pppd/chap.c

   1 /*
   2  * chap.c - Challenge Handshake Authentication Protocol.
   3  *
   4  * Copyright (c) 1993 The Australian National University.
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms are permitted
   8  * provided that the above copyright notice and this paragraph are
   9  * duplicated in all such forms and that any documentation,
  10  * advertising materials, and other materials related to such
  11  * distribution and use acknowledge that the software was developed
  12  * by the Australian National University.  The name of the University
  13  * may not be used to endorse or promote products derived from this
  14  * software without specific prior written permission.
  15  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  16  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  17  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  18  *
  19  * Copyright (c) 1991 Gregory M. Christy.
  20  * All rights reserved.
  21  *
  22  * Redistribution and use in source and binary forms are permitted
  23  * provided that the above copyright notice and this paragraph are
  24  * duplicated in all such forms and that any documentation,
  25  * advertising materials, and other materials related to such
  26  * distribution and use acknowledge that the software was developed
  27  * by Gregory M. Christy.  The name of the author may not be used to
  28  * endorse or promote products derived from this software without
  29  * specific prior written permission.
  30  *
  31  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  32  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  33  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  34  */
  35
  36 #ifndef lint
  37 static char rcsid[] = "$Id: chap.c,v 1.18 1999/03/12 06:07:15 paulus Exp $";
  38 #endif
  39
  40 /*
  41  * TODO:
  42  */
  43
  44 #include <stdio.h>
  45 #include <string.h>
  46 #include <sys/types.h>
  47 #include <sys/time.h>
  48 #include <syslog.h>
  49
  50 #include "pppd.h"
  51 #include "chap.h"
  52 #include "md5.h"
  53 #ifdef CHAPMS
  54 #include "chap_ms.h"
  55 #endif
  56
  57 /*
  58  * Command-line options.
  59  */
  60 static option_t chap_option_list[] = {
  61     { "chap-restart", o_int, &chap[0].timeouttime,
  62       "Set timeout for CHAP" },
  63     { "chap-max-challenge", o_int, &chap[0].max_transmits,
  64       "Set max #xmits for challenge" },
  65     { "chap-interval", o_int, &chap[0].chal_interval,
  66       "Set interval for rechallenge" },
  67 #ifdef MSLANMAN
  68     { "ms-lanman", o_bool, &ms_lanman,
  69       "Use LanMan passwd when using MS-CHAP", 1 },
  70 #endif
  71     { NULL }
  72 };
  73
  74 /*
  75  * Protocol entry points.
  76  */
  77 static void ChapInit __P((int));
  78 static void ChapLowerUp __P((int));
  79 static void ChapLowerDown __P((int));
  80 static void ChapInput __P((int, u_char *, int));
  81 static void ChapProtocolReject __P((int));
  82 static int  ChapPrintPkt __P((u_char *, int,
  83                               void (*) __P((void *, char *, ...)), void *));
  84
  85 struct protent chap_protent = {
  86     PPP_CHAP,
  87     ChapInit,
  88     ChapInput,
  89     ChapProtocolReject,
  90     ChapLowerUp,
  91     ChapLowerDown,
  92     NULL,
  93     NULL,
  94     ChapPrintPkt,
  95     NULL,
  96     1,
  97     "CHAP",
  98     chap_option_list,
  99     NULL,
 100     NULL,
 101     NULL
 102 };
 103
 104 chap_state chap[NUM_PPP];               /* CHAP state; one for each unit */
 105
 106 static void ChapChallengeTimeout __P((void *));
 107 static void ChapResponseTimeout __P((void *));
 108 static void ChapReceiveChallenge __P((chap_state *, u_char *, int, int));
 109 static void ChapRechallenge __P((void *));
 110 static void ChapReceiveResponse __P((chap_state *, u_char *, int, int));
 111 static void ChapReceiveSuccess __P((chap_state *, u_char *, int, int));
 112 static void ChapReceiveFailure __P((chap_state *, u_char *, int, int));
 113 static void ChapSendStatus __P((chap_state *, int));
 114 static void ChapSendChallenge __P((chap_state *));
 115 static void ChapSendResponse __P((chap_state *));
 116 static void ChapGenChallenge __P((chap_state *));
 117
 118 extern double drand48 __P((void));
 119 extern void srand48 __P((long));
 120
 121 /*
 122  * ChapInit - Initialize a CHAP unit.
