm ID. */ +#define CHAP_MDTYPE_D(digest) \ + ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \ + ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \ + ((digest) == CHAP_DIGEST_MD5)? MDTYPE_MD5: \ + 0 + +/* Can we do the requested digest? */ +#define CHAP_CANDIGEST(mdtype, digest) \ + ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \ + ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \ + ((digest) == CHAP_DIGEST_MD5)? (mdtype) & MDTYPE_MD5: \ + 0 #define CHAP_CHALLENGE 1 #define CHAP_RESPONSE 2 @@ -38,9 +111,11 @@ /* * Challenge lengths (for challenges we send) and other limits. */ -#define MIN_CHALLENGE_LENGTH 32 -#define MAX_CHALLENGE_LENGTH 64 -#define MAX_RESPONSE_LENGTH 16 /* sufficient for MD5 */ +#define MIN_CHALLENGE_LENGTH 16 +#define MAX_CHALLENGE_LENGTH 24 /* sufficient for MS-CHAP Peer Chal. */ +#define MAX_RESPONSE_LENGTH 64 /* sufficient for MD5 or MS-CHAP */ +#define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */ + /* as ASCII */ /* * Each interface is described by a chap structure. @@ -62,12 +137,19 @@ typedef struct chap_state { int chal_transmits; /* Number of transmissions of challenge */ int resp_transmits; /* Number of transmissions of response */ u_char response[MAX_RESPONSE_LENGTH]; /* Response to send */ + char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; /* Auth response to send */ + char earesponse[MS_AUTH_RESPONSE_LENGTH+1]; /* Auth response expected */ + /* +1 for null terminator */ + u_char resp_flags; /* flags from MS-CHAPv2 auth response */ u_char resp_length; /* length of response */ u_char resp_id; /* ID for response messages */ u_char resp_type; /* hash algorithm for responses */ char *resp_name; /* Our name to send with response */ } chap_state; +/* We need the declaration of chap_state to use this prototype */ +extern int (*chap_auth_hook) __P((char *user, u_char *remmd, + int remmd_len, chap_state *cstate)); /* * Client (peer) states. @@ -98,15 +180,10 @@ typedef struct chap_state { extern chap_state chap[]; -void ChapInit __ARGS((int)); -void ChapAuthWithPeer __ARGS((int, char *, int)); -void ChapAuthPeer __ARGS((int, char *, int)); -void ChapLowerUp __ARGS((int)); -void ChapLowerDown __ARGS((int)); -void ChapInput __ARGS((int, u_char *, int)); -void ChapProtocolReject __ARGS((int)); -int ChapPrintPkt __ARGS((u_char *, int, - void (*) __ARGS((void *, char *, ...)), void *)); +void ChapAuthWithPeer __P((int, char *, int)); +void ChapAuthPeer __P((int, char *, int)); + +extern struct protent chap_protent; #define __CHAP_INCLUDE__ #endif /* __CHAP_INCLUDE__ */