 123  */
 124 static void
 125 ChapInit(unit)
 126     int unit;
 127 {
 128     chap_state *cstate = &chap[unit];
 129
 130     BZERO(cstate, sizeof(*cstate));
 131     cstate->unit = unit;
 132     cstate->clientstate = CHAPCS_INITIAL;
 133     cstate->serverstate = CHAPSS_INITIAL;
 134     cstate->timeouttime = CHAP_DEFTIMEOUT;
 135     cstate->max_transmits = CHAP_DEFTRANSMITS;
 136     /* random number generator is initialized in magic_init */
 137 }
 138
 139
 140 /*
 141  * ChapAuthWithPeer - Authenticate us with our peer (start client).
 142  *
 143  */
 144 void
 145 ChapAuthWithPeer(unit, our_name, digest)
 146     int unit;
 147     char *our_name;
 148     int digest;
 149 {
 150     chap_state *cstate = &chap[unit];
 151
 152     cstate->resp_name = our_name;
 153     cstate->resp_type = digest;
 154
 155     if (cstate->clientstate == CHAPCS_INITIAL ||
 156         cstate->clientstate == CHAPCS_PENDING) {
 157         /* lower layer isn't up - wait until later */
 158         cstate->clientstate = CHAPCS_PENDING;
 159         return;
 160     }
 161
 162     /*
 163      * We get here as a result of LCP coming up.
 164      * So even if CHAP was open before, we will
 165      * have to re-authenticate ourselves.
 166      */
 167     cstate->clientstate = CHAPCS_LISTEN;
 168 }
 169
 170
 171 /*
 172  * ChapAuthPeer - Authenticate our peer (start server).
 173  */
 174 void
 175 ChapAuthPeer(unit, our_name, digest)
 176     int unit;
 177     char *our_name;
 178     int digest;
 179 {
 180     chap_state *cstate = &chap[unit];
 181
 182     cstate->chal_name = our_name;
 183     cstate->chal_type = digest;
 184
 185     if (cstate->serverstate == CHAPSS_INITIAL ||
 186         cstate->serverstate == CHAPSS_PENDING) {
 187         /* lower layer isn't up - wait until later */
 188         cstate->serverstate = CHAPSS_PENDING;
 189         return;
 190     }
 191
 192     ChapGenChallenge(cstate);
 193     ChapSendChallenge(cstate);          /* crank it up dude! */
 194     cstate->serverstate = CHAPSS_INITIAL_CHAL;
 195 }
 196
 197
 198 /*
 199  * ChapChallengeTimeout - Timeout expired on sending challenge.
 200  */
 201 static void
 202 ChapChallengeTimeout(arg)
 203     void *arg;
 204 {
 205     chap_state *cstate = (chap_state *) arg;
 206
 207     /* if we aren't sending challenges, don't worry.  then again we */
 208     /* probably shouldn't be here either */
 209     if (cstate->serverstate != CHAPSS_INITIAL_CHAL &&
 210         cstate->serverstate != CHAPSS_RECHALLENGE)
 211         return;
 212
 213     if (cstate->chal_transmits >= cstate->max_transmits) {
 214         /* give up on peer */
 215         syslog(LOG_ERR, "Peer failed to respond to CHAP challenge");
 216         cstate->serverstate = CHAPSS_BADAUTH;
 217         auth_peer_fail(cstate->unit, PPP_CHAP);
 218         return;
 219     }
 220
 221     ChapSendChallenge(cstate);          /* Re-send challenge */
 222 }
 223
 224
 225 /*
 226  * ChapResponseTimeout - Timeout expired on sending response.
 227  */
 228 static void
 229 ChapResponseTimeout(arg)
 230     void *arg;
 231 {
 232     chap_state *cstate = (chap_state *) arg;
 233
 234     /* if we aren't sending a response, don't worry. */
 235     if (cstate->clientstate != CHAPCS_RESPONSE)
 236         return;
 237
 238     ChapSendResponse(cstate);           /* re-send response */
 239 }
 240
 241
 242 /*
 243  * ChapRechallenge - Time to challenge the peer again.
 244  */
 245 static void
 246 ChapRechallenge(arg)
 247     void *arg;
 248 {
 249     chap_state *cstate = (chap_state *) arg;
 250
 251     /* if we aren't sending a response, don't worry. */
 252     if (cstate->serverstate != CHAPSS_OPEN)
 253         return;
 254
 255     ChapGenChallenge(cstate);
 256     ChapSendChallenge(cstate);
 257     cstate->serverstate = CHAPSS_RECHALLENGE;
 258 }
 259
 260
 261 /*
 262  * ChapLowerUp - The lower layer is up.
 263  *
 264  * Start up if we have pending requests.
 265  */
 266 static void
 267 ChapLowerUp(unit)
 268     int unit;
 269 {
 270     chap_state *cstate = &chap[unit];
 271
 272     if (cstate->clientstate == CHAPCS_INITIAL)
 273         cstate->clientstate = CHAPCS_CLOSED;
 274     else if (cstate->clientstate == CHAPCS_PENDING)
 275         cstate->clientstate = CHAPCS_LISTEN;
 276
 277     if (cstate->serverstate == CHAPSS_INITIAL)
 278         cstate->serverstate = CHAPSS_CLOSED;
 279     else if (cstate->serverstate == CHAPSS_PENDING) {
 280         ChapGenChallenge(cstate);
 281         ChapSendChallenge(cstate);
 282         cstate->serverstate = CHAPSS_INITIAL_CHAL;
 283     }
 284 }
 285
 286
 287 /*
 288  * ChapLowerDown - The lower layer is down.
 289  *
 290  * Cancel all timeouts.
 291  */
 292 static void
 293 ChapLowerDown(unit)
 294     int unit;
 295 {
 296     chap_state *cstate = &chap[unit];
 297
 298     /* Timeout(s) pending?  Cancel if so. */
 299     if (cstate->serverstate == CHAPSS_INITIAL_CHAL ||
 300         cstate->serverstate == CHAPSS_RECHALLENGE)
 301         UNTIMEOUT(ChapChallengeTimeout, cstate);
 302     else if (cstate->serverstate == CHAPSS_OPEN
 303              && cstate->chal_interval != 0)
 304         UNTIMEOUT(ChapRechallenge, cstate);
 305     if (cstate->clientstate == CHAPCS_RESPONSE)
 306         UNTIMEOUT(ChapResponseTimeout, cstate);
 307
 308     cstate->clientstate = CHAPCS_INITIAL;
 309     cstate->serverstate = CHAPSS_INITIAL;
 310 }
 311
 312
 313 /*
 314  * ChapProtocolReject - Peer doesn't grok CHAP.
 315  */
 316 static void
 317 ChapProtocolReject(unit)
 318     int unit;
 319 {
 320     chap_state *cstate = &chap[unit];
 321
 322     if (cstate->serverstate != CHAPSS_INITIAL &&
 323         cstate->serverstate != CHAPSS_CLOSED)
 324         auth_peer_fail(unit, PPP_CHAP);
 325     if (cstate->clientstate != CHAPCS_INITIAL &&
 326         cstate->clientstate != CHAPCS_CLOSED)
 327         auth_withpeer_fail(unit, PPP_CHAP);
 328     ChapLowerDown(unit);                /* shutdown chap */
 329 }
 330
 331
 332 /*
 333  * ChapInput - Input CHAP packet.
 334  */
 335 static void
 336 ChapInput(unit, inpacket, packet_len)
 337     int unit;
 338     u_char *inpacket;
 339     int packet_len;
 340 {
 341     chap_state *cstate = &chap[unit];
 342     u_char *inp;
 343     u_char code, id;
 344     int len;
 345
 346     /*
 347      * Parse header (code, id and length).
 348      * If packet too short, drop it.
 349      */
 350     inp = inpacket;
 351     if (packet_len < CHAP_HEADERLEN) {
 352         CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short header."));
 353         return;
 354     }
 355     GETCHAR(code, inp);
 356     GETCHAR(id, inp);
 357     GETSHORT(len, inp);
 358     if (len < CHAP_HEADERLEN) {
 359         CHAPDEBUG((LOG_INFO, "ChapInput: rcvd illegal length."));
 360         return;
 361     }
 362     if (len > packet_len) {
 363         CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short packet."));
 364         return;
 365     }
 366     len -= CHAP_HEADERLEN;
 367
 368     /*
 369      * Action depends on code (as in fact it usually does :-).
 370      */
 371     switch (code) {
 372     case CHAP_CHALLENGE:
 373         ChapReceiveChallenge(cstate, inp, id, len);
 374         break;
 375
 376     case CHAP_RESPONSE:
 377         ChapReceiveResponse(cstate, inp, id, len);
 378         break;
 379
 380     case CHAP_FAILURE:
 381         ChapReceiveFailure(cstate, inp, id, len);
 382         break;
 383
 384     case CHAP_SUCCESS:
 385         ChapReceiveSuccess(cstate, inp, id, len);
 386         break;
 387
 388     default:                            /* Need code reject? */
 389         syslog(LOG_WARNING, "Unknown CHAP code (%d) received.", code);
 390         break;
 391     }
 392 }
 393
 394
 395 /*
 396  * ChapReceiveChallenge - Receive Challenge and send Response.
 397  */
 398 static void
 399 ChapReceiveChallenge(cstate, inp, id, len)
 400     chap_state *cstate;
 401     u_char *inp;
 402     int id;
 403     int len;
 404 {
 405     int rchallenge_len;
 406     u_char *rchallenge;
 407     int secret_len;
 408     char secret[MAXSECRETLEN];
 409     char rhostname[256];
 410     MD5_CTX mdContext;
 411     u_char hash[MD5_SIGNATURE_SIZE];
 412
 413     CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.", id));
 414     if (cstate->clientstate == CHAPCS_CLOSED ||
 415         cstate->clientstate == CHAPCS_PENDING) {
 416         CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: in state %d",
 417                    cstate->clientstate));
 418         return;
 419     }
 420
 421     if (len < 2) {
 422         CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet."));
 423         return;
 424     }
 425
 426     GETCHAR(rchallenge_len, inp);
 427     len -= sizeof (u_char) + rchallenge_len;    /* now name field length */
 428     if (len < 0) {
 429         CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet."));
 430         return;
 431     }
 432     rchallenge = inp;
 433     INCPTR(rchallenge_len, inp);
 434
 435     if (len >= sizeof(rhostname))
 436         len = sizeof(rhostname) - 1;
 437     BCOPY(inp, rhostname, len);
 438     rhostname[len] = '\000';
 439
 440     CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: received name field '%s'",
 441                rhostname));
 442
 443     /* Microsoft doesn't send their name back in the PPP packet */
 444     if (remote_name[0] != 0 && (explicit_remote || rhostname[0] == 0)) {
 445         strlcpy(rhostname, sizeof(rhostname), remote_name);
 446         CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: using '%s' as remote name",
 447                    rhostname));
 448     }
 449
 450     /* get secret for authenticating ourselves with the specified host */
 451     if (!get_secret(cstate->unit, cstate->resp_name, rhostname,
 452                     secret, &secret_len, 0)) {
 453         secret_len = 0;         /* assume null secret if can't find one */
 454         syslog(LOG_WARNING, "No CHAP secret found for authenticating us to %s",
 455                rhostname);
 456     }
 457
 458     /* cancel response send timeout if necessary */
 459     if (cstate->clientstate == CHAPCS_RESPONSE)
 460         UNTIMEOUT(ChapResponseTimeout, cstate);
 461
 462     cstate->resp_id = id;
 463     cstate->resp_transmits = 0;
 464
 465     /*  generate MD based on negotiated type */
 466     switch (cstate->resp_type) {
 467
 468     case CHAP_DIGEST_MD5:
 469         MD5Init(&mdContext);
 470         MD5Update(&mdContext, &cstate->resp_id, 1);
 471         MD5Update(&mdContext, secret, secret_len);
 472         MD5Update(&mdContext, rchallenge, rchallenge_len);
 473         MD5Final(hash, &mdContext);
 474         BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE);
 475         cstate->resp_length = MD5_SIGNATURE_SIZE;
 476         break;
 477
 478 #ifdef CHAPMS
 479     case CHAP_MICROSOFT:
 480         ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len);
 481         break;
 482 #endif
 483
 484     default:
 485         CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->resp_type));
 486         return;
 487     }
 488
 489     BZERO(secret, sizeof(secret));
 490     ChapSendResponse(cstate);
 491 }
 492
 493
 494 /*
 495  * ChapReceiveResponse - Receive and process response.
 496  */
 497 static void
 498 ChapReceiveResponse(cstate, inp, id, len)
 499     chap_state *cstate;
 500     u_char *inp;
 501     int id;
 502     int len;
 503 {
 504     u_char *remmd, remmd_len;
 505     int secret_len, old_state;
 506     int code;
 507     char rhostname[256];
 508     MD5_CTX mdContext;
 509     char secret[MAXSECRETLEN];
 510     u_char hash[MD5_SIGNATURE_SIZE];
 511
 512     CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.", id));
 513
 514     if (cstate->serverstate == CHAPSS_CLOSED ||
 515         cstate->serverstate == CHAPSS_PENDING) {
 516         CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: in state %d",
 517                    cstate->serverstate));
 518         return;
 519     }
 520
 521     if (id != cstate->chal_id)
 522         return;                 /* doesn't match ID of last challenge */
 523
 524     /*
 525      * If we have received a duplicate or bogus Response,
 526      * we have to send the same answer (Success/Failure)
 527      * as we did for the first Response we saw.
 528      */
 529     if (cstate->serverstate == CHAPSS_OPEN) {
 530         ChapSendStatus(cstate, CHAP_SUCCESS);
 531         return;
 532     }
 533     if (cstate->serverstate == CHAPSS_BADAUTH) {
 534         ChapSendStatus(cstate, CHAP_FAILURE);
 535         return;
 536     }
 537
 538     if (len < 2) {
 539         CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet."));
 540         return;
 541     }
 542     GETCHAR(remmd_len, inp);            /* get length of MD */
 543     remmd = inp;                        /* get pointer to MD */
 544     INCPTR(remmd_len, inp);
 545
 546     len -= sizeof (u_char) + remmd_len;
 547     if (len < 0) {
 548         CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet."));
 549         return;
 550     }
 551
 552     UNTIMEOUT(ChapChallengeTimeout, cstate);
 553
 554     if (len >= sizeof(rhostname))
 555         len = sizeof(rhostname) - 1;
 556     BCOPY(inp, rhostname, len);
 557     rhostname[len] = '\000';
 558
 559     CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: received name field: %s",
 560                rhostname));
 561
 562     /*
 563      * Get secret for authenticating them with us,
 564      * do the hash ourselves, and compare the result.
 565      */
 566     code = CHAP_FAILURE;
 567     if (!get_secret(cstate->unit, rhostname, cstate->chal_name,
 568                    secret, &secret_len, 1)) {
 569         syslog(LOG_WARNING, "No CHAP secret found for authenticating %s",
 570                rhostname);
 571     } else {
 572
 573         /*  generate MD based on negotiated type */
 574         switch (cstate->chal_type) {
 575
 576         case CHAP_DIGEST_MD5:           /* only MD5 is defined for now */
 577             if (remmd_len != MD5_SIGNATURE_SIZE)
 578                 break;                  /* it's not even the right length */
 579             MD5Init(&mdContext);
 580             MD5Update(&mdContext, &cstate->chal_id, 1);
 581             MD5Update(&mdContext, secret, secret_len);
 582             MD5Update(&mdContext, cstate->challenge, cstate->chal_len);
 583             MD5Final(hash, &mdContext);
 584
 585             /* compare local and remote MDs and send the appropriate status */
 586             if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0)
 587                 code = CHAP_SUCCESS;    /* they are the same! */
 588             break;
 589
 590         default:
 591             CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->chal_type));
 592         }
 593     }
 594
 595     BZERO(secret, sizeof(secret));
 596     ChapSendStatus(cstate, code);
 597
 598     if (code == CHAP_SUCCESS) {
 599         old_state = cstate->serverstate;
 600         cstate->serverstate = CHAPSS_OPEN;
 601         if (old_state == CHAPSS_INITIAL_CHAL) {
 602             auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len);
 603         }
 604         if (cstate->chal_interval != 0)
 605             TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval);
 606         syslog(LOG_NOTICE, "CHAP peer authentication succeeded for %s",
 607                rhostname);
 608
 609     } else {
 610         syslog(LOG_ERR, "CHAP peer authentication failed for remote host %s",
 611                rhostname);
 612         cstate->serverstate = CHAPSS_BADAUTH;
 613         auth_peer_fail(cstate->unit, PPP_CHAP);
 614     }
 615 }
 616
 617 /*
 618  * ChapReceiveSuccess - Receive Success
 619  */
 620 static void
 621 ChapReceiveSuccess(cstate, inp, id, len)
 622     chap_state *cstate;
 623     u_char *inp;
 624     u_char id;
 625     int len;
 626 {
 627
 628     CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: Rcvd id %d.", id));
 629
 630     if (cstate->clientstate == CHAPCS_OPEN)
 631         /* presumably an answer to a duplicate response */
 632         return;
 633
 634     if (cstate->clientstate != CHAPCS_RESPONSE) {
 635         /* don't know what this is */
 636         CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: in state %d\n",
 637                    cstate->clientstate));
 638         return;
 639     }
 640
 641     UNTIMEOUT(ChapResponseTimeout, cstate);
 642
 643     /*
 644      * Print message.
 645      */
 646     if (len > 0)
 647         PRINTMSG(inp, len);
 648
 649     cstate->clientstate = CHAPCS_OPEN;
 650
 651     auth_withpeer_success(cstate->unit, PPP_CHAP);
 652 }
 653
 654
 655 /*
 656  * ChapReceiveFailure - Receive failure.
 657  */
 658 static void
 659 ChapReceiveFailure(cstate, inp, id, len)
 660     chap_state *cstate;
 661     u_char *inp;
 662     u_char id;
 663     int len;
 664 {
 665     CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: Rcvd id %d.", id));
 666
 667     if (cstate->clientstate != CHAPCS_RESPONSE) {
 668         /* don't know what this is */
 669         CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: in state %d\n",
 670                    cstate->clientstate));
 671         return;
 672     }
 673
 674     UNTIMEOUT(ChapResponseTimeout, cstate);
 675
 676     /*
 677      * Print message.
 678      */
 679     if (len > 0)
 680         PRINTMSG(inp, len);
 681
 682     syslog(LOG_ERR, "CHAP authentication failed");
 683     auth_withpeer_fail(cstate->unit, PPP_CHAP);
 684 }
 685
 686
 687 /*
 688  * ChapSendChallenge - Send an Authenticate challenge.
 689  */
 690 static void
 691 ChapSendChallenge(cstate)
 692     chap_state *cstate;
 693 {
 694     u_char *outp;
 695     int chal_len, name_len;
 696     int outlen;
 697
 698     chal_len = cstate->chal_len;
 699     name_len = strlen(cstate->chal_name);
 700     outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len;
 701     outp = outpacket_buf;
 702
 703     MAKEHEADER(outp, PPP_CHAP);         /* paste in a CHAP header */
 704
 705     PUTCHAR(CHAP_CHALLENGE, outp);
 706     PUTCHAR(cstate->chal_id, outp);
 707     PUTSHORT(outlen, outp);
 708
 709     PUTCHAR(chal_len, outp);            /* put length of challenge */
 710     BCOPY(cstate->challenge, outp, chal_len);
 711     INCPTR(chal_len, outp);
 712
 713     BCOPY(cstate->chal_name, outp, name_len);   /* append hostname */
 714
 715     output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
 716
 717     CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.", cstate->chal_id));
 718
 719     TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime);
 720     ++cstate->chal_transmits;
 721 }
 722
 723
 724 /*
 725  * ChapSendStatus - Send a status response (ack or nak).
 726  */
 727 static void
 728 ChapSendStatus(cstate, code)
 729     chap_state *cstate;
 730     int code;
 731 {
 732     u_char *outp;
 733     int outlen, msglen;
 734     char msg[256];
 735
 736     if (code == CHAP_SUCCESS)
 737         sprintf(msg, "Welcome to %s.", hostname);
 738     else
 739         sprintf(msg, "I don't like you.  Go 'way.");
 740     msglen = strlen(msg);
 741
 742     outlen = CHAP_HEADERLEN + msglen;
 743     outp = outpacket_buf;
 744
 745     MAKEHEADER(outp, PPP_CHAP); /* paste in a header */
 746
 747     PUTCHAR(code, outp);
 748     PUTCHAR(cstate->chal_id, outp);
 749     PUTSHORT(outlen, outp);
 750     BCOPY(msg, outp, msglen);
 751     output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
 752
 753     CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.", code,
 754                cstate->chal_id));
 755 }
 756
 757 /*
 758  * ChapGenChallenge is used to generate a pseudo-random challenge string of
 759  * a pseudo-random length between min_len and max_len.  The challenge
 760  * string and its length are stored in *cstate, and various other fields of
 761  * *cstate are initialized.
 762  */
 763
 764 static void
 765 ChapGenChallenge(cstate)
 766     chap_state *cstate;
 767 {
 768     int chal_len;
 769     u_char *ptr = cstate->challenge;
 770     unsigned int i;
 771
 772     /* pick a random challenge length between MIN_CHALLENGE_LENGTH and
 773        MAX_CHALLENGE_LENGTH */
 774     chal_len =  (unsigned) ((drand48() *
 775                              (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) +
 776                             MIN_CHALLENGE_LENGTH);
 777     cstate->chal_len = chal_len;
 778     cstate->chal_id = ++cstate->id;
 779     cstate->chal_transmits = 0;
 780
 781     /* generate a random string */
 782     for (i = 0; i < chal_len; i++ )
 783         *ptr++ = (char) (drand48() * 0xff);
 784 }
 785
 786 /*
 787  * ChapSendResponse - send a response packet with values as specified
 788  * in *cstate.
 789  */
 790 /* ARGSUSED */
 791 static void
 792 ChapSendResponse(cstate)
 793     chap_state *cstate;
 794 {
 795     u_char *outp;
 796     int outlen, md_len, name_len;
 797
 798     md_len = cstate->resp_length;
 799     name_len = strlen(cstate->resp_name);
 800     outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len;
 801     outp = outpacket_buf;
 802
 803     MAKEHEADER(outp, PPP_CHAP);
 804
 805     PUTCHAR(CHAP_RESPONSE, outp);       /* we are a response */
 806     PUTCHAR(cstate->resp_id, outp);     /* copy id from challenge packet */
 807     PUTSHORT(outlen, outp);             /* packet length */
 808
 809     PUTCHAR(md_len, outp);              /* length of MD */
 810     BCOPY(cstate->response, outp, md_len);      /* copy MD to buffer */
 811     INCPTR(md_len, outp);
 812
 813     BCOPY(cstate->resp_name, outp, name_len); /* append our name */
 814
 815     /* send the packet */
 816     output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
 817
 818     cstate->clientstate = CHAPCS_RESPONSE;
 819     TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime);
 820     ++cstate->resp_transmits;
 821 }
 822
 823 /*
 824  * ChapPrintPkt - print the contents of a CHAP packet.
 825  */
 826 static char *ChapCodenames[] = {
 827     "Challenge", "Response", "Success", "Failure"
 828 };
 829
 830 static int
 831 ChapPrintPkt(p, plen, printer, arg)
 832     u_char *p;
 833     int plen;
 834     void (*printer) __P((void *, char *, ...));
 835     void *arg;
 836 {
 837     int code, id, len;
 838     int clen, nlen;
 839     u_char x;
 840
 841     if (plen < CHAP_HEADERLEN)
 842         return 0;
 843     GETCHAR(code, p);
 844     GETCHAR(id, p);
 845     GETSHORT(len, p);
 846     if (len < CHAP_HEADERLEN || len > plen)
 847         return 0;
 848
 849     if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *))
 850         printer(arg, " %s", ChapCodenames[code-1]);
 851     else
 852         printer(arg, " code=0x%x", code);
 853     printer(arg, " id=0x%x", id);
 854     len -= CHAP_HEADERLEN;
 855     switch (code) {
 856     case CHAP_CHALLENGE:
 857     case CHAP_RESPONSE:
 858         if (len < 1)
 859             break;
 860         clen = p[0];
 861         if (len < clen + 1)
 862             break;
 863         ++p;
 864         nlen = len - clen - 1;
 865         printer(arg, " <");
 866         for (; clen > 0; --clen) {
 867             GETCHAR(x, p);
 868             printer(arg, "%.2x", x);
 869         }
 870         printer(arg, ">, name = ");
 871         print_string((char *)p, nlen, printer, arg);
 872         break;
 873     case CHAP_FAILURE:
 874     case CHAP_SUCCESS:
 875         printer(arg, " ");
 876         print_string((char *)p, len, printer, arg);
 877         break;
 878     default:
 879         for (clen = len; clen > 0; --clen) {
 880             GETCHAR(x, p);
 881             printer(arg, " %.2x", x);
 882         }
 883     }
 884
 885     return len + CHAP_HEADERLEN;
 886 }